Don’t Respond to Ransomware Attackers With AI, Experts Say
It is important to handle ransomware attacks with caution and avoid using AI to respond. Experts suggest responding as a human to such situations. Relying on AI in these scenarios may not be the most effective approach. It is best to prioritize human intervention in dealing with cyber threats like ransomware. Taking the appropriate measures and seeking expert advice can help mitigate the impact of such attacks.
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. When in a stressful situation, your brain can feel scrambled, making it hard to think clearly about the next move. Turning to an artificial intelligence chatbot like ChatGPT for help might be tempting. But if ransomware attackers threaten you, that may not be a good idea.
Challenges of Using AI in Ransomware Negotiation
“Typically, AI is not sensitive enough to pick up on human emotion or provide the necessary nuance required to connect with threat actors and diffuse the situation, and this is where it can escalate,” Moty Cristal, from ransomware negotiator and incident response firm Sygnia, told TechRepublic. Notorious ransomware groups like BlackBasta and Medusa have complex tactics that may not be effectively countered by AI tools.
Importance of Maintaining the Right Tone
Maintaining the right tone with attackers throughout ransomware negotiation is crucial. It is not uncommon for them to leave backdoors in malware that let them retaliate with additional encryption, or even by wiping all data, especially if they sense a lack of respect or that they’re being strung along. Therefore, negotiators try to remain “approachable,” Cristal said.
An AI could encourage victims to break the golden rules of not using “negative language” or telling the threat actor outright that they won’t pay the ransom. Attackers “can be extremely polite, even friendly to begin with,” Sygnia’s Vice President of Corporate Development Guy Segal told TechRepublic. But they may get more “aggressive and threatening” if they don’t get what they want quickly — which would be the case if all hope of payment was extinguished. “Defensive behaviour will create a more hostile atmosphere,” Cristal added.
Effective Negotiation in Ransomware Situations
Falling victim to ransomware does not mean game over, and good negotiation can limit the damage. Maintaining the right tone is not only important to prevent the attacker from inflicting further damage but also to gather crucial information. Negotiators may be able to steer the conversation to learn what data the cyber criminals are holding, how they breached the system, and the likelihood that they may return or publish their data.
“Every threat actor has their motives and life experiences that make them who they are — conversing is important to understand how we approach the situation,” Cristal explained. “Do they have enough data to damage the company? Could they cause real-world damage, particularly for critical infrastructure clients, or impact people’s lives? The threat actor may well be happy with a smaller ransom payment than their initial request because they just need the money.”
Learn the best ways to prevent ransomware so you never have to worry about striking the right tone with a cybercriminal.