Paying is almost always the only option after a ransomware attack

Geert Baudewijns



The last thing you should do during negotiations with hackers is to agree to their ransom demands. Naturally, you should try to avoid this, but in practice, a company’s network is often so heavily infected that paying appears to be the only way to quickly restore business operations.

“Paying does not guarantee that you will get the keys to your data back,” is another message that frequently appears in the media. Or: “Hackers can still leak your data to the outside world after payment.” And “Who’s to say they won’t be back in two weeks?” Consultants with little practical experience spread these theories, which you can never fully debunk. They do not know what it’s like during negotiations with hackers.

Take it from me: there is a large discrepancy between theory and practice. With over 440 negotiations under my belt, I can honestly say that hackers always keep their word. Every time, they have returned all the keys. I have never experienced them leaking data afterwards, or coming back to demand more ransom.

Asking Price

What we do as negotiators may well border on the edge of ethics, but often that’s the only way to get a business back on track. The advantage of a negotiator is that we are not emotionally connected to the company. We have nothing personally to lose, which immediately changes the tone of the conversation. Especially when figures are laid on the table.

Demands of 500,000 euros are not uncommon during negotiations. However, the pendulum can swing in two directions. Some hackers play it safe and ask for much less than they could get for the data of an affected organization. Other hackers overestimate their chances and need to be brought back down to earth. Conversations with professional hacker organizations usually go smoothly. Negotiations with street criminals are less straightforward. With them, you need to build a rapport before you can discuss ransom.


Nowadays, we see that many hackers focus on European firms, because there is a chance that these companies are insured. Contrary to what you might think, insurers tend to reimburse the negotiated amount for ransomware in full. Although only 15 to 20% of companies in Belgium take out insurance because it is expensive, many CEOs still believe that cybercriminals will leave them alone.

Guest author: Geert Baudewijns is an advisor in the field of cybersecurity. He founded the company Secutec. At Cybersec Europe 2024 (May 29 & 30), he will deliver a keynote on negotiating with cybercriminals.

Source: FDmagazine

Gerelateerde artikelen