Matthias Schranner defines five steps on how to negotiate with cybercriminals.

In light of drastically increasing cyberattack cases over the past few weeks, we would like to emphasize the importance of having clearly defined negotiation procedures with cybercriminals in companies. 

Have you developed a contingency plan in the event your company falls victim to a ransomware attack? Cyberattacks cause revenue losses, lead to reputational damage and legal liabilities. Ideally, a Chief Information Security Officers would always mitigate the risk by hiring or outsourcing a cybersecurity specialist. An expert inspects the system and identifies potential flaws that make it vulnerable to ransomware hackers.

If your company has become a victim of a ransomware attack, start negotiating immediately! There are five simple steps to follow. 

Step 1: Be prepared to negotiate

Avoiding negotiations and complying with all the demands typically costs a business far more money and reputational damage than expected since vast majority of ransomware attacks are carefully planned and professionally executed. Do not take the attack lightly, and do not yield to the other side!

Furthermore, do not let yourself be emotionally involved in a negotiation process or take the attack personally. Instead, stay focused on developing a bond with your “invisible” opponent. Refrain from accusing the other party of their illegal actions or resorting to threats. Rather establish a connection to facilitate a positive outcome. 

Step 2: Set up a negotiating team

Once you have found out that the system has been breached, involve an external negotiator to facilitate the process immediately. Set up your negotiating team according to the FBI-model: an external Negotiator, a Commander, and a Decision Maker. This setup will ensure that all the team members know their roles and execute tasks accordingly. 

It is crucial to have an external expert with relevant negotiating experience who is not emotionally invested in the company. The Negotiator gets clear instructions from a Decision Maker, including minimum and maximum targets, strategy, and tactics. The Commander oversees the negotiation process and supervises the Negotiator’s performance. The Negotiator should be the only Point of Contact. Therefore, if the Negotiator makes a mistake that interferes with reaching a settlement, a Commander or Decision Maker can replace that person at any time.

Step 3: Get proof from a cybercriminal

The Negotiator’s primary task is to make sure that they are negotiating with the correct person and the latter can reverse the damage caused. This step is of significant importance since the Negotiator does not see the opponent, and all the communication is done via email. There is always a possibility of having other cybercriminals impersonate the attacker. 

To make sure that the individual you are communicating with is the actual hacker, you need to ask for proof that they are able to restore the system. (E.g. Make a demand to fix one of the core components of your system.) Should they succeed, continue negotiating. 

Step 4: Prepare the payment

It is widely known that ransomware attacks are mainly paid in cryptocurrency. We recommend having a contingency fund for emergency cases as it might take a few days to get the funds. 

Step 5: Prepare and commence negotiations

Strategic preparation is an integral part of the professional preparation for negotiations. Before the negotiation commences, a good negotiator will analyze their position and motives in great detail. If you do not know your weaknesses, you will be easy prey for your adversary. 

Furthermore, it is essential to frame the negotiation process and set out the game’s rules – an agenda right at the beginning. Thus, everyone will be aware of the primary conditions and limits. Violating the basic rules should result in immediate termination of negotiations.

Video Source: Sky News Arabia

Part of Cybercrime video project by Sky News Arabia to raise awareness for cybersecurity attacks featuring Matthias Schranner as one of the global expert in cybercrime negotiations.





Do you want to be better prepared for difficult negotiations?

Receive a checklist, based on the SCHRANNER CONCEPT®

In clicking „Receive Checklist“ you are agreeing to our Privacy Policy.