As unlikely as it might sound, the reality is that a ransomware attack can happen to any business. That’s why every company should be prepared to properly handle negotiations with hackers in case they find themselves in that position.
Cybercriminals are much like any other kinds of criminals — their goal is most likely to extort money from their victims. Therefore, the expectations for ransomware attacks are similar to an actual ransom case.
If a ransomware attack is successful, you will most likely be locked out of your computer system. Another common possibility is that the hackers have stolen confidential information regarding your company’s activities or your clients. A short time after you have discovered the attack has taken place, the hackers will typically contact you to state their demands.
To be as prepared as possible, you should get an accurate assessment of the damage to your systems and what kind of data was stolen. It is ultimately up to you whether or not the data or the computer system is worth negotiating for — as the hackers will typically demand a very high price for it.
The FBI and many cybersecurity experts usually advise victims not to pay any ransoms to cyber attackers, regardless of the damage done. They claim paying a ransom or giving in to the hacker’s demands too quickly may encourage further attacks from other parties. Similarly, even if you pay, there is no actual guarantee that you will get your data back.
If you plan to negotiate, you have already decided to pay. Therefore, you need to set realistic expectations for what will happen. This won’t be like an episode of Law & Order where the FBI needs you to buy time to trace the hacker’s location.
In reality, cybercriminals often get away regardless of whether or not they are successful in extorting money. You will have to be smart in a different way to get through this.
While this tip might seem obvious, it’s also one of the most important — especially if this is your first time dealing with a ransomware attack. Cybersecurity companies often have professionals who can help you prepare for when the hackers make their demands and coach you through the negotiation process.
Computer emergency response teams, also known as CERTs, can help you respond to ransomware incidents and help you recover from the aftermath. Many of these professionals have a lot of experience dealing with ransomware incidents and might be able to identify which groups might be the culprit based on that experience.
They can even give you pointers on dealing with their demands if they have encountered the culprits before. Every ransomware hacker has different intentions when they attack your company. A professional who is familiar with them will give you an edge in negotiations.
Aside from cybersecurity professionals, you should also contact other parties, such as law enforcement, your lawyer or any other legal organization you do business with. Knowing the most recent laws regarding ransomware payments and negotiations is essential.
One of the silver linings of a ransomware situation is that, unlike a real ransom case, no one’s life is in immediate danger. Therefore, you have more freedom to treat the situation like a business deal instead of a dire threat.
If you are forced to negotiate, don’t give in to the initial demands of the hackers so easily. Although they have probably researched your company, it’s not likely that the cyber attackers know how much you can and cannot pay.
Therefore, you have some room to bargain. If you have ransomware negotiation specialists helping you already, they will have helped you work out a plan ahead of time — including how much you should be willing to pay.
Remember, cyber attackers put a lot of effort and resources into making this attack happen. They don’t want to walk away with nothing to show for it. That gives you some power at the negotiating table.
Offer a lower price, then haggle with them until you reach a consensus. Another good strategy is to ask for more time to pay. While the hackers might try to intimidate you into paying the ransom on their terms, remember that they’re most interested in getting any money at all.
Showing confidence and solidarity is good. You are not entirely helpless in this situation and you have your people and the negotiation professionals you hired at your side. However, being too confident can also backfire.
Trying to outsmart the hackers or trick them usually ends badly. Hackers can and will cause permanent damage to your computer systems if they haven’t already. They can also disappear with the confidential information they stole and leak it to the public or their criminal allies, encouraging further attacks. Your goal in a negotiation is to make the best of a bad situation, not to make a bad situation worse.
Being part of a ransomware negotiation can be intimidating and even scary, but you are not just a victim. Assess the situation, call on professionals for help and play it smart. Taking the right steps will get you through with as little damage to the company as possible.