Kowatek Solar LTD
Researchers create a digital twin to run DAWN, Synhelion’s solar fuels plant
17:12
Researchers create a digital twin to run DAWN, Synhelion’s solar fuels plant
PECO reopens solar RFP process to expand renewable energy in Pa.
14:09
PECO reopens solar RFP process to expand renewable energy in Pa.
Metal roof veterans S-5! debut a clamp for solar carports
04:03
Metal roof veterans S-5! debut a clamp for solar carports
Neighbourhood Battery Powers Up In Canberra
07:34
Neighbourhood Battery Powers Up In Canberra
IDTechEx Explores CCUS Innovations for Carbon Capture Technologies
04:20
IDTechEx Explores CCUS Innovations for Carbon Capture Technologies
NDC 3.0 and the Race to Meet the Goal of Tripling Renewables by 2030
03:40
NDC 3.0 and the Race to Meet the Goal of Tripling Renewables by 2030
CISO’s Expert Guide To AI Supply Chain Attacks – Kowatek Solar LTD
21:44
CISO’s Expert Guide To AI Supply Chain Attacks – Kowatek Solar LTD
Emmvee launches IPO and ACME, Reliance secure FDRE tender- PV Tech
08:01
Emmvee launches IPO and ACME, Reliance secure FDRE tender- PV Tech
CISO’s Expert Guide To AI Supply Chain Attacks
14:26
CISO’s Expert Guide To AI Supply Chain Attacks
Microfinance for Climate Action – CPI – Kowatek Solar LTD
21:43
Microfinance for Climate Action – CPI – Kowatek Solar LTD

The Role of the Ransomware Negotiator

ransomware negotiator

Get exclusive insights from real ransomware negotiators who share real stories about network hostages and how to deal with them.

ransomware industry

Ransomware is an industry. As such, organizations have their own business logic of paying in cryptocurrencies to regain control of their systems and data.

The landscape of this industry consists of about 10-20 core actors who originally developed ransomware malware. To distribute malware, they work with affiliates and distributors who utilize extensive information. phishing attack Compromise an organization. About 70% of the profits go to affiliates and 10% to 30% to these developers. The use of phishing makes online-based industries such as gaming, finance, and insurance particularly vulnerable.

In addition to economic motivations, the ransomware industry is also influenced by geopolitical politics. For example, in June 2021, following ransomware attacks against Colonial Pipeline and his JBS, the Biden administration announced that ransomware was a threat to national security. Next, the administration listed critical infrastructure that was “off-limits” to attackers.

Following these steps, many attackers changed their policy and declared that they would not attack critical and basic organizations such as hospitals, power plants, and educational institutions. A few months later, the FBI reported an attack on the notorious ransomware group REvil.

ransomware negotiator

The reaction from the Conti Group to this attack reflected their ideological motives.

ransomware negotiator

Ransomware vaccination

Managing a ransomware event is similar to managing a hostage situation. Therefore, it is recommended that organizations adopt a similar crisis management structure to prepare for ransomware incidents. This structure is based on the following features:

1. Crisis manager:

  • Coordinate technical, business and legal tracks.
    • Technical tracks include forensics, investigation, containment, remediation and recovery, and expert dialogue. At this stage, the organization and incident response team assess the scope of the event. For example, how deep into the system is the attacker and how much data was exposed.
    • The business track covers business continuity planning, media and PR. These are typically executed once the scope of the event is clear. We encourage you to be as transparent and accurate as possible when making public statements.
    • The legal track includes legal, regulatory and compliance considerations. Track which guidelines need to be adhered to and within what period of time. In some cases, they are also crisis managers.
  • A crisis manager cannot be a decision maker.

2. Decision-making group:

  • Groups or individuals who make informed decisions based on data from crisis managers.

3. Law Enforcement Agencies:

  • It is recommended to predefine this relationship. They range from minimal, just providing information, to deep enough to manage an entire crisis.

4. Insurance:

“More and more companies are offering bundles of these ransomware services,” said Etay Maor, senior director of security strategy at Cato Networks. I recommend that you do so,” he said.

The role of a professional negotiator

Professional negotiation is the act of using professional communication with hackers in various extortion situations. This role consists of four key elements.

1. Determine the scope of the event – Occurs within the first 24-48 hours. This includes what was compromised, how deep the attacker penetrated the system, whether the act was single, double, or triple ransomware, and whether the attack was financially motivated. It includes understanding whether it was a physical attack, or whether it was a political or personal attack.

In 90% of cases, the attacks are financially motivated. If you are politically motivated, you may not be able to recover your information even after paying the ransom.

2. Threat actor profiling – This includes understanding whether the group is known or unknown, group behavior patterns, and organizational structure. Understanding who the attacker is has implications for communication.

For example, knowing an attacker’s local time allows negotiators to determine where the attacker came from. This can be used to improve bargaining terms, such as taking advantage of holidays to ask for discounts.

3. Assessing “Unagreed Costs” – Reflect on decision makers and crisis managers what will happen if the ransom is not paid.

ransomware negotiator

4. Defining Negotiation Goals – The question is not whether to pay or not. It’s a business decision. The purpose of negotiation is to negotiate for information, time and better terms. In some cases, this may reduce payouts or even allow the company to recover on its own.

For example, one company was able to negotiate a 13-day deadline to recover information and forgo paying the ransom entirely.

Should I pay or should I not?

“Ransomware is a business problem, not an IT problem,” comments Etay Maor. The decision to pay or not is a business decision and is influenced by many factors. The FBI’s official policy is not to make payments, but companies can make payments if the CEO decides.

For example, an online gaming company was losing more money than its ransom demand each hour it was out of business, which influenced its decision to pay the ransom as quickly as possible while minimizing negotiation time. US lawmakers have not banned ransomware payments either. This shows how complicated the problem is.

Tips to protect yourself from ransomware attacks

Ransomware is becoming more and more prominent, but organizations can protect themselves from it. Ransomware relies on phishing attacks and unpatched services. Therefore, it is recommended that the CEO meet regularly with her IT team to ensure that their software and infrastructure are patched and up-to-date, and that all important information is backed up. . This greatly reduces the chances of ransomware exploiting vulnerabilities to infiltrate your system.

If you want to learn more about ransomware attacks and how they are managed in real time, watch the full masterclass here.

Did you enjoy this article? Follow us twitter You can read more exclusive content we post on LinkedIn.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us