Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Ransomware: Best Practices for Negotiating a Ransom Payment

Good Tactics Can Help Negotiate Down Initial Ransom Demand by 50%, Researchers Find
Zong-Yu Wu, threat analyst, and Pepijn Hack, cybersecurity analyst, of Fox-IT, part of NCC Group

As ransomware continues to pummel organizations, some victims determine that their best - and perhaps only - course of action is to unfortunately pay a ransom to try and recover their data.

See Also: OnDemand | The Cost of Underpreparedness to Your Business

But if so, there are multiple strategies they can employ to put themselves in a better position in their negotiations with the offending ransomware group, two cybersecurity researchers report.

"With good negotiation tactics, in most cases initial ransom demands can be negotiated down by half - or more," write Pepijn Hack and Zong-Yu Wu of cybersecurity firm Fox-IT, which is part of Manchester, England-based security consultancy NCC Group.

The pair are the authors of a report titled "'We Wait, Because We Know You.' Inside the Ransomware Negotiation Economics," presented at this month's Black Hat Europe conference in London. By collecting more than 700 transcripts of attacker-victim negotiations from 2019 and 2020, the researchers pursued answers to three questions: How are adversaries using "economic models to maximize their profits?" What position does this place victims in during negotiations? And how can ransomware victims "even the playing field?"

In an interview with Information Security Media Group, Hack and Wu discuss:

  • The economics of digital extortion;
  • Top tactics employed by ransomware-wielding extortionists;
  • The role of third-party incident response firms and professional negotiators;
  • Practical strategies to employ before and during any ransomware negotiation.

Hack is a cybersecurity analyst at Fox-IT. He graduated from Leiden University in 2020 with a bachelor's degree in criminology and a Master's degree in crisis and security management. He loves to combine these two fields with his passion for technology.

Wu is a threat analyst and a member of the Fox-IT threat intelligence team. He investigates mainly financially motivated threats in the cyberspace and provides in-depth analysis of malware and tactics, techniques and procedures. His research interests include adversaries' decision-making behavior.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.