This session examines ransomware as a significant security challenge that affects organisations, governments, and critical infrastructure. We trace its evolution from relatively simple criminal activity to a scalable and professionalised extortion model. We explore how ransomware operations function in practice: how groups organise themselves, how they establish credibility to make extortion viable, and why engagement may sometimes appear rational to victims operating under time pressure and uncertainty. We also examine how incidents and negotiations tend to unfold, highlighting recurring patterns as well as variation across cases. The session concludes with lessons for policy and practice, emphasising that ransomware is not only a technical problem but also a governance and resilience challenge. Preparedness, decision-making structures, and coordinated disruption efforts all influence outcomes.
This session will be held in English. Sign up here.
Difficulty level: 2/5
