How to Make a Deal with Ransomware Attackers

by | Nov 23, 2022

As the number of ransomware assaults increases around the world, so does the demand for negotiation services, which is difficult to meet.

Criminals are becoming increasingly adept at profiting from their access to your network. They target a company encrypts all its data and then demand payment in exchange for its release—often in the hundreds of thousands of dollars. Ideally, you’ll be able to retrieve your data from backups or break the encryption, but in many situations, the bad guys purposefully seek out and destroy backups, and their ransomware employs cutting-edge encryption.

Your data is being held hostage by hackers. So, what’s next?

Companies must respond immediately to assess the potential for harm. There are various varieties of ransomware, some of which are more damaging than others, and the ransoms requested range from a few hundred dollars to millions of dollars. New strains that infect entire systems, including backup data, are the most dangerous.

Companies should analyze whether they can reduce the problem without having to pay hackers, according to experts. Is it possible, for example, to resolve the problem by restoring data from a backup source? Is it possible for security specialists to “hack back” or decrypt the data?

The financial costs of not paying up, as well as the chance that after paying, the company’s data would not be restored, will be considered when deciding whether to pay a ransom, which the FBI advises against.

Another alternative is to involve law enforcement early, but the risks of exposing the incident to a potentially large audience must be evaluated against the resources and expertise they can contribute.

When you decide to pay the ransom, what happens next?

How do you reclaim your data while dealing with unscrupulous and perhaps unpredictable adversaries? Suggestions for achieving the greatest results, as well as typical blunders to avoid.

Pretend to be someone else or try to deceive the assailants in any way. Criminals these days will typically probe your network for weeks or even months before installing ransomware and enslaving you. They will learn about your company throughout this period. The criminals wanted a $200,000 ransomware payment in one example. The firm stated that they could only afford to pay $60,000 in response. “Not according to your financials,” the criminals retorted quickly. Attempting to deceive the attacker makes ransomware negotiations more difficult. In another instance, the company’s IT administrator pretended to be a high school student and said that a ransom of a few hundred dollars was all he could afford. The crooks understood this was a fabrication. “They seem to have little patience for ‘game playing.” “If they see that kind of behaviour, they’ll just dismiss you and move on to the next possible payer without responding.”

Don’t make promises you can’t keep. It may sound absurd, but in a ransomware discussion, a certain level of mutual trust is essential. Stick to your word if you make a promise to the criminals, such as transferring the money by a certain date. Otherwise, they may decide to stop replying or even act against you by revealing your information. This was seen in a high-profile case involving an orthopaedic clinic. According to, “at various moments, [the clinic] said that it was willing to pay some ransom, but that it needed to work out a payment system”. They later stated that they were willing to make a wire transfer. They also failed to meet deadlines set by [the crooks], which enraged the hackers. Some of the public leaks of patient data were a direct result of [the clinic] failing to accomplish what it said it would do when it promised the hackers.”

‘Proof of life’ should be required. How do you know that if you pay, the crooks will be able to decrypt your data? New ransomware packages have invaded the darknet markets, some of which are poorly crafted and may accidentally damage your data. Other times, unorganized crooks may not have your key or be aware of how to utilize it. Professional negotiators have made it regular practice to demand “proof of life,” requiring offenders to decode a test file to demonstrate their ability. Avoid using this as an opportunity to dupe hackers into decrypting a vital file like your company’s QuickBooks database: Criminals are aware of this and may become enraged as a result.

Engage the help of an expert. To say the least, negotiating a ransomware payment is difficult. If you’re being held hostage, enlist the assistance of a skilled ransomware negotiator.

Treat a ransomware discussion as if it were a business transaction. Act composed, rational, and logical. It’s a business deal for the crooks and handling it that way increases your chances of getting the best possible result for your company. For example, frequently offers to make a smaller but faster payment: “I can get X amount approved and have the money to you by tomorrow,” implying that a larger ransomware payment will take longer. Criminals will often take a smaller payment if they believe they will receive their money sooner.

