Ruthenium IT

They’ve Got Your Files. Now What? How To Calmly Deal with Ransomware Attacks

You open your laptop on a Monday morning. Instead of your usual dashboard, you’re greeted with a chilling message:

“Your files have been encrypted. Pay $500,000 in Bitcoin within 72 hours or they will be deleted.”

Panic kicks in. Your heart pounds. Your business operations are frozen. The digital equivalent of a hostage situation is unfolding—and you’re the negotiator.

This is ransomware. And the worst mistake you can make is to act like a victim. So how do you reclaim control? You channel Chris Voss.

1. Don’t React. Respond.

“When the pressure is on, you don’t rise to the occasion—you fall to your highest level of preparation.” – Chris Voss

The moment you discover ransomware, your instinct will scream: Act fast! Pay up! Call everyone!

Instead, do what a seasoned negotiator does: pause.

• Isolate the infection. Pull affected systems offline immediately.
• Call in professionals. Your internal IT team, a cyber incident response expert, and law enforcement.
• Secure backups. Verify what’s intact and uninfected—your best negotiating leverage may lie in a recent, uncompromised backup.

Remember: desperation is visible. Hackers can sense fear. The calm, methodical response sets the tone.

2. Label the Situation

“Labeling is a way of validating someone’s emotion by acknowledging it.” – Chris Voss

This might sound odd in the digital battlefield—but yes, even with cybercriminals, labeling works. If communication begins (via email, a dark web chat link, or a ransom note), your first step is to emotionally defuse the conversation:

• “It seems like you’ve done this before.”
• “It sounds like you’re looking to be taken seriously.”
• “It feels like you want assurance we’re not wasting your time.”

This technique does two things:

1. It buys time.
2. It gets the adversary talking.

The more they say, the more leverage you get. Silence is power. Information is currency.

3. Use Tactical Empathy

Hackers aren’t just faceless evil-doers—they’re often organized, transactional, and looking to “close the deal.” Your job? Understand their worldview without agreeing with it.

Tactical empathy means showing you’re listening—not yielding. Ask questions like:

• “What happens after payment?”
• “How do we know you’ll send the decryption key?”
• “Has anyone successfully restored their data with you before?”

This encourages the attacker to prove their “credibility” (as twisted as that sounds), which can lead to clues, reduced demands, or even vulnerabilities in their operation.

4. Don’t Split the Difference

“Compromise is often a bad deal.” – Chris Voss

Negotiators don’t aim to meet halfway. They aim for the outcome that aligns with their interests.

If you have reliable backups and containment: don’t pay.
Paying can encourage future attacks, fund crime networks, and still leave you with broken systems.

But if no backups exist and your business is on the brink, negotiate ruthlessly.

• Offer a fraction of the demand.
• Ask for a proof-of-life file decryption.
• Use time against them—delays can lead to pressure on their end, or cybersecurity assistance becoming more viable on yours.

5. Always Have a “No-Deal” Option

In Voss’s world, that’s your BATNA: Best Alternative To a Negotiated Agreement. In ransomware, your BATNA is preparation.

• Regular offline and immutable backups.
• Endpoint protection and threat detection.
• Ransomware simulations and incident response planning.

The best negotiators always have an exit route.

You’re Not Powerless

When ransomware strikes, it’s not just your systems under siege—it’s your sense of control. But if there’s one thing Chris Voss teaches us, it’s that the person who listens better, stays calmer, and communicates smarter wins more often than not.

You don’t have to pay. You don’t have to panic. You have options. You have tools. You can negotiate.

Because in the end, it’s not just about recovering files—it’s about regaining control.