RansomChatGPT: Ransomware Negotiation AI Simulator

Ellis S
2 min readNov 13, 2023

--

Introducing RansomChatGPT, a ransomware negotiation simulator you can use against all ransomware chat transcripts publicly released via Casualtek.

RansomChatGPT is tailored for ransomware negotiation simulations by scraping the list of publicly released transcripts and creating a ransom negotiation simulation based on the questions you ask it.

The idea behind this is that in real-life ransomware incidents, usually a ransom note is left behind instructing the victim organisation to visit a secure and private communication channel.

During the time of writing there are 13 threat actors to choose from:

  1. Hive
  2. Ranzy
  3. BlackBasta
  4. Avaddon
  5. Avos
  6. Conti
  7. Lockbit 3.0
  8. REvil
  9. Darkside
  10. Akira
  11. BlackMatter
  12. Mount-locker
  13. Babuk

The purpose of this tool is to educate security professsionals in negotiation so that if they are ever hit with a ransomware incident, they are ready.

After starting the simulation, RansomChatGPT will then ask a series of questions for a tailed scenario.

The tool will also make an assessment on the % of Global Turnover that is typically asked for an initial ransom as well as the % of Global Turnover which is usually accepted in the final negotiation. If these statistics exist in the transcripts, they will be used!

The tool will also provide break down the negotiation tactics of the selected threat actor.

If you are unsure what to respond with, simply ask RansomChatGPT what they would recommend writing! The chatbot will also explain the tactics they have included in their recommended response as well.

It is worth noting also this is purely for education and fun. Please under no circumstances use this for an actual incident or post live chat transcripts from active ransomware cases.

Feature requests/recommenations are welcomed also!

Thanks for tuning in x

--

--

Ellis S
Ellis S

Written by Ellis S

Digital Forensics, Incident Response and Threat Hunting things.

No responses yet