Mastering Negotiations With Cyber Criminals

Victims of cyber theft and ransomware increasingly seek professional negotiators to mitigate or avoid ransoms.

What to do in a ransomware attack?

Following a significant cyber attack on Euler Finance, a UK-based crypto lending platform, which resulted in a $197 million theft, professional negotiators played a pivotal role in recovering the stolen funds. The hackers, having mistakenly transferred 100 ETH to an account linked to North Korean hackers, were pressured by lawyers into returning the money, fearing repercussions from state actors or organized crime. This instance showcases the growing trend of ransomware victims seeking expert assistance to negotiate ransoms, aiming to reduce costs or evade payment.

The Art Of Ransomware Negotiation

Effective negotiation with hackers involves open-ended problem-solving questions, as explained by Amanda Weirup, an assistant professor of management at Babson College. Tailoring negotiation strategies to align with the hackers' interests, whether financial, political, or ideological, is key. Cyber attacks have surged since the pandemic, with remote working diminishing cyber defenses. IBM data reveals that organizations paying ransoms see only a marginal difference in attack costs ($5.06 million vs. $5.17 million), not including the ransom itself. Of course there are exceptions, such as the British Library, where the cost of recovering systems far outweighed the cost of paying the ransom.

British Library’s Financial Strain Post-Cyber Attack
The British Library faces a costly recovery from a major cyber attack, impacting its vast collection and services.

The Risks And Costs Of Paying Ransom

Paying off hackers can perpetuate cyber crime and potentially breach sanctions and regulations, funding adversaries or criminal activities. Payment does not guarantee system restoration and may lead to further extortion demands. CyberArk's data from 2023 indicates that organizations often pay ransoms multiple times due to double extortion campaigns, where hackers encrypt and threaten to release sensitive data.

Negotiating With Hackers: Strategies And Challenges

Negotiating with hackers requires understanding their motives and conducting a cost-benefit analysis. Victims should assess alternatives like data backups and recovery methods. Engaging with hackers early is advised to prevent escalation. However, businesses can use negotiation as a tactic to buy time for data recovery. Matthew Roach, Head of i-4 cyber security leaders community at KPMG UK, emphasizes the need for a contingency plan if payment does not yield expected results.

Cyber security services
Robust cyber security gives you the confidence to transform your business. We have the business know-how and technical expertise to help.

Defining Success In Cyber Negotiations

Success in negotiations is defined by the victim and negotiators, focusing on data recovery, minimizing financial loss, disruption, or reputational harm. Establishing a limit to negotiations is crucial in determining the course of action. With US states like North Carolina and Florida banning ransom payments for state and local government agencies, businesses often find themselves in a dilemma, weighing the necessity of negotiations against the desire to avoid capitulating to cyber criminals.


Subscribe to our newsletter and follow us on X/Twitter.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to REX Wire.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.