What does the ransom payment entail?

Not as thrilling as in heist films. Payment is mostly made by sending virtual money to an anonymous digital wallet, while there are few examples of difficult-to-trace methods like gift cards, according to experts.

Because most businesses do not have cryptocurrencies on their balance sheets, they may want to set up a fund or enlist the help of a third party to do so.

How can you be sure that doesn’t happen again?

Patching the company’s software — that is, ensuring it is updated with the newest updates — is the first step in blocking prospective attacks.

Another option is to make backups of company files and store them apart from existing data. Have a robust back-up program that is physically and conceptually segregated from the network and test it periodically.

Companies may want to build a doomsday scenario and do stress tests on it on a regular basis to guarantee that it works.

Ideally, an organization would spend in developing a significant incident response strategy with clearly defined roles and duties aligned to various situations before a ransomware attack occurs.

As the number of ransomware assaults increases around the world, so does the demand for negotiation services, which is difficult to meet.

How to get Microsoft Defender Health on Mac Fleet

Managing Macs for multiple companies gives us the opportunity to work in various environment and detect issues where it occurs first & then implement a solution for all others at the same time. Recently there was a requirement to find if there are MDD instances...

Implementing Machine Learning in IT Support Setup

Machine learning has the potential to revolutionize the way IT support businesses operate. This cutting-edge technology can be applied in a number of ways to improve the efficiency, accuracy, and speed of IT support services. Here are some ways that machine learning...

Benefits of Apple Business Managers

Apple Business Manager is a web-based platform designed to streamline the process of purchasing, deploying, and managing Apple devices within a business organization. It allows IT administrators to manage and distribute Apple devices and apps to their employees,...

Adoption of Macs in Enterprise: A Growing Trend

This image belongs to In recent years, there has been a growing trend of enterprises adopting Macs as their primary desktop and laptop computers. This shift in technology can be attributed to several factors, including...

ESG as future of IT

ESG, or environmental, social, and governance, is becoming increasingly important in the field of IT. As technology continues to advance and play a larger role in our daily lives, companies are being held to higher standards in terms of their impact on the environment...

Secure Your Mac with FileVault

FileVault is a built-in encryption tool for Macs that helps protect your data from unauthorized access by encrypting your hard drive. Enabling FileVault is a simple process that only takes a few minutes, and it can give you peace of mind knowing that your data is safe...

Is outsourcing IT to India is better or keeping it inhouse?

There are pros and cons to both outsourcing IT services to India and keeping IT within the company. Ultimately, the decision to outsource or keep IT in-house will depend on the specific needs and goals of the company, as well as the resources and capabilities...

How to be a good SCRUM Master

In an Agile development team, the Scrum Master is a crucial role that helps the team to work effectively and efficiently. A Scrum Master is responsible for facilitating the team's use of the Scrum framework and ensuring that the team is able to deliver high-quality...

Basics of Enterprise Patch Management

Enterprise patch management is the process of ensuring that all the software and applications within an organization are kept up-to-date with the latest patches and updates. This is important because software and applications are constantly being improved and updated...

Cost saving for enterprises by choosing M1 Macs

The M1 Mac has had a significant impact on the enterprise market since its release. As a highly-efficient and powerful machine, the M1 Mac has proven to be a valuable asset to businesses in a variety of industries. One of the key benefits of the M1 Mac is its improved...

CRM Is A Process, Not A Product! How Can We Make CRM A Successful Tool?

CRM (Customer Relationship Management) is software that allows businesses to manage business relationships and information associated with them. It provides a platform that manages interactions with customers, stores information about them, and automates processes...


Digital Workplace Services

Automated Tasks

 Office IT Support

Intune for Win & Mac

Citrix Virtual Apps

Mac Win iOS Android

Mac & Win Trained