Skip to content

Here’s what happens inside a ransomware negotiation

August 6, 2024 – Published on NBC 7 San Diego, CA

To pay or not to pay? That is the question companies must answer when they find out their computer systems have been taken over by ransomware.

It doesn’t matter how professional, funny or even friendly ransomware notes may be written, the response of a company is typically the same: Panic.

“It’s such a terrible and impactful thing where people are dealing with a lot of stress and a lot of worry,” said Mark Lance, vice president of Threat Intelligence and Incident Response for GuidePoint Security.

Lance said he has hundreds of ransomware negotiations under his belt. Lance said the first thing that needs to be done is to settle everyone down who is panicking.

“Being that calming voice that’s able to help them through and get them back to a point where they can continue to be successful and effectively operate their business,” Lance said.

What’s next? Lance said he and his team assess the data breach to see if they could recover the system without paying the ransom, an amount that can be in the millions of dollars often paid via cryptocurrency from the company’s coffers or a cyber-insurance policy. This is not easy and may even be pointless, according to Lance.

“They’re very specifically making sure they’re encrypting and preventing access to backups that will allow you to restore,” Lance said. “They’re also taking steps now like stealing information, so even if you are able to restore, they’re still going to try to get payment from you based on the information and threat to release.”

Read and Watch More HERE.