Skip to content

The ransomware negotiation playbook adds new chapters

October 24, 2024 – Published on CSO Online

When an organization is suddenly locked out of its own systems or has sensitive data stolen, it’s not just about losing access — it’s an existential threat to its entire operation.

Navigating a ransomware attack requires a cross-departmental response team, including legal counsel, cybersecurity experts, and organizational leadership.

The technical team’s role during a ransomware attack involves securing unaffected systems, identifying the ransomware strain, and beginning data recovery processes from backups, if available.

Meanwhile, the legal team evaluates the implications of engaging with the attackers, considering both the immediate and long-term legal ramifications, while coordinating with law enforcement agencies, regulators, and cyber insurers.

One area where the full cross-departmental response team plays a key role is in answering the critical question: Should you pay the attacker’s ransom demand, and if so, how should those negotiations play out?

GuidePoint Security is tracking around 70 ransomware groups, mostly from Eastern Europe but some from Iran, North Korea, and China. Some will settle for 50% of the original asking price while others are more inflexible and will offer discounts up to only 20%, according to Mark Lance of GuidePoint Security.

Threat actors need to uphold a reputation for delivering on what they promise if victims pay — something that’s still the case to a large extent even in an environment where gangs frequently close down and rebrand, according to Lance.

Read More HERE.