Ransomware

Objectives:
Attackers: Execute a ransomware attack on TechNova Corp by infiltrating their network, deploying the ransomware, and demanding a ransom.
Defenders: Detect, respond, and recover from the ransomware attack while minimizing damage and restoring operations without paying the ransom.
Game Setup:
Players:

One player takes the role of the Attacker.
One player takes the role of the Defender.
Deck Composition:

Each player has a deck of 60 cards.
Attacker's Deck: Composed of reconnaissance, malware deployment, and persistence cards.
Defender's Deck: Composed of detection, response, and recovery cards, including backup solutions and threat hunting tools.
Starting Hands:

Both players draw 7 cards to start.
Players can mulligan once if they are not satisfied with their starting hand.
Gameplay Phases:
Attackers:
Recon Phase:

Perform reconnaissance to gather information about TechNova Corp's network.
Use cards like "Phishing Emails," "Network Scanning," and "Spear Phishing" to identify vulnerabilities.
Attack Phase:

Deploy the ransomware using cards like "Exploit Vulnerability," "Malware Injection," and "Ransomware Deployment."
Overcome defensive measures with cards such as "Bypass Firewall" and "Privilege Escalation."
Pivot/Persistence Phase:

Establish persistence to maintain access and spread the ransomware.
Use cards like "Lateral Movement," "Command and Control," and "Data Exfiltration."
Defenders:
Detection Phase:

Identify and detect the ransomware attack early.
Use cards like "Intrusion Detection System (IDS)," "Security Information and Event Management (SIEM)," and "Threat Hunting."
Response Phase:

Respond to the attack by isolating affected systems and mitigating the spread.
Use cards such as "Endpoint Detection and Response (EDR)," "Network Segmentation," and "Incident Response Team (IRT)."
Recovery/Reinforce Phase:

Recover from the attack and reinforce defenses to prevent future incidents.
Use cards like "Data Backup and Recovery," "Patch Management," and "User Awareness Training."
Example Cards:
Attacker Cards:
Phishing Email:

Type: Recon
Effect: Gain information about the target's network. Allows the attacker to draw 2 cards.
Ransomware Deployment:

Type: Attack
Effect: Deploy ransomware on the target's system. If successful, the defender must discard 2 cards from their hand.
Command and Control:

Type: Pivot/Persistence
Effect: Establish a command and control channel. The attacker can play an additional attack card in the next turn.
Defender Cards:
Intrusion Detection System (IDS):

Type: Detection
Effect: Detect malicious activities. Allows the defender to reveal the attacker's hand and discard one card.
Incident Response Team (IRT):

Type: Response
Effect: Isolate affected systems and mitigate the spread. The attacker cannot play any attack cards in the next turn.
Data Backup and Recovery:

Type: Recovery/Reinforce
Effect: Recover encrypted data from backups. Restore 2 discarded cards to the defender's hand.
Victory Conditions:
Attacker Wins: If the attacker successfully deploys ransomware and the defender fails to mitigate the attack, leading to significant operational disruption and ransom payment.
Defender Wins: If the defender successfully detects, responds, and recovers from the ransomware attack without paying the ransom and restoring full operations.
Campaign Notes:
Encourage players to think strategically about their card plays, considering the timing and combination of their moves.
Incorporate real-world cybersecurity principles and best practices to make the game both educational and engaging.
Provide a debrief after the game, discussing the tactics used and lessons learned, to reinforce the training aspect of the campaign.