Ransomware victims can benefit from negotiation strategy concepts

Michail Georgiou focuses on negotiations with ransomware criminals. His aim is to identify patterns on the communications between the victims and the criminals. ‘I compare these strategies with contemporary negotiation theories,’ he says. ‘I want to gain a better understanding in this specific type of crisis negotiations: from the first response strategy to the decision-making process and the final outcome.’

In practice

Through personal trial and error, Michail knows what benefits scientific negotiation strategy concepts can provide. For years he himself ran a sales company acting as an intermediary for SMEs willing to sell products through the supermarket. ‘I learned a lot, and quickly, in practice,’ he says. ‘But also I learned from professors that strategic negotiations knowledge exists. And I immediately noticed: hey, it applies, I wish I had known that earlier!’

Michail admired these inspiring professors and that was the reason for him to switch to a life as a researcher. ‘Thorough preparation, relationship building and displaying expertise in the right terms applies everywhere, including in ransomware incidents,’ he says. ‘It is a fascinating challenge to explore negotiation skills in this specific field. To the best of our knowledge, that has never been done before.’

Back against the wall

One of the main insights Michail likes to share: ransomware victims do not necessarily have their backs against the wall. ‘It is true though that negotiating – be it ethical or not – is inescapable,’ he says. ‘But it is important to be aware of your specific company interests. These are different for a transport company – heavily relying on actual data – than for an e-shop possessing some sort of back-up customer data list.’

Power

Michail is not striving to an optimal solution, applicable in all situations. Such a strategy does not exist, he believes. ‘It is good to learn that as a ransomware victim, you have power as well. It is worthwhile to negotiate, building up new confidence and act wisely in strategic solutions.’

Criminals have spent a lot of time already before executing the final attack, and they want to get paid quickly. ‘Knowing this kind of background information, I am sure it is possible to pay, in some cases, 50% less or even more,’ he says. ‘And – that may sound surprising – it is wise to build rapport with the criminal organisation, to figure out: Can they really promise and act accurately that your data and systems will work again 100% safely? Are they willing to promise no new attacks will occur? And: are they likely to share knowledge with you to prevent future attacks from others?’

Resolution

Michail is convinced that, as a ransomware victim, from the beginning, one should openly work towards a resolution. And that includes negotiating with the threat actors. ‘To do so, you need to be well-informed and not act hastily,’ he says. ‘Buying time helps.’

Michail: ‘After two years of research I am still peddling forward in this fascinating field of research. I would like to become an expert in this topic with whom it is interesting to spar. In cooperating with CVD affiliated companies and organizations, I would like to sharpen my knowledge and practical skills further.’

In the future Michail likes to work as a researcher, combined with being a teacher to students and sharing his knowledge to society. ‘It may well be in the Netherlands,’ he says. ‘When applying to this university I only knew: that must be near FC Twente. Coming from Greece, I now feel very much at home. The topic of research could be relevant everywhere in the world. I am motivated to inspire my students. That is a nice measure of success, I believe.’

Would you like to tell something about your background?

I am 35 years old, have finished a BSc in Management Science and Technology of Athens University of Economics and Business, then finished my MBA in Business Administration in ALBA Graduate Business
School, and then did the Master of International Negotiations of Athens University of Economics and Business.

How far along are you in your PhD program?

I have worked almost 20 months as a PhD researcher, and I have little more than 2 years left to finish my PhD trajectory.

Which faculty are you affiliated with?

I belong in the section of Psychology of Conflict, Risk and Safety (PCRS), that belongs to the Behavioural, Management and Social Sciences (BMS) faculty of the University of Twente.

Are you working full-time on your PhD research?

I am a full-time PhD researcher.