Step into a ransomware incident
17th March 2026
10:00 – 14:30 with lunch
Under Ransom is a live, in-person ransomware tabletop exercise delivered by Arctic Wolf with Northdoor. It places IT leaders and senior stakeholders inside a realistic ransomware scenario and asks a simple question: What decisions would you make under pressure?
Rather than relying on slides or theory, this session uses a guided, role-based exercise. As a result, participants see how a ransomware attack unfolds and how quickly technical issues become business problems.
What is the Under Ransom ransomware tabletop exercise?
Under Ransom is a structured simulation built around a fictional organisation facing an active ransomware incident. Participants step into defined roles as the scenario develops in real time. The exercise then moves through clear stages, including discovery, impact, response, and recovery.
At each stage, the group pauses to discuss decisions, trade-offs, and consequences. Throughout the session, the focus stays on business impact rather than tools or theory. An Arctic Wolf presenter leads the scenario and moderates discussion, while Northdoor supports delivery and follow-up conversations.
Who should attend?
This exercise is designed for people who make real-world decisions. In particular, it suits:
- IT leaders and heads of infrastructure or security
- Senior stakeholders involved in risk, operations, or continuity
- Organisations that have not recently tested their incident response plans
Most importantly, the session works best when attendees take part actively and speak openly.
Pressure-test your assumptions
Most response plans look solid on paper. However, this exercise shows what happens when time, uncertainty, and consequences collide.
By the end of the session, attendees will have:
- Seen how quickly ransomware decisions escalate
- Understood the financial, operational, and reputational impact of an attack
- Explored ransom negotiation and cyber insurance in context
- Identified gaps in their current response plans
Ultimately, the value comes from discussion, pressure, and shared experience.
What to expect on the day
This is not a product demo, a technical deep dive, or a sales pitch. Instead, it is an educational exercise designed to prepare organisations for real incidents.
The team delivers the session in person as a scripted scenario with audience participation. It runs for 2–3 hours, requires a minimum of 8 attendees, and finishes with time for open discussion.
Why attend now?
Although ransomware response plans often look solid, they frequently fail when teams test them under pressure. This session gives you a safe way to challenge assumptions, test decisions, and see how your organisation would respond before it matters.
Hear what previous attendees have to say:
“I found the exercise genuinely engaging. The scenario felt real, the discussion was honest, and I walked away with clear actions to strengthen our own response approach.”
“The session opened my eyes to how quickly a ransomware incident snowballs. It pushed us to think beyond IT and consider the wider business impact in a way we hadn’t done before.”
Register now – limited seats per session