Ransomware Negotiation

DIGIGUARD can manage ransomware negotiations for businesses that have decided to pay ransomware demands. The effects of a ransomware attack can be long-lasting and impact operations, reputation, compliance and the financial position of your company. Our consultants can manage the negotiation to try and reduce the payment amount and improve the terms and outcome. Deciding to pay a ransom is an extremely difficult decision for SMBs. Communicating with and making alternative payments to cyber criminals adds additional challenges. Our cybersecurity experts can act on your behalf to perform the following:

• Manage the entire ransomware attack process with knowledge and expertise
• Negotiate payment reductions
• Negotiate terms of decryption key exchange
• Detect and contain on-going attacks during ransomware negotiations
• Consider OFAC compliance when ransomware payments are necessary
• Expedite bitcoin ransom payment
• Compile detailed reports for cyber insurance and compliance regulators

Cost-Benefit Analysis of a Ransomware Payment

As ransomware attack details unfold, companies face the devastating realization that their backup data does not exist or is unusable. Companies are confronted with these remaining three options:

• Back up encrypted data and wait indefinitely for a decryption solution
• Recreate data from scratch
• Pay a ransom for the potential return of usable data

The decision to make ransomware payments becomes a practical determination. The likelihood of obtaining decryption and restoring data rests heavily on the type and scope of the attack. DIGIGUARD will help your business verify an informed decision by considering the following risks and benefits of ransomware payment:

Risks of Ransomware Payment:

• Cybercriminals may demand extra money after receiving the first payment
• Payment may not stop the attacker from returning
• The cybercriminal’s email may be shut down due to the volume of complaints to the domain webmaster
• Payment does not guarantee the correct encryption keys will be provided
• Payment publicity can damage your brand reputation
• A sample file is sent back to you, the ransom is paid and the cybercriminal stops responding
• Cybercriminals may recover and return some, all or none of your files
• Payment rewards criminal enterprise and reinforces the activity
• Bitcoin payments put the buyer’s bank accounts at risk on unregulated exchanges

Arguments for Making a Ransomware Payment:

• The lowest-priced option is paying the ransom
• Payment may avoid publicity of a data breach
• Data is critical, such as patient health records
• Fines for lost data exceed ransom payment
• Payment can help return highly confidential information
• Business returns to operations in the shortest amount of time

Ransomware Payment

Paying ransomware can be difficult and challenging. DIGIGUARD cybersecurity experts can attempt to pay your company’s ransomware demand as safely and responsibly as possible. We use cybersecurity industry historical threat intelligence and technical expertise. Our team of consultants can manage this phase of the cyber-attack incident, which generally follows this or a similar process:

• Set up an account to handle bitcoin
• Fund bitcoin account
• Document exchange for insurance claims
• Create a conditional cryptocurrency payment exchange
• Transmit the ransomware key from the affected system
• Upload the key along with bitcoin payment
• Wait for the decryption key to restore data

Cyber Insurance and Ransomware

Many cyber insurance policies offer coverage for the costs to detect, halt, investigate and remediate ransomware. DIGIGUARD can review the language and terms of your policy and help you comply with the reporting requirements for your coverage. Our consultants can help you document bitcoin valuation and payment execution verification. Proof may include board of directors statements and insurance company approval statements.

Contact DIGIGUARD for assistance with ransomware response management.