Moving beyond encryption is a huge part of what GroupSense ransomware negotiators do during a ransomware incident. A successful negotiation has many complex elements. The trickiest part of ransomware incidents is usually threat actor engagement.
GroupSense Director of Intelligence Operations Bryce Webster-Jacobsen and Senior Intelligence Analyst Sean Jones presented at this year's SANS Ransomware Summit. During their session, "Beyond Encryption: Exploring the Tactics Ransomware Operators use During Negotiations and their Impact," Bryce and Sean explore the specifics of what makes threat actor engagement so complex.
Threat actors use psychological tactics to create fear, uncertainty, and doubt that make victims less confident. Paired with other tactics that play on the ethos of victims, inexperienced negotiators can easily be pulled into the threat actor's trap. During the SANS Ransomware Summit, there were several other enlightening sessions that offered valuable insights into the world of ransomware.
These visual notes provide a unique perspective on the session, offering an overview of the summit's sessions. Other session topics included ransomware after RaaS, analysis of legitimate tools abused by threat actors, and newly observed ransomware tactics. Check out the visual notes created by artist Ashton Rodenhiser from our session below to learn more.