If you’ve ever seen an action movie, you’re probably familiar with the phrase, “we don’t negotiate with terrorists.”
Let’s unpack that phrase a little bit.
According to action lore, the US government has a strict policy not to give in to the demands of bad actors, regardless of the threats made against the state or its people. To illustrate this, we’re going to focus on Michael Bay’s 1996 action flick The Rock. In this film, Ed Harris’ disgruntled Brigadier General Francis Hummel goes rogue, takes over Alcatraz and threatens to levy a deadly gas attack on the city of San Francisco if he doesn’t receive 100 million dollars. If you haven’t seen The Rock, feel free to picture Air Force One, Tropic Thunder, Austin Powers, Olympus Has Fallen, Die Hard, James Bond: The World is Not Enough, Get Smart, The Dark Knight Rises, or basically every action movie ever made for reference.
In The Rock, the folks in the situation room immediately get started working on two plans. The first: to sneak a chemical weapons expert (Nicholas Cage’s Dr. Stanley Goodspeed) into Alcatraz to neutralize the gas. The second: ready a high-heat thermite air attack on the island in case the first plan fails. One thing they distinctly do not get to work on? Acquiring 100 million dollars to pay off General Hummel.
On its face, this may seem like a strange decision. After all, what is 100 million dollars to the US government in exchange for the lives of the entire population of the Bay Area? But the issue is tremendously more complex than it may seem.
Michael Bay movies are for popcorn and fun, but the ransomware issue is a serious one that affects millions. The lessons learned from unpacking the fiction of The Rock can teach us a lot about how we deal with the very real problem of ransomware attackers in the world of cybersecurity.
Ransomware
Let’s put a pin in the Bay-hem conversation for a moment and talk about ransomware. Ransomware is one of the most common ways attackers monetize their hacking skills. It generally goes like this: an attacker gains a foothold in an organization’s system and escalates their privileges until they find their way into the part of an application which holds valuable information. In cybersecurity, we call this the “crown jewels.”
The crown jewels could be anything from medical information to credit card numbers to valuable IP. Depending on the industry, it’s anything that the organization can’t function without, or that its users trust will remain private.
Once the attacker has gained access to this data, they use malware to encrypt the data so that the organization can not access it. They then issue a ransom demand: pay us this amount in exchange for the decryption keys and you can have your data back. This number will be very carefully calculated to the organization in question. Too little and it wasn’t worth the attacker’s time. Too much and the company won’t be able to pay. Remember: the attacker’s only goal is to get paid.
By the way, we may think that ransomware is a creation of the 2020’s, but holding data hostage dates back to 1989 when the ransom demand was $189 USD. Fast forward to 2024 when the average ransom paid is $2.7M USD. And those losses don’t come close to the whole picture. Companies attacked with ransomware experience an average of 24 days of system downtime, which can cost millions more in lost business.
What Happens When We Do Negotiate with Terrorists?
Now, back to the Michael Bay of it all. The salient question is, why not just pay the money and make the problem go away? 100 million dollars isn’t all that much in the scheme of things and allowing the attack to happen would cost way more in lives lost than that. But to answer this question, we need to game it out. What happens if the government pays General Hummel his 100 million dollars?
Sure, the movie paints him as a generally honorable man (with obvious exceptions). There’s nothing to suggest he wouldn’t call off the gas attack and escape to a non-extradition country with his millions. But what happens next?
The government would be sending a signal far and wide to every negative actor in the world with the resources to make a similar threat that the US is open for business. All you have to do is take some hostages, acquire a weapon of mass destruction and levy a credible threat, and you can earn yourself a fat payday. Not only would this cost the government more and more millions of dollars as future terrorists execute similar plans, but every time it happens, the number of lives at stake skyrockets.
When they refuse to pay General Hummel his money, they are sending the opposite message: it doesn’t matter what lengths you go to or how many people you threaten — you will never get your money, so it won’t be worth it. Remember, General Hummel and the world’s ransomware attackers have the same goal: to get paid. They (for the most part) aren’t interested in just watching the world burn. The threat they deliver is a means to an end and the effort to set it all up is only worth it if they get paid at the end.
