Resources

The Art of Ransomware Negotiation

Written by External Author | Sep 7, 2021 1:30:00 PM

Kurtis Minder shielded his laptop screen from prying eyes in the airline seats around him.

It was late June, and the CEO and founder of GroupSense—which bills itself as a cyber reconnaissance company—was in the delicate and dangerous final stages of negotiating a ransomware deal with cybercriminals who were demanding the lofty sum of $6 million to return a corporate client’s network and data to normalcy.

This was a tough one, recalls Minder, 44, who brokers two or three ransomware agreements every day. Unlike most attacks, the hackers in this case made off with the privately held firm’s financial records, so they knew how much it was worth. They’d also discovered the company’s cyber insurance policy, which indicated it had the wherewithal to pay. In short, the hackers had the upper hand.

“Most times, ransomware negotiation is a bit of a tennis match where you go back and forth on numbers,” Minder says. “This time, they weren’t willing to do that. They were digging in their heels.”

With U.S. ransomware attacks skyrocketing more than 300% and known payouts leaping 341% to $412 million last year, compared to 2019, negotiators like Minder are becoming vital lifelines for thousands of corporate and government agency victims around the world. However, their services can draw controversy.

The FBI and Department of Homeland Security, which investigate ransomware attacks, advise organizations not to pay ransom. Paying, they point out, does not guarantee you will get your data back. It also encourages—and subsidizes—the work of ransomware gangs.

That said, there are times when organizations—particularly those in the infrastructure and healthcare industries—are literally facing life and death decisions over getting their systems back online as quickly as possible. That’s where professionals like Minder come in.

Like any good negotiator, Minder applies a mix of candor, cunning, and charm to end his clients’ crises. During the recent negotiation, Minder told the hackers his client was willing to pay—but not if the amount led it to bankruptcy. Minder and his clients remained patient and steadfast in that stance, even as the hackers turned up the heat by enlisting a call center to tell staff and partners the company was not acting in their best interests by refusing to meet their price.

Read More...