Infosec 2025: How Ransomware Victims Can Fight Back
▼ Summary
– Engaging ransomware actors in communication can lead to better outcomes, including mitigations and preventing escalation, despite only 30% of negotiations resulting in payment.
– Interaction with threat actors helps gather intelligence, understand root causes, and buy time for forensic investigations and crisis communication planning.
– Organizations must ensure strong operational security during negotiations to avoid revealing their response strategies to monitoring threat actors.
– Proactive preparation, including cross-organizational collaboration and incident response exercises, is crucial to reducing ransomware impact.
– Understanding asset management, data storage, and protection is essential for assessing risk exposure and breach notification requirements post-attack.
Opening communication channels with ransomware attackers may seem counterintuitive, but it often leads to better outcomes during what becomes the most challenging crisis for IT teams. According to cybersecurity expert Dan Saunders from Kivu Consulting, only 30% of recent negotiations between victims and threat actors resulted in actual payments.
Contrary to popular belief, engaging with cybercriminals doesn’t automatically mean giving in to their demands. Instead, it allows organizations to regain control, implement protective measures, and prevent further escalation. Some attackers resort to extreme tactics like “swatting”, falsely reporting emergencies to law enforcement, to pressure victims. By initiating dialogue, companies can gather critical intelligence about the breach while buying time for forensic investigations and crisis management preparations.
Preparation is key when dealing with potential data leaks. Organizations must anticipate media scrutiny and public backlash if their names appear on ransomware leak sites. Having pre-approved communication strategies ensures they can respond swiftly to inquiries from journalists and security researchers. However, Saunders warns that operational security remains crucial—attackers often monitor internal responses, so establishing secure, out-of-band communication methods prevents tipping them off too soon.
A proactive defense strategy requires cross-departmental collaboration. While IT teams typically lead ransomware response efforts, involving executives and legal teams early ensures alignment on policies and decision-making. Conducting simulated cyber extortion drills helps leadership understand their roles during an actual incident.
Understanding data architecture minimizes post-attack risks. Many organizations struggle with outdated systems housing unnecessary sensitive information. Conducting regular audits to identify critical assets, data storage locations, and classification levels helps assess potential damage if data is exposed.
Recent high-profile ransomware attacks highlight the urgency of these measures. Major brands across retail and fashion sectors, including Marks & Spencer, Dior, and The North Face, have faced disruptions, proving that no industry is immune. Strengthening defenses before an attack, and knowing how to respond when one occurs, can significantly reduce operational and reputational harm.
The takeaway? Preparation, communication, and collaboration form the foundation of an effective ransomware response. Organizations that invest in these areas stand a far better chance of mitigating damage when cybercriminals strike.
(Source: Infosecurity Magazine)
