The Badge Archive

Fulfills Step 3 of GSUSA Ambassador Cybersecurity Investigator badge requirements.

Info Needed for the badge requirements: Cyberattacks can leave victims with a difficult decision: whether to pay a ransom or attempt recovery through other means. Ransoms are frequently demanded in cryptocurrencies like Bitcoin, which are stored on a public ledger called a blockchain and valued for their anonymity and untraceable nature. Paying a ransom carries significant risks: A) It doesn’t guarantee that access to data will be restored. B) It may fund illegal activities or support future cybercrimes. C) It can encourage attackers to continue using these methods against others. Choosing not to pay also has challenges: A) Recovering data without the encryption key can be costly and time-intensive. B) There is no certainty that all data can be restored. When facing a cyberattack, individuals and organizations must carefully consider these pros and cons. The decision requires weighing immediate needs against long-term risks.

Items Needed

• Briefing Card #3 from VTK Briefing Cards 1-5 by GSUSA (print and cut out ahead of time)
• VTK Ransom Cards by GSUSA
• Prepare Ahead: Place Briefing Card #4 from VTK Briefing Cards 1-5 by GSUSA inside an envelope labeled “Pay the ransom” and seal it.
• Prepare Ahead: Place Briefing Card #5 from VTK Briefing Cards 1-5 by GSUSA  inside an envelope labeled “Do not pay the ransom” and seal it.

Instructions

1. The city is facing a ransomware attack that has locked access to data across departments. The attackers are demanding payment in Bitcoin to restore access. With only 20 minutes to decide, department heads must share their opinions on whether to pay the ransom, offering their reasons. After a group discussion and debate, the final decision will be made.
2. Give the scout playing the mayor from Steps One and Two Briefing Card #3. The mayor gathers all departments and reads the information on the card aloud.
3. The city has been hit by a ransomware attack. This malware locks access to data and demands payment to restore it. The attackers want the city to pay a Bitcoin ransom. (Optional) The note says 20 minutes, but you can give only 10 minutes for the scouts to decide.
4. 2 minutes in, share the “Things to Know” about Bitcoin (see below). Scouts debate the pros and cons of paying the ransom as a large group for about 5 minutes.
5. 5 minutes in, randomly distribute the Ransom Cards. Each card provides new facts or considerations for the decision. Scouts continue the debate, using these new points to strengthen their arguments.
6. The mayor listens to the discussion and decides whether the city should pay the ransom or not. Hand the mayor the envelope that matches their decision (“Pay the ransom” or “Do not pay the ransom”). The mayor opens the envelope and reads the outcome from the Briefing Card inside.

Bitcoin Things to Know

• Bitcoin is a cryptocurrency used for digital transactions. It is recorded on a public ledger called a blockchain.
• Cybercriminals favor cryptocurrencies like Bitcoin because they can remain anonymous and untraceable.
• Paying a ransom is risky. It doesn’t guarantee data recovery and may fund illegal activities.
• Organizations must weigh the cost and risks of paying a ransom versus trying to recover data another way.