Cybercrime Radio, host Hillarie McClure spoke with Kurtis Minder, a ransomware negotiator and CEO of GroupSense, a leading provider in Cyber Reconnaissance.
Kurtis shared the landscape of ransomware negotiation, the best practices he's found since falling into this role, how empathy is at the root of every communication he has, and more. Below is an excerpt from the conversation.
Hillarie:
A lot of these higher profile cases that we are seeing (i.e., JBS, Colonial Pipeline) are in the news for the amount of ransoms that they are paying criminals. So many industry experts are speaking out and saying companies should stop paying ransoms to discourage the bad actors and criminals - but the situation is a bit more complex. Can you share with us what companies weigh when they are determining whether to pay a ransom or what they should do.
Kurtis:
GroupSense plays a role in that decision. Often we are part of that discussion. Largely it is a business discussion and decision. I do what to comment on whether we should ban the payment of ransoms to discourage criminals. First, I think that people who say that, have not been or do not know of a victim. Second, I think that a lot of the industry and the media are reacting to this instead of responding. The fact is that we take inventory on how threat actors gain access to the victims every time and it boils down to a very short list of largely preventable things, so I'm okay with discouraging threat actors by not paying the ransom, but the way I prescribe that we should do that is fix those preventable things. I really think that's the best use of our time.
Hillarie:
Absolutely. I think that people fail to (through a lack of awareness) realize the cost of PR, law firms, and cyber insurance can exceed the ransom that's being asked. It can be far more expensive.
About Kurtis Minder:
Kurtis Minder is the CEO and co-founder of GroupSense, a leading provider in Digital Risk solutions. Kurtis built a robust cyber reconnaissance operation protecting some of the largest enterprises and government organizations. Kurtis has been the lead negotiator at GroupSense for ransomware response cases. He has successfully navigated and negotiated some of the largest ransomware, breach, and data extortion cases world-wide. With over 20 years in the information security industry, Kurtis brings a unique blend of technical, sales and executive acumen.