When hackers kidnap your data, should you negotiate?

What would you do if your company’s data was stolen and held for ransom? Would you call the FBI? Would you ask your IT team for help? Would you give in to the hacker’s demands?

Here’s another option: You could hire a professional ransom negotiator.

Mark Congionti is one of those negotiators. The cofounder of Proven Data says that his data recovery firm specializes in using negotiation tactics to reduce the cost of ransomware attacks.

Due to a rapid rise in ransomware attacks, negotiating with cybercriminals has become a serious business. In 2015, an estimated 75 percent of ransomware cases targeted companies. That number has since increased to more than 95 percent.

What happens in a ransomware attack?

I learned about Congionti through one of his customers — a corporation whose entire operation was locked down by ransomware. The hackers demanded 30 Bitcoin (about $240,000 at the time) in exchange for decryption codes. Proven Data looked at a sample of the code and determined three things immediately:

1. The encryption could not be broken.
2. They believed they could negotiate a lower sum, based on experience.
3.  The “signature” of the group suggested that the attack came from a hacker who usually provided an unlock key once a ransom was paid.

Congionti explained three things to the corporation:

1. Hackers have all the power when a company is locked down.
2. Paying in Bitcoin means there’s no way to recover the money if the hackers don’t provide decryption codes.
3. Even if a company gets the codes, it can take days or weeks to get the company operational again.

In other words, the company needed to tread carefully when interacting with the hackers.

Proven Data was able to negotiate a lower ransom of $60,000 with the hackers, who sent over the decryption codes to unlock the company’s data.

Why you (probably) shouldn’t negotiate yourself

Trying to negotiate with hackers yourself can make a situation worse, Congionti says. He’s seen victims try to get hackers to prove they can decrypt files, which often angers and provokes them to increase the ransom. He’s also seen victims act too eager to pay immediately, which can cause hackers to raise the price of their ransom.

Proven Data negotiates with hackers through anonymous email. The firm cooperates with the FBI if the victim files a report, which happens in less than 5 percent of cases. Many victims fear that reporting attacks will open them to further harassment.

But generally, hackers don’t tend to target the same victim more than once, Congionti says.

Five ways to protect your company

There are steps you can take to protect yourself. Congionti recommends a layered approach to security using these five tactics:

1. Back up your most valuable data off the network.

Ransomware can encrypt backups located on the same network. Use USB devices, hard drives or the cloud (Congionti recommends Carbonite) to back up your data instead.

2. If you suspect your system has been compromised, immediately disconnect devices from WiFi and the network.

Do this even if you haven’t seen a ransomware note. This should limit the damage since the encrypting process is not yet complete.

3. Deploy the strongest endpoint antivirus system possible.

Proven Data recommends Sophos, Sentinel and Cisco AMP. You could also consider Trend Micro, Kaspersky and Symantec.

4. Motivate employees to follow security policies.

About 90 percent of breaches are due to employee error. The best way to address this is through on-site training.

5. Encourage employees to start using password-manager applications.

This will help them to develop and keep track of unique passwords for every site and application.

For more insights on cybersecurity, download Vistage’s report, Cyberthreats and solutions for small and midsize businesses.

7734 views