When ransomware strikes, negotiation becomes one of the most emotionally charged and strategically complex stages. Kurtis emphasizes that the decision to even engage with attackers is pivotal. Simply responding to a ransom note puts you “on the radar,” signaling that you are paying attention, and potentially willing to pay.
Negotiations typically last around two weeks. During that time, businesses may be partially crippled, losing revenue, operational capability, and trust. Large enterprises often have disaster recovery resources to restore some functions, but even then, the costs can reach millions.
Kurtis notes that professional negotiators do not start with aggressive lowball offers. Instead, they work to understand how attackers justified the demand, while continuously signaling intent to transact. The goal is to reduce the ransom while keeping attackers cooperative. It is a careful balance of leverage, empathy, and strategic communication.
The ethical dilemma is unavoidable. Paying ransom fuels the criminal economy. But refusing to pay may mean bankruptcy, massive layoffs, or even loss of life in cases involving hospitals. Kurtis describes a case involving a breast cancer charity where attackers reduced the demand to $5,000 claiming that was simply their “cost of goods.” That moment reveals the chilling truth: ransomware groups see victims as transactions.
Kurtis argues that banning ransom payments outright may backfire, pushing payments underground. Instead, governments and industries should invest in prevention and recovery support, especially for small and mid-sized businesses that live below the “cyber poverty line.”
Ultimately, ransomware negotiation is not just about money. It is about time, survival, reputation, and values.
