Ransomware negotiation is often framed as a simple decision... to pay or not to pay that is the question... But in practice, it is a structured coercive exchange conducted under a lot of pressure, incomplete information, and deliberate psychological manipulation and lies.
The Ransomware Negotiation Lab is a three-hour, hands-on workshop designed to simulate the mechanics of modern cyber extortion. Participants will work through a realistic ransomware scenario built around a fully developed Data Leak Site aka a DLS, stage data disclosures, and negotiation transcripts modeled on observed threat actor behaviour and data.
Rather than reviewing theory alone, attendees will actively analyze leak site posts to evaluate the credibility of proof packs. identify attacker leverage points, and conduct guided negotiations exercises in small groups. The lab will also look at timed scenarios to add simulated pressure on escalating ransom pressure, media inquires, partial data releases, and secondary extortion threats will require participants to adapt their strategy in real-time.
Tammy Harper Senior Threat Intelligence Researcher, Flare
Tammy Harper is a Senior Threat Intelligence Researcher at Flare focused on ransomware groups, extortion strategy, and leak site operations. Her work analyzes how threat actors construct leverage and weaponize uncertainty during negotiations. She speaks regularly on the operational and psychological mechanics of modern cybercrime.