Okay, so, your companys been hit. Bad. Ransomware. Thats like, the digital equivalent of a hostage situation, and honestly? managed services new york city It sucks. Nobody wants to be in this spot, believe me.
Now, the first thing everyone will tell you is: Dont pay! And yeah, in a perfect world, thats the golden rule. You have amazing backups, you can restore everything, and tell the hackers to get lost. managed it security services provider Wonderful! But life, uh, finds a way, right? (Jurassic Park reference, couldnt resist). managed it security services provider Sometimes those backups are corrupted, or incomplete, or, frankly, just take too damn long to restore. Time is money, as they say, and every minute your business is down is costing you a fortune.
So, what do you do then? Well, if you have to negotiate, and I stress have to, you gotta go in prepared. This isnt like haggling at a flea market! managed service new york Youre dealing with criminals, probably not the most ethical bunch, to put it mildly.
First, dont panic. check Easier said than done, I know, but freaking out isnt gonna help. Get your incident response team together, if you have one. If not, find some experts. Seriously. This is not the time to try and DIY your way out of it. Law enforcement (FBI, etc.) should be notified, even if you don't plan to cooperate.
Then, start gathering information.
When you do start communicating (usually through some weird dark web portal), keep it professional. managed services new york city Dont reveal too much about your companys financial situation. Theyll use that against you! Try to stall for time. check Say you need to consult with your board, or your insurance company. The longer you can delay, the more time you have to explore other options, like finding a decryption key online (it happens!).
And for the love of all that is holy, negotiate the price down! They almost always inflate the initial demand. Be firm, be polite (as much as you can be under the circumstances), and see how low you can get them.
Finally, and this is important, even if you pay, theres no guarantee theyll actually give you the decryption key. These are criminals, remember? check Theres also no guarantee they havent already exfiltrated your data and will sell it on the dark web anyway. So, even after paying, you still need to do a thorough security assessment and lock down any vulnerabilities that allowed them to get in in the first place.
Negotiating with ransomware attackers is a terrible situation to be in, but sometimes its a necessary evil. Just remember to be prepared, be cautious, and get professional help! managed service new york Its a nightmare, I tell ya!