In 2021 there were 623.3 million recorded ransomware attacks globally, which was an alarming 105% surge over 2020 . Governments saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021 .
Ransomware groups have been known to use OSINT (financial statements, etc.) to set the ransom amount even before they launch their attacks [Stage 1, 2]. In fact, this amount is then demanded in the ransom note. It is also well known that many ransomware attacks use phishing emails as their initial attack vector [Stage 2, 3]. If someone within the target’s organization falls for the phishing email, then the target’s systems are encrypted.
THEME: “The CARE Lab has been hit with ransomware!”.
The CARE Lab is challenging full-time high school and college students (aged 14+) to gain first-hand cyberattack and cybersecurity experience by participating in a creative and unique social engineering event! NO TECHNICAL EXPERIENCE IS REQUIRED.
Students will play the role of both the adversary (during the application) and the defender (during the live event).
We want to see your offensive social engineering skills. You will put on your adversarial hat and “target” the CARE Lab with an emulated ransomware attack.
Your team’s application should include a 5-page (no more) formal report (proper headings, page numbers, etc.) with the following information
- Ransom amount (1 page)
- Show us your OSINT findings that help you determine the ransom amount an adversary would demand from the CARE Lab.
- Phishing email (2-3 pages)
- Show us your OSINT findings for the CARE Lab that you are using for your phishing pretext.
- Show us your OSINT findings for who you are posing as (the sender of the email).
- Provide us with a phishing email (do not actually phish us!).
- Justify why you think this phishing email will work (thereby introducing ransomware into the CARE Lab’s working environment).
- Ransom note (1 page)
- What would your ransom note look like (provide an image or text of the actual note)? What components would it have?
The adversarial report should not be more than 5 pages (double-spaced) in length.
Note: Try your best with the report! We want to see your creativity and ability – this will help us plan accordingly.
Be sure to check the complete list of application materials, eligibility criteria, and FAQs.
Application deadline: Saturday, April 30, 2022 at 12 pm ET. Register your team here.
LIVE COMPETITION (virtual)
We want to see your defensive social engineering skills. Students will play the role of the defenders who are “hired” to help the “client” (the CARE Lab) manage the ransomware attack and provide them with a formal report. More details will be available to the selected teams during the virtual orientation session on Saturday, May 14th (this is not optional).
Competition dates (virtual, these are not optional – please hold these dates on your calendar):
Graduate Level: May 20, 21, 22 (9am-4pm ET)
Undergraduate Level: June 3, 4, 5 (9am-4pm ET)
High school Level: June 10, 11, 12 (9am-4pm ET)
Closing ceremonies (virtual): Wednesday, June 15, 3pm-4pm ET (this is not optional – please hold this date on your calendar)