Ransomware: Best Practices for Negotiating a Ransom PaymentGood Tactics Can Help Negotiate Down Initial Ransom Demand by 50%, Researchers Find
As ransomware continues to pummel organizations, some victims determine that their best - and perhaps only - course of action is to unfortunately pay a ransom to try and recover their data.
See Also: Ransomware: The True Cost to Business
But if so, there are multiple strategies they can employ to put themselves in a better position in their negotiations with the offending ransomware group, two cybersecurity researchers report.
"With good negotiation tactics, in most cases initial ransom demands can be negotiated down by half - or more," write Pepijn Hack and Zong-Yu Wu of cybersecurity firm Fox-IT, which is part of Manchester, England-based security consultancy NCC Group.
The pair are the authors of a report titled "'We Wait, Because We Know You.' Inside the Ransomware Negotiation Economics," presented at this month's Black Hat Europe conference in London. By collecting more than 700 transcripts of attacker-victim negotiations from 2019 and 2020, the researchers pursued answers to three questions: How are adversaries using "economic models to maximize their profits?" What position does this place victims in during negotiations? And how can ransomware victims "even the playing field?"
In an interview with Information Security Media Group, Hack and Wu discuss:
- The economics of digital extortion;
- Top tactics employed by ransomware-wielding extortionists;
- The role of third-party incident response firms and professional negotiators;
- Practical strategies to employ before and during any ransomware negotiation.
Hack is a cybersecurity analyst at Fox-IT. He graduated from Leiden University in 2020 with a bachelor's degree in criminology and a Master's degree in crisis and security management. He loves to combine these two fields with his passion for technology.
Wu is a threat analyst and a member of the Fox-IT threat intelligence team. He investigates mainly financially motivated threats in the cyberspace and provides in-depth analysis of malware and tactics, techniques and procedures. His research interests include adversaries' decision-making behavior.