top of page
Abstract Blue Light
Certified Ransomware Negotiator (CRN-903)
24.png

Target Students​

Cybersecurity professionals, incident responders, legal advisors, and crisis managers responsible for handling ransomware attacks, negotiating with threat actors, and ensuring the protection and recovery of organizational assets.

Duration :  40 hours (5 days)
Learning Objectives

-Master the skills required to negotiate with ransomware attackers effectively.

-Understand the legal, ethical, and procedural aspects of ransomware negotiations.

-Learn to assess the severity of ransomware attacks and develop appropriate response   strategies.

-Develop skills in managing communications with threat actors and stakeholders.

-Prepare for handling real-world ransomware incidents and ensuring business continuity.

Exam Codes: CRN-903
Exam Formats
 

100 multiple-choice questions

Exam Options
 

Online

In-Person

Exam Duration: 2 hours
Passing Score​: 70% 

Course Outline

Foundations of Ransomware Negotiation
Module 1: Introduction to Ransomware

  • Understanding Ransomware

  • Overview of Ransomware: History, Evolution, and Types

  • Anatomy of a Ransomware Attack: Infection Vectors, Encryption, and Extortion

  • The Current Ransomware Landscape: Key Players, Motivations, and Trends

  • Ransomware Economics

  • The Economics of Ransomware: Cryptocurrency, Ransom Payments, and Marketplaces

  • Understanding the Financial Impact of Ransomware on Organizations

  • Case Study: High-Profile Ransomware Attacks and Their Consequences

Module 2: Legal and Ethical Considerations

  • Legal Aspects of Ransomware Negotiation

  • Overview of Global Legal Frameworks: Data Protection Laws, Cybercrime Legislation

  • Legal Risks in Ransomware Negotiations: Liability, Compliance, and Reporting Requirements

  • Case Study: Legal Implications of Paying Ransoms

  • Ethical Considerations

  • Ethical Dilemmas in Ransomware Negotiations: To Pay or Not to Pay?

  • Balancing Business Continuity with Ethical Responsibilities

  • Case Study: Ethical Decision-Making in Ransomware Scenarios

Negotiation Strategies and Techniques
Module 3: Crisis Management and Communication

  • Developing a Ransomware Response Plan

  • Key Components of a Ransomware Response Plan: Preparation, Detection, Containment, Eradication, Recovery

  • Incident Response Team Roles and Responsibilities

  • Best Practices for Effective Crisis Management

  • Communication Strategies

  • Managing Communications with Threat Actors: Establishing Contact, Negotiation Channels

  • Communicating with Internal Stakeholders: Board Members, Legal Counsel, IT Teams

  • Case Study: Managing Communications During a Ransomware Attack

Module 4: Negotiation Tactics

  • Principles of Negotiation

  • Understanding the Psychology of Negotiation: Motivations, Leverage, and Power Dynamics

  • Key Negotiation Tactics: Building Rapport, Anchoring, Concessions, and Deadlines

  • Case Study: Applying Negotiation Tactics in a Ransomware Scenario

  • Simulating Negotiations

  • Role-Playing Ransomware Negotiations: Simulating Interactions with Threat Actors

  • Analyzing Negotiation Outcomes: Successes, Failures, and Lessons Learned

  • Case Study: Successful Ransomware Negotiations and Their Impact

Ransomware Risk Assessment and Decision-Making
Module 5: Assessing the Impact of Ransomware

  • Severity Assessment

  • Evaluating the Severity of a Ransomware Attack: Scope, Impact, and Recovery Potential

  • Conducting a Risk Assessment: Business Impact Analysis, Data Sensitivity, and System Dependencies

  • Case Study: Assessing the Severity of a Ransomware Attack on Critical Infrastructure

  • Decision-Making in Ransomware Incidents

  • Making Informed Decisions: Pay, Delay, or Refuse?

  • Weighing the Risks and Benefits of Different Response Options

  • Case Study: Decision-Making in a High-Stakes Ransomware Incident

Module 6: Incident Response and Forensic Analysis

  • Forensic Analysis of Ransomware Attack

  • Techniques for Investigating Ransomware Infections: Identifyingthe Entry Point, Analyzing Malware Behavior

  • Collecting and Preserving Evidence for Legal and Regulatory Compliance

  • Case Study: Conducting a Forensic Investigation After a Ransomware Attack

  • Post-Incident Response

  • Steps for Recovery: Decryption, Data Restoration, System Rebuilds

  • Implementing Lessons Learned: Strengthening Defenses, Updating Response Plans

  • Case Study: Post-Incident Response in a Complex Ransomware Attack

Advanced Ransomware Negotiation Techniques
Module 7: Advanced Negotiation Techniques

  • Psychological Techniques in Ransomware Negotiation

  • Applying Psychological Principles to Influence Threat Actors

  • Managing High-Stress Negotiations: Techniques for Maintaining Composure and Control

  • Case Study: Psychological Manipulation in High-Stakes Negotiations

  • Building a Negotiation Playbook

  • Developing a Structured Approach to Ransomware Negotiation: Pre-Negotiation, Engagement, Closing

  • Customizing Playbooks for Different Scenarios: High-Risk vs. Low-Risk Incidents

  • Case Study: Creating a Negotiation Playbook for a Global Organization

Module 8: Ransom Payment and Cryptocurrency Management

  • Understanding Cryptocurrency

  • Overview of Cryptocurrencies: Bitcoin, Monero, and Their Role in Ransom Payments

  • Managing Cryptocurrency Transactions: Wallets, Exchanges, and Anonymity

  • Case Study: Handling a Ransom Payment in Cryptocurrency

  • Negotiating Payment Terms

  • Negotiating Payment Schedules, Amounts, and Proof-of-Life for Decryption Keys

  • Managing the Risk of Non-Delivery: Escrow Services, Payment Delays, and Verification

  • Case Study: Negotiating Ransom Payments to Minimize Risk

Day 5: Practical Application and Capstone Project
Module 9: : Simulated Ransomware Negotiation

  • End-to-End Ransomware Negotiation Simulation

  • Participants Execute a Full Ransomware Negotiation: Crisis Management, Communication, Negotiation, and Payment

  • Real-World Scenario Simulation: Negotiating with a Sophisticated Ransomware Group

  • Peer Review and Instructor Feedback on Negotiation Performance

  • Advanced Ransomware Techniques

  • Exploring Emerging Ransomware Trends: Double Extortion, Ransomware-as-a-Service (RaaS), and AI-Driven Attacks

  • Case Study: Addressing Advanced Ransomware Tactics in a Live Negotiation Exercise

Module 10: Capstone Project and Exam Preparation

  • Capstone Project

  • Participants Work on a Comprehensive Capstone Project that Encapsulates All Skills Learned Throughout the Course
    Focus on Real-World Application, Reporting, and Analysis
    Peer Review and Presentation of Capstone Project

  • Exam Preparation and Review

  • Review of Key Concepts and Techniques Covered During the Course

  • Sample Exam Questions and Group Discussions

  • Final Q&A Session and Wrap-Up

bottom of page