7 best practices for negotiating ransomware payments

Sometimes companies are forced to meet cyber criminals’ ransom or extortion demands. This advice will give you your best chance to get your data back and preserve your reputation.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Whether through ransomware, data theft, a distributed denial of service attack (DDoS) attack or General Data Protection Regulation (GDPR)-based extortion, criminals demanding money from organizations in exchange for the return of data or to continue business operations continues to be a common occurrence. The best advice, of course, is not to pay, but as a last resort some organizations might feel the need to negotiate with cybercriminals during a cyberattack.

Perhaps the backups have failed, maybe criminals have your most sensitive data, or the size of a threatened DDoS attack would overwhelm your systems. An older study from 2015 estimated as many as 30 percent of security professionals would be willing to negotiate to get their data back, but who should take the lead, and how should you go about negotiating?

Corporate extortion and ransomware were listed as the “most significant risks to businesses” by 72 percent of respondents in a global survey of 900 CIOs by Logicalis, and Europol’s 2018 Internet Organised Crime Threat Assessment found an increasing trend of cyber extortion, and predicted more in the future.

What the data says about paying ransoms

The FBI, the UK’s National Crime Agency, and most cyber security experts recommend never paying the ransom. Aside from the ethics of funding criminals, there are no guarantees that criminals will stick to their end of the bargain, and it could encourage further attempts at extortion. Depending on your industry, loculation and who you’re paying, there could also be legal and regulatory repercussions.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.