Negotiating with Cybercriminals: Techniques and Challenges

Sometimes, organizations are forced to consider negotiating with cybercriminals. Whether through ransomware, data theft, DDoS attacks, or GDPR-related extortion, demanding payment in exchange for data recovery or business continuity remains a growing concern. While the best advice is to never pay, some companies may see negotiation as a last resort during an active cyberattack.

1. Engage Quickly — Even Without Intent to Pay

Initiating dialogue can buy time for the organization to validate the threat, locate the breach source, prioritize recovery efforts, or attempt to restore systems via backups. Common stalling tactics include claiming lack of budget, senior management disapproval, or pretending confusion about how to use cryptocurrency for payment.

Communication typically occurs via the attackers’ preferred encrypted channels, such as secure emails or messaging platforms, often listed in the initial ransom note.

2. Verify the Attacker’s Claims

Before negotiations begin, ensure the threat is legitimate. Confirm whether the attacker really holds your data or has the ability to decrypt it. According to a report by AlienVault, 65% of respondents said they could verify or disprove such claims, while 25% were unsure.

3. Don’t Be Afraid to Bargain

Negotiating the ransom amount is not uncommon. For instance, the CEO of Korean web hosting provider Nayana reduced a ransom demand from 550 to 397.6 bitcoins—about $1 million at the time.

4. Assign the Right Negotiator

AlienVault’s research shows CISOs are best positioned to lead such negotiations, followed by CIOs and executive-level staff. However, the actual negotiation should ideally be handled by professionals who understand attacker psychology and motivation. Inexperienced personnel may worsen the situation.

Specialized negotiators, cyber insurance providers, and incident response firms often offer these services as part of ransomware protection packages. Third-party negotiators provide neutrality and can guide the process more strategically.

5. Plan for Internal and External Stakeholder Management

Even when payment seems unavoidable, there are reputational risks. Uber, for example, faced backlash after paying $100,000 to hackers to delete stolen data from 57 million riders and drivers.

The best preparation is having a clear business continuity plan, with designated roles for your legal, finance, and security teams to act swiftly.

6. Know the Legal Risks

Regardless of negotiation decisions, always notify relevant authorities. Some ransomware groups are linked to sanctioned or terrorist organizations, making payments potentially illegal. Beyond ethical concerns and data return uncertainty, legal repercussions are a critical factor.

7. Invest in Security, Not Bitcoin

While some suggest pre-purchasing cryptocurrency to speed up payments, most security experts strongly advise against it. Instead of stockpiling Bitcoin, invest in prevention—strong backups, endpoint protection, staff training, and incident response plans.

 

Source: MedadPress
www.medadpress.ir