Sitting With a Ransomware Negotiator

Published in the August 10, 2023 Morning Cybersecurity Newsletter

What do ransomware gangs talk about in negotiations to unlock computer networks they’re holding hostage? Sometimes it’s how they’re actually the good guys, according to GuidePoint ransomware negotiator Mark Lance. “When you talk to these groups, they tell us they’re doing these extortions to help organizations,” Lance told MC at a seriously packed lounge in Mandalay Bay.

Look no farther than LockBit, the notorious Russian-speaking ransomware gang behind some of the world’s most high profile cyberattacks — including being linked to a recent data breach of Japan’s busiest export port.

Lance says during negotiations, LockBit shared a “security audit report” which came with strategic recommendations on how the company could avoid being hacked again. LockBit also points to how it’s a serious operation, with a development and engineering team, troubleshooting team — and even a help desk.

And the threat isn’t going away anytime soon. GuidePoint’s Q2 ransomware report in July discovered a 38 percent increase in ransomware victims over Q1, and a tenfold increase from the same time period last year.