Hi, I'll be your ransomware negotiator today – but don't tell the crooks that

2022-08-06 08:19

The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator - at least not to LockBit or another cybercrime gang.

Instead, these negotiators portray themselves as simply company representatives, said Drew Schmitt, a professional ransomware negotiator and principal threat analyst at cybersecurity firm GuidePoint Security.

"The biggest reason is because most ransomware groups specifically and explicitly say: 'We don't want to work with a negotiator. If you do bring a negotiator to the table, we're just going to post your stuff anyway,'" Schmitt told The Register.

As ransomware and pure extortion become solid sources of income for miscreants, there's naturally been a rise in demand for things like cyber-insurance and ransomware negotiators, who act as intermediaries between the ransomware gang and the victim.

Schmitt started working in incident response and threat intelligence about six years ago, and said he "Fell into" ransomware negotiations in 2019.

As ransomware infections became more prevalent, Schmitt started moving up the IR ladder and playing various roles in the investigation and response process.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/06/interview_ransomware_negotiator/

#ransomware