Recent years have witnessed the rise of ransomware, which has transitioned from mere breaches of sensitive data to sophisticated cyberattacks. In many of these cyberattacks, the target is an organization. The existence of cybercriminals has gone from a speck on the radar of digital security to being a widespread and very sophisticated type of crime. 

Businesses in every type of industry and size are trapped in a digital chess game where all of their moves are digitally tracked. Ransomware is one of the most popular types of malware that exploits essential and sensitive data, but unfortunately, it is not uncommon for the adversary to use nefarious techniques to compromise data and hold that data hostage for exorbitant reasons. 

Over the past year, Kurtis Minder, the CEO of GroupSense has had the privilege of experiencing this rise first-hand. Located in Arlington, GroupSense specializes in post-attack intelligence gathering and information gathering for security operations and law enforcement clients across the world thanks to its threat intelligence capabilities. 

According to Minder, a significant percentage of the company's customer wins are based on incident response; he explained that this did not happen all the time, but that larger incident response organizations bring GroupSense into breach scenarios in order to provide additional analysis of specific threats that are being encountered. 

There has been a shift in the incident response industry since the year 2020 when something unexpected began to occur. It is common for cyber insurance carriers to provide a list or a "panel" of approved vendors that can respond to breaches, ransomware attacks, as well as ransomware negotiations, in order to address the incident response requirements. 

Minder says that in this case, the victim had only one company on its panel that would deal with ransomware negotiations, and that company felt "completely swamped" with demands at the time because it was dealing with a large number of requests. 

Consequently, GroupSense was able to step in and conduct negotiations with the actors responsible for the threat, which opened the possibility of future engagements with those carriers. GroupSense soon began to become a negotiating company with the company taking on other types of jobs, including ransomware negotiations last September.

As a result, Minder said, the company was conducting between three and five ransomware negotiations a week after the company launched its ransomware services. It was not too long ago when many believed ransomware negotiations to be a largely unscrupulous endeavour undertaken by shady ransomware recovery firms that would claim to decrypt the victim's data under the guise of decryption when they were actually taking the money and paying the ransom over the course of months. 

The number of ransomware attacks has steadily increased, as have the ransom demands, which are routinely approaching seven figures, according to information security experts. Additionally, experts are stating that many victims, even those who have backups of their encrypted data, are now paying a ransom as a way of preventing the theft of their data from ever being uncovered. 

As a result of these factors, incident response specialists have been in high demand for quite some time now. They have the ability to delay an urgent payment deadline as well as negotiate a million-dollar demand down to a mere $200,000. 

Many negotiators fall somewhere between the extremes; while some argue that negotiators should always tell the truth, they might only tell the truth with a little margin for error; while others argue that negotiators should tell the whole truth at all times as well. 

It is important for organizations to balance their responsibilities towards stakeholders, to societal well-being, as well as the potential consequences of their decision-making as part of the ransomware negotiation process. 

Even though there are still moral dilemmas surrounding negotiation, businesses need to take into account the long-term as well as short-term impacts of choosing to negotiate or not to negotiate. Due to the increasing intensity and prevalence of cyberattacks, organizations will have to navigate a maze of ethical considerations other than ransomware negotiations in order to mitigate the impact of these threats. Therefore, organizations must maintain vigilance and ensure the integrity of their negotiations. 

There are a number of factors to consider when negotiating in ransomware situations, including robust cybersecurity measures, as well as the negotiation strategy itself. While choosing to negotiate may be a pragmatic solution for dealing with the immediate challenges of ransomware attacks, protecting data, ensuring business continuity, and maintaining economic stability in the face of these threats, there are technological and ethical challenges associated with this approach as well. 

Organizations may contribute to a more resilient digital landscape and send a clear message to criminals that they will not be rewarded for their criminal behaviour by refraining from negotiation and redirecting efforts to proactive cybersecurity measures and collaboration between law enforcement agencies.