Have you planned for what will happen if you or your organisation is struck with a ransomware demand? What if your sharepoint files, email, network, laptops or endpoint terminals are all encrypted and you cannot operate your business? You may need to contact a number of people to assist including Law Enforcement, ICO, an Incident Response company …..and maybe a Ransomware negotiator?
Why it’s worthwhile to try hiring ransomware negotiating services.
In the event that individuals, small businesses or boards of directors, choose to pay ransomware requests, Using a ransomware negotiating service could help the situation’s outcome and minimise the demand if not eliminate it totally. Victims of ransomware must have the difficult choice of paying the ransom or risking the consequences. Although the Police, NCA, FBI and others advise against doing so, it’s not always possible. Having critical business functions not available or working could cost companies hundreds of thousands of pounds a day. Some companies may just go out of business. Ransomware negotiation services are an option for businesses that have chosen to pay.
What are negotiation services for ransomware?
Ransomware negation services are contracted to act as an intermediary between the victim organisation and the ransomware group. As a part of the supply chain for incident response to this type of cybercrime, which is when these services frequently get involved.
If you’re going to go down the route of paying a ransom, it is strongly recommended you do not do the negotiations yourself. You may be unaware of what constitutes “good or bad” negotiation. You won’t know whether to accept their offer of a 35% discount or a 10% discount if you don’t deal with criminals and these bad actors frequently. Or should you wait for a discount of 90%?
The criminal gang or individual bad actors may simply walk away from a do-it-yourself negotiation if the negotiation breaks down. There is a risk of making them angry. They could say, “I’m done talking to you,” and leave the negotiation table. You are then left to pay the full price.
Why should you think about hiring a ransomware negotiation services? Because they are experts in the field, ransomware negotiation services have a better understanding of how to deal with threat actors and a better chance of getting the results you want.
First, they have the upper hand and frequently know the bad actors’ credibility, such as when they use double extortion even after a ransom is paid. Will the bad actor(s) do what they say they will do, or are there instances of victims paying up and having their data released anyway? Some businesses continue to pay the ransom despite working with a law enforcement agencies. This is sometimes done because it was the most effective strategy for safeguarding the victims business and stolen data. It is important to remember that this needs to be dealt with professionally like any other business and not to allow your personal feelings enter the negotiations.
In general, ransomware scenarios contain complications that businesses and their incident response teams may not be aware of. This includes utilising Bitcoins or other cryptocurrency for payment, knowing how to communicate on a particular platform, accessing the dark web and more.
Brainstorm Security ransomware negotiation services are used when a company finds ransomware on its system and the readme file containing the demands of the ransomware group. It might be the bad actor emails the victim company with a demand or the first sign of trouble is when computers start to become unusable as they become encrypted.
On many occasions our negotiators have a good idea whether the bad actors are going to be open to negotiations and reductions in price and what that might even be. In most cases, these threat actors engage because, while they aren’t trying to steal as much money as possible, they also don’t want to lose it. After the initial research is finished, the communication and negotiation processes start to figure out if the ransomware group can provide a legitimate decryption program or be true to their word depending on the type of demand. Last but not least, the consultants assist with the ransomware recovery process and can keep an eye on the threat actor to make sure he doesn’t upload the company’s data online as part of a double extortion scheme.
Services for ransomware negotiation versus cyber insurance.
Ransomware negotiation services have been around for some time, and some were available prior to cyber insurance. However, In order to reduce claim payouts, some cyber insurance providers collaborate with negotiation experts. It is also important to deal with a negotiator that can be trusted. Businesses that have cyber insurance ought to be protected. However if details of policies are found by the bad actors on the victims network, this information can be used against the victim. If the criminal knows you have cover up to £350,000, they will state “We know your policy covers £350,000, so that’s the amount we want,”. If you have taken out cyber insurance, hold and retain those documents offline is the best advice. While there is no assurance that any ransomware negotiation process will succeed, enlisting services increases organisations’ chances of achieving the best possible outcome. This is especially true because consultants know information about the attack and the attacker that the victim organisations may not.
Conclusion
While there is no guarantee ransomware negotiation processes will work, organisations have a better chance at an optimal outcome if services are enlisted. This is especially true because of the attack and attacker details consultants know, which the victim organizations may not.
If a victim company chooses to pay a ransom demand to safeguard its clients and business information, it merits considering the use of a ransomware negotiator to prevent the process being derailed.