Negotiations during a Ransomware Attack; a perspective from 2 professional Hostage Negotiators
Many crisis management situations do not only require high-pressure analyses and decision making but solid communication – and (in worst case scenario) negotiation skills. Sue Williams and Jacob van ‘t Slot, 2 expert hostage negotiators, discuss how negotiation tactics can help organisations mitigate the consequences of a ransomware attack, and what factors to consider when negotiating with adversaries. They position negotiation in the context of Crisis Management and evaluate the differences and similarities of cyber extortion cases and situations where lives are at stake.
Both Jacob and Sue are experienced negotiators operating sometimes in the real-, sometimes in the virtual- but always in the shady world and with a lot at stake. Sue was in charge of the Kidnap and the Hostage Crisis Negotiation Units at Scotland Yard, and advised the UK government on cases of kidnap and abduction. She teaches hostage negotiation tactics at Harvard University, and is still active as a kidnap response and cyber extortion consultant. Jacob has a background in psychology, security and crisis management, and has worked as a kidnap response consultant at the Netherlands Ministry of Security and Justice. Jacob lectures at the Harvard Humanitarian Academy, and develops the SECO-Institute’s crisis management education program.
This write up guides you through the process of a ransomware attack, and how to prepare and conduct cyber negotiations with your opponents...
Require ‘Proof of Life’ in the broadest sense of the definition: Are they able to execute the cyber- attack they are threating with? And in case of a ransomware attack: Are they able to actually decrypt your files, even if they decide to do so? There are a lot of poorly designed ransomware products on the market that can actually destroy your data. As a negotiator, ask them to decrypt a test file.
Define clear objectives for your negotiation strategy: Are you buying time while the IT Department is solving the issue? Are you aiming to mitigate the damage, to lower the ransom?
I highly recommend reading the full article from the Seco Institute [HERE].