DE
DE
Get in Touch

Hacker negotiations: When cybercriminals blackmail companies

Article by the Cyber Security Transfer Office, Der Mittelstand, BVMW. Interview with Axel Wochinger

Article by the Cyber Security Transfer Office, Der Mittelstand, BVMW
In an interview with Axel Wochinger

When cybercriminals take control of IT systems and demand ransom for the release of sensitive data, a race against time begins for affected companies. But what happens behind the scenes of such an attack? How does communication with criminal groups work? And who conducts these conversations?

Axel Wochinger, Managing Director of the Result Group, is one of the few experts who regularly communicates with ransomware groups – to limit the damage to companies and prevent escalation.
In an interview with the Transfer Office for Cyber Security in SMEs, he talks about the perpetrators' informal rules of play, psychological pressure, and strategic decision-making issues.

You're negotiating with ransomware groups—what exactly happens? What does a negotiation look like?

Negotiations with ransomware groups are a structured, but sometimes tense, process, usually conducted via encrypted channels such as email or dark web portals. As a negotiator, I contact the criminals, clarify which data has been encrypted or stolen and the amount demanded, and attempt to reduce the amount through tactical communication, for example, by emphasizing financial limits.
Negotiations can take days or weeks, as attackers exert pressure through deadlines or threats like data disclosure. At the same time, we work closely with the forensic experts working to restore the IT system.
Ultimately, the goal is to avoid payment. Only when this goal is unattainable do they attempt to minimize the damage. If a payment is made, it is always made in cryptocurrencies.

Further questions for the expert:

Are there „rules of the game“ when dealing with cybercriminals?

How dangerous is it to communicate with such groups?

What are the consequences of paying the ransom – and what happens if you don’t?

What advice do you give people or companies to protect themselves from ransomware attacks?


Read the full article on the website of the Transfer Office for Cyber Security in SMEs:
https://transferstelle-cybersicherheit.de/hacker-verhandlungen-wenn-cyberkriminelle-unternehmen-erpressen/

Detailed information:
Cyber crises and ransomware attacks | Immediately at your side in the event of a crisis

All News & Events
de_DE_formalDE
de_DE_formalDE