Buy or Renew

Threat Vector | Inside Ransomware Negotiations: Trust Criminals or Walk Away?

Threat Vector Template (1).jpg

What happens when you're face-to-face with a ransomware gang demanding millions—and every decision could determine whether your company survives?

Jeremy D. Brown, Consulting Director at Palo Alto Networks Unit 42 with nearly seven years negotiating with cyber criminals, reveals the hidden world of ransomware negotiations. With hundreds of negotiations under his belt, Jeremy knows which groups honor their promises, which ones to never pay, and exactly what mistakes can cost you everything.

You'll learn:

Why contacting a threat actor doesn't mean you have to pay (the #1 misconception that paralyzes victims)
How to extract critical forensic intelligence from attackers during initial contact
The fatal mistakes organizations make that destroy their negotiation leverage
Which ransomware groups are sanctioned entities that will land you in legal trouble if you pay
Why being polite to criminals actually gets you better outcomes than hostility

Jeremy has negotiated with everyone from aggressive groups who email your executives to methodical operators following strict playbooks. He's seen organizations with backups walk away and others pay millions for decryption keys. Managing over 100 incidents, Jeremy has tracked how double extortion evolved from rare to standard practice, and now watches single extortion (data theft without encryption) surge again.

This episode is essential for CISOs who need a negotiation plan before the crisis hits, incident responders building their skillset, and executives who must understand that ransomware response is about far more than just paying or not paying.

Related Episodes:

Join the conversation on our social media channels: