R01 — Ransomware

Q: How do security teams mitigate Ransomware?

In CISO Game, Ransomware is reduced by Recovery (30%), Prevention (25%), Detection (20%), Awareness (15%) subscores. Real-world programs use the same control families, with category investments such as Basic EDR (entry-level prevention), Mid-Tier EDR (industry standard), Premium XDR (full endpoint+identity).

Q: Why does Ransomware matter to a CISO?

Severity 10 (Catastrophic). Ransomware is the case study every modern CISO is measured against. Real-world incidents — Colonial Pipeline, Change Healthcare, MGM Resorts — moved markets, regulators, and ransomware-payment policy itself. The technical playbook (initial access via phishing or RDP, privilege escalation, lateral movement, backup destruction, ransom note) is well-documented; the strategic playbook is what CISO Game actually drills. Detection is necessary but insufficient; without tested immutable backups and a rehearsed IR retainer, every confirmed encryption event becomes a ransom decision the board has to make under deal pressure.

Stress-test Ransomware in the Healthcare ransomware year scenario Ransomware is hitting peers monthly. HIPAA is on the line.

Start playing →

R01 External Severity 10 · Catastrophic

Adversary encrypts (and increasingly exfiltrates+leaks) data, demanding payment to decrypt or suppress disclosure. Layered defense: prevention (EDR, email, patching) to block initial entry, detection to catch the staging phase, awareness to reduce phishing-driven foothold, and recovery (immutable backups, tested DR) to refuse the ransom. Residual remains because human-operated ransomware adapts faster than any single control.

What is Ransomware?

How does CISO Game model Ransomware?

Exposure for R01 runs from 0 to 100, recomputed live as you buy, cancel, or reassign products. How the exposure model works →

Real-world parallel

Ransomware is the case study every modern CISO is measured against. Real-world incidents — Colonial Pipeline, Change Healthcare, MGM Resorts — moved markets, regulators, and ransomware-payment policy itself. The technical playbook (initial access via phishing or RDP, privilege escalation, lateral movement, backup destruction, ransom note) is well-documented; the strategic playbook is what CISO Game actually drills. Detection is necessary but insufficient; without tested immutable backups and a rehearsed IR retainer, every confirmed encryption event becomes a ransom decision the board has to make under deal pressure.

How do security teams mitigate Ransomware?

The dominant subscore levers for this risk are:

Recovery subscore — weight 30%
Prevention subscore — weight 25%
Detection subscore — weight 20%
Awareness subscore — weight 15%

Which investments mitigate Ransomware?

Products in CISO Game that reduce exposure to R01:

Which related risks should you also watch?

Risks with similar dominant subscores or shared category — addressing one often helps the others:

Why does Ransomware matter to a CISO?

External adversarial risks like ransomware are the risks boards expect their CISO to talk about. They drive the strongest demand for detection + response capability and the strongest emotional response in the boardroom.

How can you test your mitigation strategy?

Click Play CISO Game free to see R01 appear live in your risk register and watch each purchase move the exposure number in real time. No signup required.

Stress-test Ransomware in the Healthcare ransomware year scenario →