How to negotiate with ransomware hackers?
Matthias Schranner, a former FBI hostage negotiator and CEO of the Schranner Negotiation Institute, defines 5 steps on how to negotiate with ransomware hackers.
Become a skilled negotiator and learn new deal making and contract negotiation techniques to be used if you company has fallen victim to a cybercrime.
Step 3: Get a proof from a cybercriminal
“The riskiest element of negotiation is liaising with the wrong person. Ask for a proof that they can restore a system. If they are able to prove they have legitimate access to restore the system, you can continue the negotiation. Be respectful at all times.” – Matthias Schranner, founder and chief executive of Schranner Negotiation Institute for The National News.com
As soon as you have learned that your system has been breached, involve an external negotiator.
The negotiator’s primary task is to make sure that he/she is negotiating with the right person and that person can reverse the damage. This step is of significant importance since the negotiator did not see the opponent, and all the communication was done through email. There is always a possibility of having other cybercriminals impersonate the attacker. Their community is quite large, and they often communicate amongst themselves through chats.
Do not take decisions lightly and do not make any commitments at an early stage
To make sure that the person you are communicating with is the actual attacker, you need to ask for proof. You can compare this situation with the actual hostage taking; one must ensure they talk to the right person to get the hostages back when the payment is made.
The attacker has to provide a concrete proof that he is able to restore the system. (E.g. Ask them to fix one of the core components of your system.) Should they do it and, by doing so, prove they can restore the system, continue negotiating. It is crucial to avoid making any threads and be respectful with the cyber attacker at all times. Never mention that what they are doing is wrong and illegal. Instead, try to establish a connection with them to facilitate the positive outcome.
Follow us on LinkedIn.