Hi, I’ll be your ransomware negotiator today – but don’t tell the crooks that

Interview The first rule of being a ransomware negotiator is that you don’t admit you’re a ransomware negotiator — at least not to LockBit or another cybercrime gang. 

Instead, these negotiators portray themselves as simply company representatives, said Drew Schmitt, a professional ransomware negotiator and principal threat analyst at cybersecurity firm GuidePoint Security.

“The biggest reason is because most ransomware groups specifically and explicitly say: ‘We don’t want to work with a negotiator. If you do bring a negotiator to the table, we’re just going to post your stuff anyway,’” Schmitt told The Register. Hence the need to masquerade as a regular employee.

Ransomware is, of course, malware that once on a network scrambles all the valuable files it can find, and demands a payment to decrypt and restore the information. Lately, gangs also steal copies of the data prior to encrypting it so that they can leak or sell it if the demand isn’t paid. Sometimes they just siphon the files and don’t bother to encrypt them. Sometimes the crooks use the purloined files to harass or exploit a victim’s customers or users. There’s all manner of things extortionists can do and demand once they are on your computers and have your data.

Schmitt said he negotiates one or two ransoms a month, and victim organizations range from very small businesses to major enterprises, spanning all industries. Manufacturing, technology, construction, government, and healthcare were the hardest hit in the second quarter of this year, according to research done

Read more

Explore the site

More from the blog

Latest News