The Badge Archive

City Cyber Attack Ransom

To be used in the Cyber Attack Dice Scenario

Sample Ransom Note

Attention City Officials:
Your systems have been compromised in a cyberattack. Access to key data and functionality has been disabled, and further disruptions may occur. If you want to regain control of your systems and prevent additional damage, you must comply with our demands.

We are requesting payment in Bitcoin to deliver the access codes needed to restore your systems. You have 5 minutes to decide. Failure to act will result in permanent loss of data and escalation of the attack.

The choice is yours.

City Opinions

Eight People in the city have given their opinions. Use them to help determine whether to pay the ransom or not.

  1. Person 1: Paying the hackers will give them more resources to commit future crimes and strengthen their attacks.
  2. Person 2: The encrypted data is highly valuable, and paying the ransom may cost far less than recovering and rebuilding systems independently.
  3. Person 3: Some ransomware has coding errors, meaning paying might not decrypt the data, leaving it inaccessible indefinitely.
  4. Person 4: The attacker’s main goal might only be to scare victims, and paying doesn’t guarantee data recovery—statistics show only 19% of victims regain access.
  5. Person 5: Much of the city’s data is confidential, and paying the ransom may be the only way to regain control of sensitive information.
  6. Person 6: If the breach becomes public knowledge, the city could face lawsuits or fines. Paying the ransom might help keep the incident private.
  7. Person 7: Cybercriminals prefer Bitcoin because it’s hard to trace, so even if the ransom is paid, it won’t guarantee the money can be retrieved.
  8. Person 8: Without reliable backups of the data, there’s no way to know if recovery is possible without paying the ransom.

Consequences

Do not give the consequence messages to the scouts until they have made their decision.

Pay the Ransom:

Your team has decided to pay the ransom in Bitcoin to regain control of the affected systems. However, when the city attempted to pay, the attackers disappeared, taking down their communication portal and rendering payment impossible. Without the decryption key, a cybersecurity firm is hired to recover as much data and functionality as possible. This process is expensive, time-consuming, and leaves the city vulnerable during the recovery period.

Priorities Moving Forward:

  • Investigate who carried out the attack.
  • Determine how the breach occurred.
  • Strengthen systems to prevent future attacks.

Don’t Pay the Ransom:

Your team has decided not to pay the ransom, which means the city cannot gain access to the encryption key required to restore systems. Recovery efforts are carried out by a cybersecurity firm, but this process takes months, costs significant resources, and may not fully restore all systems. In the meantime, departments struggle with limited access, prolonging the impacts of the attack.

Priorities Moving Forward:

  • Investigate who carried out the attack.
  • Determine how the breach occurred.
  • Strengthen systems to prevent future attacks.
Tia Kennard