Confessions of a ransomware negotiator: Well, somebody's got to talk to the criminals holding data hostage

2021-09-03 10:28

"Shah's first advice is that:"A negotiator should never reveal that they are a 'trained negotiator'.

Shah sees his role as a conduit for the business to talk to the attackers, rather than a middleman, which means first he has to establish that the Storm team doesn't get involved with working out who was at fault.

Storm's technical team need time to try to disarm the ransomware and, if possible, resolve the issue without payment, Shah tells us, adding: "Negotiation is not about getting the lowest figure possible, it is mainly about getting information and time. My job is to get them time without the attackers becoming aware of the tactic."

Part of the reason for using a negotiator is that not being personally affected or blamed, Shah and his team will not sound so panicked, and will be much less vulnerable to high demands.

"Speaking about them personally, he adds:"It is important to note also that ransomware attackers are criminals - just like kidnappers.

"The obvious difference is that in a kidnap, the negotiator's primary objective is the safe release of the hostage, and in a ransomware incident, it's to protect or retrieve data. Suitably trained and experienced kidnap negotiators will have the appropriate skills in their 'tool kit' to manage ransomware attackers."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/03/how_to_be_a_ransomware/

#criminal #ransomware