A ransomware negotiator shares 3 tips for victim organizations
January 18, 2023 – Published on Cybersecurity Dive
Part of the role of a ransomware negotiator is to bring calm to a situation that can feel like a waking nightmare for the victim organization.
Coordinating a response in the aftermath of such a volatile incident puts a company’s finances, reputation and longevity on the line.
“When the actual ransomware attack is occurring, I think the biggest thing is [to] take a deep breath and slow things down,” said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security.
“The first knee-jerk reaction for most organizations is to kind of freak out a little bit, and rightfully so,” Schmitt said.
Ransomware groups are known to exploit human psychology as a tactical advantage, but that behavioral response can create additional work and slow time to recovery.
The psychological component can be minimized when incident responders act with a sense of urgency but in a calm and collected demeanor, according to Schmitt, who has responded to hundreds of ransomware incidents during his career.
Schmitt, who also facilitates ransomware negotiations — acting as the liaison between the victim organization and the threat actor — shares his top three tips for organizations hit by ransomware:
- Slow down and don’t freak out
- Preserve evidence
- Learn from the experience
Read More HERE.