WannaCry Scenario: Transportation Peak Season
Scenario Details for IMs
Opening Presentation
“It’s Wednesday morning at TransGlobal Logistics, and the regional hub is operating at peak holiday capacity with conveyor belts running 24/7 and trucks departing every hour for delivery routes. But since Tuesday evening, package sorting systems have been displaying ransom messages, customer tracking databases are becoming inaccessible, and delivery routing systems are failing across the facility. With thousands of businesses depending on holiday deliveries and millions of packages in the system, this cybersecurity incident threatens to disrupt the entire regional supply chain.”
Initial Symptoms to Present:
- “Package sorting systems showing ransom demands instead of routing information”
- “Customer tracking databases becoming inaccessible affecting service inquiries”
- “Delivery route optimization systems failing across different transportation zones”
- “Warehouse management systems losing connectivity to package scanning and inventory control”
Key Discovery Paths:
Detective Investigation Leads:
- Network forensics reveal worm spreading through logistics and package management systems
- File system analysis shows encryption of delivery routes, customer data, and operational databases
- Timeline analysis reveals attack began during overnight shift when network traffic is highest
Protector System Analysis:
- Real-time monitoring shows ransomware spreading through interconnected logistics infrastructure
- Critical system assessment reveals package sorting and delivery systems at risk of complete failure
- Network topology analysis shows minimal segmentation between operational and administrative systems
Tracker Network Investigation:
- Traffic analysis reveals worm exploiting shared network infrastructure across shipping operations
- Propagation patterns show movement toward vehicle tracking and customer communication systems
- Network scanning indicates potential spread to partner carrier and retail client networks
Communicator Stakeholder Interviews:
- Operations staff report immediate impact on package processing and delivery scheduling
- Customer service team describes inability to provide tracking updates to worried customers
- IT staff explain security update challenges during continuous 24/7 operations requirements
Mid-Scenario Pressure Points:
- Hour 1: Major retail client calls demanding explanation for delayed holiday shipment tracking
- Hour 2: Package sorting facility reports 50% reduction in processing capacity
- Hour 3: Delivery drivers unable to access route optimization, causing traffic delays and missed deliveries
- Hour 4: Regional VP warns that operational disruptions will affect annual performance and customer contracts
Evolution Triggers:
- If package sorting systems fail completely, thousands of packages cannot be processed or delivered
- If customer tracking remains down, service commitments to major retail clients are violated
- If delivery routing is compromised, operational efficiency drops below sustainable levels
Resolution Pathways:
Technical Success Indicators:
- Team implements emergency network segmentation protecting critical package processing systems
- Worm propagation contained through strategic isolation and backup system activation
- Alternative tracking and routing procedures maintain operational continuity during recovery
Business Success Indicators:
- Package delivery operations maintained at sufficient capacity to meet holiday commitments
- Customer service capabilities preserved through manual tracking and communication procedures
- Major retail client relationships protected through effective crisis communication and alternative solutions
Learning Success Indicators:
- Team understands worm propagation through logistics networks and interconnected operational systems
- Participants recognize cybersecurity challenges in 24/7 operations and supply chain management
- Group demonstrates coordination between IT security, logistics operations, and customer service
Common IM Facilitation Challenges:
If Operational Impact Is Underestimated:
“While you’re analyzing network traffic, Carlos reports that package sorting capacity has dropped by 60%, and thousands of holiday packages are backing up in the facility. How do you balance cybersecurity response with operational continuity?”
If Customer Impact Is Ignored:
“Robert just received calls from three major retail clients threatening to switch carriers if their holiday shipments aren’t tracked and delivered on schedule. What’s your customer communication strategy?”
If Supply Chain Complexity Is Overwhelming:
“Sarah needs to know: can TransGlobal meet its holiday delivery commitments, or should backup contingency plans with partner carriers be activated immediately?”