Why using ransomware negotiation services is worth a try
May 25, 2022 – Published on TechTarget
Ransomware victims face the difficult decision of paying the ransom or taking their chances with the fallout. The FBI, Department of Treasury and others recommend against paying the ransom, but realistically, that’s not always feasible.
For organizations that have decided to pay up, ransomware negotiation services are an option.
Ransomware negation services are third-party brokers contracted to act as an intermediary between the victim organization and the ransomware group. These services often get involved as part of the incident response supply chain.
Drew Schmitt, analyst at Virginia-based cybersecurity consultancy GuidePoint Security, said negotiation services act as though they are part of the victim organization. “As soon as [bad actors] hear of you using a third party, they will either sever the communication or jack up the ransom.”
At GuidePoint Security, Schmitt explained, ransomware negotiation services are called after an organization discovers ransomware on its system and the readme file containing the ransomware group’s demands.
Consultants from the company provide digital forensics and incident response assistance, starting with determining the best negotiation process based on the ransomware group and its history.
“A lot of times, we have a good idea whether they’re going to be open to negotiations and reduction in price and what that might even be,” said Mark Lance, senior director of cyber defense at GuidePoint Security. “These threat actors engage because, while they’re not trying to take as little money as possible, they don’t want to walk away from the money either, in most circumstances.”
Read More HERE.