Incidents escalate fast; playbooks must match current threat actor tactics.. Test your readiness across containment, notifications and public guidance..
What tactic did authorities highlight in 2025 Interlock ransomware campaigns relevant to comms planning?
Double‑extortion: data theft plus encryption to pressure payment
Voice‑phishing only; no malware deployment
DNS tunneling used only for benign updates
Purely destructive wiper activity without theft
Which live‑issue in July 2025 showed how quickly TTPs shift and why pre‑approved holding lines matter?
CISA’s updates on SharePoint exploitation leading to ransomware deployment
A theoretical botnet proposal in an academic paper
A planned browser feature removal in 2027
A voluntary recall of outdated VPNs unrelated to intrusions
Which stance remains consistent in 2025 guidance regarding ransom payments?
Payment guarantees full decryption and data deletion
Authorities instruct victims to negotiate publicly on social media
Payment is mandatory for regulated sectors
Authorities discourage paying and recommend focusing on mitigation and recovery
What policy change did the UK announce in July 2025 affecting ransom‑payment decisions?
An amnesty for paying sanctioned actors
A requirement to disclose victims’ names within 24 hours
A targeted ban on payments by public bodies and critical national infrastructure, plus reporting for others
A universal mandate to pay to restore critical services
Which trend did large 2025 DDoS reports emphasize for crisis preparedness?
Only gaming is targeted; finance and media are rarely hit
Hyper‑volumetric surges and sector‑targeted campaigns require pre‑arranged mitigation and messaging
DDoS volume has collapsed; on‑prem firewalls are sufficient
Attacks are long and steady rather than short and intense
What operational pattern of modern DDoS in 2025 complicates comms timing?
Attacks always last several days without pause
DDoS is now purely Layer 3/4 and never hits apps
Short, intense bursts that repeat, making ‘all clear’ announcements risky
Only low‑bandwidth HTTP floods are used
Which area saw a notable 2025 rise and requires specific mitigation messaging?
Only SYN floods at the network edge
Physical sabotage of data centers with drones
Supply‑chain interdiction only via firmware implants
Layer‑7 (application) DDoS that mimics users and overwhelms web apps/APIs
Why do playbooks treat IOCs for ransomware families as perishable in 2025?
Ransomware codebases are frozen for years
Law enforcement mandates static indicators
Groups recompile binaries and swap tools between campaigns
Every group publicly registers their hashes
From a comms‑law perspective, what must UK organizations now weigh when discussing ransom decisions publicly?
No constraints; decisions are purely reputational
A duty to confirm payment amounts within one hour
Potential legal exposure under the proposed ban/reporting regime and sanctions screening
Statutory confidentiality that forbids any disclosure
Which pairing best fits 2025 DDoS response guidance to communicate alongside technical steps?
Upstream scrubbing with rapid status updates that set expectations for intermittent impact
On‑prem firewall only and a pledge to go silent until resolved
Immediate legal threats to journalists covering the outage
Full traffic black‑holing for days without explanation
Starter
Stabilize operations first and communicate verified steps.
Solid
Drill containment, forensics, and stakeholder timing together.
Expert!
Anticipate attacker pivots and communicate with disciplined clarity.
