The Gately Report: GuidePoint Security On Do's, Don'ts of Ransomware Negotiation
Avertium was partially successful in using ChatGPT to write a ransomware encryptor.
Already have an account?
Ransomware negotiation is a tricky job as ransomware gangs continuously shift their tactics to get as much money as quickly as possible from victims.
Mark Lance, GuidePoint Security‘s vice president of digital forensics and incident response (DIFR) and threat intelligence, specializes in ransomware negotiation. We caught up with him at last week’s RSAC 2023.
A new GuidePoint Security report based on publicly available resources shows a 25% increase in ransomware victims in the first quarter from the fourth quarter, and a 27% increase compared to the first quarter of last year. The report tracked 849 total publicly posted ransomware victims claimed by 29 different threat groups in the first quarter.
Manufacturing, technology, education, banking and finance, and health care organizations continue to represent the majority of publicly posted ransomware victims. LockBit remains the most prolific ransomware threat group, but the widespread exploitation of a file-sharing application vulnerability has brought Clop into a leading position.
Ins and Outs of Ransomware Negotiation
We spoke with Lance about the ins and outs of ransomware negotiation amid this increase in attacks.
Channel Futures: Have ransomware gangs been changing their tactics amid the Ukraine crisis?
Guidepoint Security’s Mark Lance
Mark Lance: If you look at the evolution of the threat, initially it started out very largely about the encryption and operational impacts. Then a couple of years ago, we saw them start doing the double extortion method where they’re stealing information from the environment prior to performing the encryption and even if you’re able to recover, they’re still going to try to get payment through the extortion of the data that they stole by saying that they won’t release the information if you pay them. With the Russia-Ukraine incident, I wouldn’t say it has changed the methods that we’ve seen. I think we’ve seen some unique impact where the methods they’re using right now are working, they’re effective and they’re making a ton of money.
See our slideshow above for the rest of our Q&A with GuidePoint Security and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author
You May Also Like