J.M.Lindamulage,
I.N.D.Perera,
S.M.L.D Senanayake,
M.Vinith,
R.Chamith Darshana, K.P.A.Yasorajith Kulathunge
2024 April 8
Ransomware attacks continue to plague organisations worldwide, leaving many grappling with difficult decisions when faced with extortion demands from cybercriminals. While prevention and incident response are essential components of cybersecurity, negotiation tactics can also play a crucial role in mitigating the impact of an attack. Here are some key strategies for handling ransomware extortion:
Open lines of communication with the attackers through secure and anonymous channels. Establishing dialogue early on can provide insights into the attackers’ demands and intentions, helping to inform your negotiation strategy.
Assess your bargaining power and leverage factors such as the importance of the encrypted data, the potential cost of downtime, and the feasibility of restoring systems from backups. Understanding your position can empower you during negotiations.
Negotiating with cybercriminals can be stressful and emotionally charged, but maintaining a calm and composed demeanour is essential. Avoid reacting impulsively or making rash decisions that could compromise your negotiating position.
Engage in constructive dialogue with the attackers to negotiate the terms of payment, decryption keys, and guarantees of data deletion. Seek to minimise the ransom amount while prioritising the swift and safe recovery of your data and systems.
Consult legal advisors and consider involving law enforcement authorities, such as the FBI or Interpol, in your negotiation efforts. They can provide guidance on legal implications and potentially assist in tracking down the perpetrators.
Have contingency plans in place in case negotiations fail or if paying the ransom is not a viable option. This may involve exploring alternative recovery methods, leveraging cyber insurance coverage, or seeking assistance from cybersecurity experts.
While negotiating with ransomware attackers is never ideal, it can sometimes be a necessary step to minimise the impact of an attack and facilitate recovery. By employing strategic negotiation tactics and seeking expert guidance, organisations can navigate these challenging situations with greater resilience and resolve.
Kavindu is a dedicated professional with a passion for education and cybersecurity. With over 5 years of experience in the academic sector, Kavindu is currently pursuing his doctoral degree as a PhD candidate at Kotelawala Defence University. His academic journey has been marked by excellence, as he holds an MSc (Hons) in Cyber Security and a PgD in Cybersecurity from SLIIT. His foundation in Information Technology comes from earning a BSc (Hons) degree at Kotelawala Defence University. His passion for knowledge extends to research, with two published research papers to his name, and he also holds certifications including CCNA 1 and CCNA 2 with NSE 3x certifications, demonstrating his commitment to staying at the forefront of technology.
Chirath is a highly skilled and accomplished cybersecurity professional currently serving as the Technical Lead at AION Cybersecurity (PVT) Ltd. With an impressive track record spanning 9 years in the industry, Chirath brings a wealth of expertise across various disciplines in the cybersecurity field. He holds an MSc with Distinction, a PgDip, and a BEng (Hons) with First Class Honors, reflecting his commitment to excellence in academic achievements. Additionally, Chirath possesses several industry certifications, including (ISC)2 CC, 5 Azure certifications, AWS-SAA, CFR, RCCE, CHFI, CEH, and QCS (Qualys). He is also a member of professional organizations like MIET and MCSSL. Notably, Chirath has published 2 research papers and 26 research articles, showcasing his dedication to advancing knowledge and innovation in the cybersecurity domain.
WhatsApp us