7 Insights From a Ransomware Negotiator

January 26, 2023 – Published on Dark Reading

Analysis of ransomware trends in 2022 shows that business was booming last year for extortionary cybercriminals, with the highest volume of ransomware attacks lobbed by sophisticated criminals that organize into groups that utilize very consistent tactics, techniques, and procedures (TTPs) amongst themselves, even if these organizations “retire” and then come back, rebranded.

A Jan. 26 report from the GuidePoint Research and Intelligence Team (GRIT) showed that while at least one new ransomware group emerged every month last year, the majority of attacks were perpetrated by a relatively small group of entrenched players.

“The thing that we really wanted to emphasize was that ransomware is not going anywhere,” says Drew Schmitt, GRIT lead analyst and an experienced ransomware negotiator for GuidePoint Security. “It’s very present. A lot of people seem to think that ransomware is potentially declining, because of things like Bitcoin payments are becoming less valuable. But ransomware is still happening at crazy rates.”

As a negotiator, Schmitt works with actively attacked companies to act on their behalf and interface with the extortionist. There are two goals: to either gain enough information and time to help their security operations centers (SOCs) recover, or to negotiate a lower payment.

Using his inside knowledge about how attackers operate, and the data freely available about victimology last year, he and his team were able to put together a number of insights for the report. Dark Reading caught up with Schmitt to not only dig into details the report, but also to glean observations from his ongoing work as a negotiator. He provided seven key points that defenders should keep in mind as they prepare for more ransomware campaigns in 2023.

Read More HERE.