How to Negotiate with Ransomware Hackers...

[Black Orchid]

A few days after Thanksgiving last year, Kurtis Minder got a message from a man whose small construction-engineering firm in upstate New York had been hacked. Minder and his security company, GroupSense, got calls and e-mails like this all the time now, many of them tinged with panic. An employee at a brewery, or a printshop, or a Web-design company would show up for work one morning and find all the computer files locked and a ransom note demanding a cryptocurrency payment to release them.

Some of the notes were aggressive (“Don’t take us for fools, we know more about you than you know about yourself”), others insouciant (“Oops, your important files are encrypted”) or faux apologetic (“WE ARE REGRET BUT ALL YOUR FILES WAS ENCRYPTED”). Some messages couched their extortion as a legitimate business transaction, as if the hackers had performed a helpful security audit: “Gentlemen! Your business is at serious risk. There is a significant hole in the security system of your company.”

For the past year, Minder, who is forty-four years old, has been managing the fraught discussions between companies and hackers as a ransomware negotiator, a role that didn’t exist only a few years ago. The half-dozen ransomware-negotiation specialists, and the insurance companies they regularly partner with, help people navigate the world of cyber extortion. But they’ve also been accused of abetting crime by facilitating payments to hackers. Still, with ransomware on the rise, they have no lack of clients. Minder, who is mild and unpretentious, and whose conversation is punctuated by self-deprecating laughter, has become an accidental expert. “While I’ve been talking to you, I’ve already gotten two calls,” he told me when we video-chatted in March.

His story at the link ... https://www.newyorker.com/magazine/2021 ... urce=digg

[Texan]

If you run a business that depends on your computers, cloud based back up is a necessity. My work provides my computer, complete with antivirus, antimalware, anti-everything. It's much more simple this way. If it breaks, our tech support group signs in on a remote connection and fixes it.

I have limits on the types of sites I can visit on this computer, but I have other ways to get to gun websites, etc....

[sprintcyclist]

I thought that American company erred in paying a ransom to get their pipeline flowing again.

[Jovial Monk]

Some people pay the ransom to find their data remains encrypted. Crims don’t care.

Backup REGULARLY! Backup to an external drive, backup to the cloud, do both.

The real PA got hacked (well, the server it is on was hacked) by a well–known Turkish hacker. Only had to replace one file, the actual data was not touched. Was a warning tho!