Fraud Management & Cybercrime , Ransomware , Video

The Hidden Benefits of Negotiating With Ransomware Attackers

GuidePoint Security's Mark Lance on Ways to Delay and Gather Info on Cybercriminals
Mark Lance, vice president, DFIR and threat intelligence, GuidePoint Security

Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.

See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare

At the very least, that extra time could help security and IT teams formulate a strategy, check on backups and determine whether data has been stolen. Even though an organization may not plan to pay a ransom, the lines of communication stay open - in case paying the ransom turns out to be the best option.

"It's just buying time before they're going to publish your information if you don't make the payment," Lance said. "It's allowing you to complete more tasks and do things in a more orderly manner. Traditionally, you just ignore them, and then within anywhere from two days to a week, all of a sudden your information is released."

In this video interview with Information Security Media Group at Black Hat USA 2023, Lance discussed:

  • Whether you can trust cybercriminals to do what they promise;
  • Negotiating tactics during a ransomware incident;
  • Investments in tools and processes to protect against ransomware.

Lance, who leads digital forensics and incident response, specializes in conducting proactive threat discovery services to help organizations stay secure.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.