Resources

Big Game Hunting, the targeted large-scale ransomware campaign, is now regarded as the primary cyber threat to organizations across all sectors including financial, healthcare, and government in 2021. Leaking stolen data in an effort to pressure victims into paying is part of a broader trend across the BGH ecosystem. In the recent headlines, the ransomware operators go beyond the traditional dominance of Windows operating systems and now target VMware ESXi hypervisor. In this Ransomware Battleground, let’s look at how SPRITE SPIDER(Defray777 Ransomware) and CARBON SPIDER (Parkside Ransomware) operate in volume tactics. How do Cybercrime actors now back to use Linux variants of ransomware configured specifically to affect ESXi hosts?

In this talk, we will cover:
- What are Big Game Hunting tactics? And what did ransomware operator behavior change during Covid-19? (from POS to ESXi)
- How do you defend encrypting virtual infrastructure in your corporate network? Credential harvesting and payload ingesting?
- Why is Agentless Zero Trust Isolation and Ransomware Kill Switch the answer to stop Hypervisor "Jackpotting"?

Kurtis Minder has spent the past year negotiating six-figure ransom demands from gangs of ruthless criminals. Not for the safe return of kidnap victims, but for the release of valuable data that is being held hostage by hackers. Ransomware attacks, which see hackers lock up data or computer systems until they are paid off, have been one of the biggest cyber security headaches for the private and public sectors in the past year.

Ransomware has been one of the most devastating malware threats that organizations have faced over the past few years, and there's no sign that attackers will stop anytime soon. It’s just too profitable for them. Ransom demands have grown from tens of thousands of dollars to millions and even tens of millions because attackers have learned that many organizations are willing to pay.

Ever thought of hiring a ransomware negotiator, or becoming one yourself? On today’s episode, Kurtis Minder of GroupSense tells us what makes a good ransomware negotiator, why setting the right tone is crucial in a successful negotiation, and why, in the right situation, you can get away with referring to a ransomer as “grasshopper.”

You were hit with ransomware. You panic. You search “ransomware response” or “ransomware repair” and among the top results is a link that reads “Recover Encrypted Files - Guaranteed.” Sounds like you found the solution! None of us wants to pay the ransomware operators. If there is a legitimate solution that avoids sending tens of thousands (if not millions) of dollars via cryptocurrency to threat actors overseas, it’s worth paying for.

GroupSense CEO and Co-Founder Kurtis Minder ponders the question, "To negotiate or not negotiate on ransomware?"

Joe has a story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giving away Bitcoin again taking advantage of the US election, The Catch of the Day is from a listener named John about an email-based vishing attack, and later in the show, later in the show, we welcome back Kurtis Minder of GroupSense on the burgeoning ransomware negotiation industry. 

For every high-profile ransomware incident in the headlines, there are many more that never get reported. Particularly among small- and medium-sized businesses, often with small IT and cybersecurity teams, a ransomware attack can be an existential problem.

Kurtis Minder, CEO of GroupSense, joins Dennis Fisher to discuss the delicate process of ransomware negotiations and how enterprises are dealing with infections today.

It's not very clear what room for maneuvering is left for incident response companies to assist their clients with ransomware attacks and whether providing information about the attackers, engaging with them to test whether they're able to actually decrypt files or to negotiate a lower ransom would qualify as "facilitating" a transaction under the OFAC regulations. "Frankly, that puts us in an interesting situation with a client, where we say: 'Hey, we are not able to facilitate payments. Can we still negotiate on your behalf? Absolutely. And we can validate all the keys and do all of those things to get you to the point where you can do a transaction but we cannot do a transaction'," Kurtis Minder, CEO of threat intelligence firm GroupSense, tells CSO.