Should I Pay the Ransom? How to Negotiate with Attackers?

Should I Pay the Ransom How to Negotiate with Attackers

Should I pay the ransom? In the age of cyber warfare, the question is too frequent to ask; however, it depends upon circumstances. If there is no way out, you might need to negotiate with attackers. After negotiating the ransom amount, you can pay that amount in return for your data to ransom.

In cybersecurity, the FBI and other law enforcement agencies insist not to pay a single penny against ransom demands. The reason is that there is still no assurance of gaining access to your data or system. Moreover, you are paying criminal groups and bound to be focused later. Indeed, the CyberEdge Group uncovered that only 19% of ransom-paying victims get their records back.

But then again, corporations are brought to their knees and compelled to spend millions after negotiating with cybercriminals. Along these lines, here we will answer you whether you should pay the ransom or not and, if you should, how to deal with attackers.


Containing an event or a threat is the initial step, but gathering information and evidence to seek after legal action follows immediately afterward. Digital Forensics Services of LIFARS specialize in getting to the bottom of each case with profound science and industry experience.


In a research report by Forrester, it was contended that paying ransom must be assessed like other business decisions. That’s why before you decide to pay ransom to ransomware attackers, consider the outlined points:

1. Analyze the Extent of Damage

Most attackers exploit encrypting ransomware variants that lock files and deploy ransom notes—this note details what the owner should do to gain its data back. E.g., the WannaCry ransomware, one of the most significant attacks in malware history, exploited a weakness in Windows OS to lock files. Accessing files was only possible with a decryption tool or key.

Primarily, this kind of malware is disseminated using suspicious phishing emails and links, but some can also spread across systems to taint your entire group. Considering that, before you decide if you should pay the ransom or not, analyze the extent of the damage.

2. Containment of the Malware

After analyzing the extent of damage, your first venture should be related to the containment of the malware. Anyone who faced the symptoms of a data breach must be disconnected from the network to avoid the malware spread. Meanwhile, check your server files and disconnect network drivers. In conclusion, ensure that your network security monitoring frameworks are up-to-date.

3. Put a Ransomware Decryption Tool In-line

In this regard, “the no more ransom project” was brought to the spotlight by security professionals and law enforcement agencies. This effort hosts a free diagnostic online tool for the victims of ransom. Just upload the encrypted file to the venture’s Crypto Sheriff and download a decryption tool/solution. Otherwise, you can also do a little detective work. For that reason, paste the ransom note text into Google, check what comes up, and follow ransomware removal guides.

4. Check Your Backups

If you have a backup for your data, you can conveniently recover your files without using any decryption tool. Nevertheless, your backups can also get encrypted, so you must check and analyze them first. If everything looks great, remove any infected devices, and re-install their operating systems before lifting the backed-up data.

5. Negotiate Ransom – If You Cannot Avoid it

If you have no backup and attackers have successfully entered your computer and taken away your essential files, paying ransom remains the only option. Still, you need to offer attackers the lowest amount in return for your files. Though there is no assurance that your proposition will get accepted, experts suggest that there is still a possibility. In addition, it is possible that paying the ransom could be illegal due to OFAC Guidance for ransomware payments.

For example, a hospital could bring a ransom down from 3.6 million dollars to 17,000 dollars. Besides, professionals have found that the demands and deadlines given by the attackers are flexible. So, don’t panic and decide wisely.

But the question is how to negotiate with attackers? Negotiating with attackers is a crucial part of this whole proceeding. However, here are some of the points that should be kept in mind while dealing with ransomware negotiators:

  • Arrange the destruction of ex-filtrated data.
  • Take measures for post-attack remediation.
  • Get maximum time as you can and utilize it to consult experts who can recover your data and clean your network from malware.
  • Offer the minimum amount to the ransomware attackers.

It is important to note, that negotiating with attackers should be done preferably by a trained professional. Years of experience and training in psychological aspects of negotiations are crucial in successful discussions with adversaries.


Our experts can assist with the negotiation process for ransomware attacks. In some cases, we can help reduce the ransom value in order to recover critical files or trace the source to the individual or group behind the attack.



Cybercriminals are more active than before, and their attacks are more aggressive than ever. In some cases, paying ransom comes up as the only option. But before paying the ransom, comply with the steps mentioned above since they might save your money.




How is it to negotiate with ransom gangs?

Deal with ransomware negotiations

Only few ransom-paying victims get their files back.

Should you pay ransom?