Ransomware is one of the fastest-growing and most threatening cyber-risks today. As it grows, so does the business of protecting against it, leading to new professions entirely focused on addressing these malware attacks. The role of a ransomware negotiator is a prime example.
You might not have heard of a ransomware negotiator before if you’re not in the IT space. It’s still a relatively new position but is becoming essential as threats increase.
What Is a Ransomware Negotiator?
Ransomware is one of the most dangerous types of malware, so negotiators aim to minimize its damage. They communicate directly with attackers to delay and reduce the demanded payment.
Ransomware negotiators typically work for a larger security firm that handles incident response for other companies. After learning about the ransomware attack, they start talking with the attackers. At the same time, other experts work behind the scenes to understand more about the situation or start recovering from the hack.
Getting the attackers to accept better ransom terms is the most obvious goal of a negotiator, but it’s not the only one. Another crucial part of their job is getting information. That includes learning what data they have, the consequences of not complying with the ransom demand, who perpetrated the attack, and what their motivation is. These answers make it easier to respond effectively.
How a Ransomware Negotiation Works
Negotiations begin when someone gets the notification saying their data is being held for ransom. Ransomware negotiators work with the victim’s IT department and security specialists to determine the scope of the issue.
The team will see what data the ransomware has affected, if they have backups, and what type of ransomware they’re dealing with. Many kinds of ransomware have available decryption tools to get your information back without talking to the attacker. If that’s not an option, the negotiators find out what losing all the affected data would mean. That helps them determine how much the company is willing to pay for the ransom.
The negotiator will contact the attackers if the business decides it needs to pay the ransom. Sometimes, you can contact ransomware gangs through email, but usually, there’s a live chat option cybercriminals use to get payment data.
Ransomware negotiators will try to get some key information while talking with the attackers. They’ll ask about their history with decrypting information after payments, how they can trust them to do so, and how they arrived at the number for their ransom demands. They’ll also try to lower the payment amount and extend the deadline for making it.
If it comes to it, the negotiator will also oversee the actual payment. Most ransomware demands payment through cryptocurrency, so that likely involves setting up a crypto wallet, as most businesses don’t already have one. After that, the negotiator will keep in contact with the attacker until they’ve restored everything.
Why a Ransomware Negotiator Is Essential
Having a dedicated ransomware negotiator may seem a little extreme at first. Despite what it may sound like, it’s a crucial role, especially for companies with more to lose.
Ransomware Attacks Are Common
The biggest reason why ransomware negotiators are important is because ransomware is skyrocketing. According to a 2023 Statista report, ransomware attacks jumped from 304 million in 2020 to more than 620 million in 2021.
New notions like ransomware-as-a-service mean even less experienced criminals can carry out these destructive hacks. As a result, they’ll keep growing and targeting a wider range of businesses. That remarkable growth makes it too risky for anyone to assume they’ll never become a victim of a ransomware attack.
Having a ransomware negotiator makes it much easier to respond to these attacks. Hopefully, you’ll never need one, but if something happens, that expert touch significantly affects how things play out.
Negotiators Inform Effective Responses
Ransomware negotiators are also important because they help you find the best course of action. Many victims don’t know where to begin when an attack hits, but rushing to conclusions can make things worse. Having a professional who knows what information to find and how to approach the attackers prevents those outcomes.
In the early stages, a ransomware negotiator will help businesses decide if they even need to pay a ransom at all. They can also pinpoint the type of malware you’re dealing with, informing effective decryption and recovery processes.
What negotiators learn from their conversations with attackers helps, too. They could find that the gang used company insiders, as many ransomware attacks do, suggesting you need better internal controls to prevent future episodes. Alternatively, they can find out if the attacker can really be trusted to decrypt the data and advise you not to pay.
Negotiations Can Reduce Costs
The ransomware negotiation process can also reduce the cost of an attack. CSO Online reports that in some ransomware security experts’ experience, most ransoms end up being a small percentage of the original demands.
Ransomware gangs often recognize that a smaller guaranteed payday is better than aiming large and getting nothing. They also know that the longer negotiations go on, the less likely they are to get anything. Consequently, they’re often willing to negotiate their price if you work with them.
Negotiators know how to explain the financial aspects of a company and the cost of downtime to get a more reasonable price. If you tried to lower the payment without a professional, you may not know what to say or could slip into emotional arguments, which are less likely to help.
Negotiations Can Buy You Time
If nothing else, ransomware negotiations give you precious time. As negotiators speak with the attackers, other experts often simultaneously work to find ways to restore the affected system. Having more time to focus on recovery makes it easier to reduce the breach’s impact.
You can comb through your various data backup systems to find copies of the encrypted data during negotiations. The extra time also gives legal teams enough room to notify affected parties in line with breach disclosure laws. Companies may not have the time to do that without an expert negotiator.
Ransomware Negotiators Are Crucial
No one wants to negotiate with criminals, but having an expert negotiator makes more sense as ransomware grows.
Ransomware isn’t going anywhere. Negotiators won’t prevent these attacks but will minimize their impact, which is just as important for businesses today.