The next General Hummel will think twice before embarking on an elaborate plan to threaten millions of lives, because it simply isn’t worth the effort if there is zero chance that they’ll get the money.
Where Modern Ransomware Philosophy Fails
As you can see from the numbers above, ransomware attacks are getting more and more prevalent every year. This is mostly due to the very issues we played out above. For most organizations, the ransomware strategy is simple. Pay the attackers the money, get your encryption key, go back to business as usual, and collect a check from your ransomware insurance provider to cover the losses.
It’s a plan that seems to make sense in the short term. But every time a company gives into the demands of a ransomware attacker, they put up a big neon sign that says if you succeed at hacking us, you will get paid. This incentivises the world’s attackers not only to go after the same organization for their own payday, but its competitors as well.
What this means over time is that the ransomware insurance industry is booming, premiums go up and up every year to account for the higher likelihood that they will have to cut a check, and the free market tells all would-be attackers that there is money to be made in the ransomware game.
And this is the world we currently live in. Ransomware attacks continue to rise because in every instance, each organization who becomes the victim of an attack makes the choice to accept the long-term consequences in exchange for a short-term reprieve. And this trend will continue until one of two things happens. Either someone must stand up and break the trend, or the community must adopt security strategies that are so next-gen that the attackers simply cannot gain a foothold in their system to begin with. And this is where Waratek comes in.
Next-Gen Solutions to Break the Cycle
Ransomware attacks often exploit unprotected entry points in enterprise applications to encrypt critical data or disrupt operations. For Java applications, these entry points usually arise from insecure deserialization, improper input validation, or unpatched vulnerabilities in third-party libraries. Waratek mitigates these risks by embedding security directly into the runtime environment, providing an impenetrable layer of protection that prevents ransomware payloads from executing.
Through declarative rules, Waratek allows organizations to enforce precise security policies that restrict malicious behaviors without relying on prior knowledge of specific vulnerabilities. For example, Waratek can prevent unauthorized file access, block the execution of untrusted processes, and ensure that sensitive APIs are only accessible under strictly validated conditions. This proactive approach minimizes the attack surface, effectively neutralizing the typical pathways ransomware uses to infiltrate Java-based systems.
Waratek’s immutable security policies further enhance protection by ensuring that once a policy is implemented, it cannot be circumvented by changes in the application codebase or exploited via configuration drift. Even if a ransomware attack attempts to modify application behaviors dynamically, Waratek’s runtime enforcement ensures the policies remain intact, stopping attackers before they can gain a foothold. Additionally, real-time monitoring and control allow security teams to respond instantly to anomalous behaviors indicative of ransomware activity, such as unusual file writes or unauthorized network calls.
By addressing ransomware threats at their root—runtime vulnerabilities—Waratek provides Java security professionals with a solution that doesn’t just detect ransomware attacks but prevents their execution altogether. This capability reduces the risk of operational downtime, data loss, and financial impact. If you want to ensure your company will no longer be the target of ransom demands, Waratek is essential to your Java application security strategy.
Get Started Today
Hopefully, you have as much fun with Hollywood action blockbusters as we do, but the subject matter of this conversation is incredibly serious. This is a plea to the entire business community to make a change in how we philosophically understand the consequences of giving in to ransom demands. When you take the easy way out in the short term, not only do you end up paying far more in the long term, but you place everyone else at a greater risk of succumbing to the same circumstances.
Every action in this arena has far-reaching ripple effects. Do not be part of the reason that the future of online business operations is perennially at risk from a booming ransomware industry. Be part of the solution. Make changes today to proactively ensure that within your sector and beyond, users, customers, employees and stakeholders can all sleep easier at night knowing no attacker is going to place their personal information or IP at risk.
To get started being part of the solution, take a tour of our platform here.
