A ransomware cyber-attack occurs when hackers steal sensitive data, hold it for hostage and threatening to publish it or block access unless a ransom is paid.
Unfortunately, these kinds of attacks are becoming more and more common, as millions of ransomware attacks are carried out each year on organisations, businesses and individuals. These attacks have cost our global economy billions in pay-outs and damages and this looks set to rise.
How do we react to ransom attacks?
So, what happens when our complex social infrastructure is compromised by one of these cyber-attacks? How is our technology and sensitive data, which we rely on so heavily on, being protected and defended?
The answer: A social engineering toolbox with incredibly innovative tools.
In response to these attacks, researchers formulated a “cyber negotiation” framework. Recently published in the Journal of Cyber Policy, it informs us on a step-by-step process for what to do before, during, and after an attack.
How do cyber negotiations work?
To understand cyber negotiations, first, we must take a quick look at a hostage negation situation. In a classic hostage situation, we have the attacker/the hostage taker, the negotiator and the hostage.
This same model has been applied to understand how to defend against cyber-attacks, as there will also be an attacker – a hostage – a negotiator, however from here on wards it gets pretty complex and almost everything changes.
In a cyber attack, the hostage will be data or a system, as opposed to a person. With cyber attacks there are added difficulties such as the ability to have/create backup copies of the digital hostage and the risk of an attack affecting entire populations, instead of a finite number of hostages, that must be taken into consideration.
On top of that we have extra complexities, the whole concept of a ‘cyber attacker’ is vague. It could be a number of things; a human, an agency, a bot controlled by a human or even a piece of computer code that has a pre-destined outcome no matter what. And what the attackers motive? Money, information, a terrorist attack, all this variable will alter how the costs, risks and benefits are viewed. The stakes are high and there is no room for error.
The formula for success
But even with all of these ambiguities, a strategy for negation has been successfully formulated. By incorporating social engineering into a cyber defence playbook, though the creation of a database detailing documented cyber-attacks, it is possible to examine the characteristics of these ransom cyber-attacks. Therefore gaining an understanding of how to correctly deal with an attack when it arises.
The best negation practices, previously used by skilled commercial negotiators such as The Gap Partnership, have been applied to defend critical urban infrastructure from cyber-attacks. Most ransomware attacks match up with what happens in other kinds of negotiations: Firstly, you size up your opponent, then you exchange communication, and ultimately you try to reach some kind of compromise. It is important not to get bogged down in installing expensive technical solutions when defensive social engineering actions that can reduce the scope and costs of cyber attacks.
In negotiation, buyers and sellers are encouraged to create a BATNA (Best Alternative To A Negotiated Agreement) which is effectively an option which provides the power to play the market.
However, even with all these procedures in place, cyber attacks are inevitable and agencies are going to experience losses. Damages will occur but the continued development of this framework over time should help to limit the future impacts of such attacks.