The Gately Report: GuidePoint Security On Do's, Don'ts of Ransomware Negotiation

Avertium was partially successful in using ChatGPT to write a ransomware encryptor.

Edward Gately, Senior News Editor

May 1, 2023

10 Slides
Ransomware Despair, ransomware negotiation
Shutterstock

Ransomware negotiation is a tricky job as ransomware gangs continuously shift their tactics to get as much money as quickly as possible from victims.

The-Gately-Report-logo-300x200.jpgMark Lance, GuidePoint Security‘s vice president of digital forensics and incident response (DIFR) and threat intelligence, specializes in ransomware negotiation. We caught up with him at last week’s RSAC 2023.

A new GuidePoint Security report based on publicly available resources shows a  25% increase in ransomware victims in the first quarter from the fourth quarter, and a 27% increase compared to the first quarter of last year. The report tracked 849 total publicly posted ransomware victims claimed by 29 different threat groups in the first quarter.

Manufacturing, technology, education, banking and finance, and health care organizations continue to represent the majority of publicly posted ransomware victims. LockBit remains the most prolific ransomware threat group, but the widespread exploitation of a file-sharing application vulnerability has brought Clop into a leading position.

Ins and Outs of Ransomware Negotiation

We spoke with Lance about the ins and outs of ransomware negotiation amid this increase in attacks.

Channel Futures: Have ransomware gangs been changing their tactics amid the Ukraine crisis?

Lance-Mark_Guidepoint-Security.jpg

Guidepoint Security’s Mark Lance

Mark Lance: If you look at the evolution of the threat, initially it started out very largely about the encryption and operational impacts. Then a couple of years ago, we saw them start doing the double extortion method where they’re stealing information from the environment prior to performing the encryption and even if you’re able to recover, they’re still going to try to get payment through the extortion of the data that they stole by saying that they won’t release the information if you pay them. With the Russia-Ukraine incident, I wouldn’t say it has changed the methods that we’ve seen. I think we’ve seen some unique impact where the methods they’re using right now are working, they’re effective and they’re making a ton of money.

See our slideshow above for the rest of our Q&A with GuidePoint Security and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIsChannel Research

About the Author

Edward Gately

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

See more from Edward Gately
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Mar 24 - Mar 27, 2025
The Channel Partners Conference & Expo, co-located with MSP Summit, is the gathering place for the technology services community. Agents, VARs, MSPs, integrators and service providers will converge to share ideas and drive discussion on the topics shaping our industry.
REGISTER NOW