It was in the US where kidnapping and ransom insurance emerged after the notorious kidnapping and murder of Charles Lindbergh's 20-month-old son in 1932. Just over four decades later, that market moved seventy million dollars, and all kinds of specialized profiles began to emerge around it: bodyguards, risk analysts, negotiators ...
With file hijacking by ransomware something similar has started to happen: The first companies specializing in cyber insurance came on the market in 2020. And now they are causing the emergence of a whole complementary ecosystem around them.
A career with a future?
This is the case, for example, of Kurtis Minder, CEO of the cybersecurity firm GroupSense, who has spent more than a year dedicating his time to practice a new professional profile: that of negotiator in kidnappings… of files.
There are hardly any professionals specialized in this work; but, before him growing and dramatic rise in ransomware cases, possibly the competition within this 'sector' will become more aggressive in the near future.
Last December, the acting head of the US federal Cybersecurity and Infrastructure Security Agency stated that this type of malware was "rapidly becoming a national emergency".
Half a year later, the largest US pipeline operator was hit by a cyberattack with ransomware that ended up causing fuel shortages throughout the West Coast of the country. Colonial Pipeline, the company in question, had to pay out $ 4.4 million to cybercriminals.
Victims, criminals and authorities
Organizations that choose not to pay ransoms can spend months rebuilding their systems, while others (like hospitals) for which not paying is simply not an option (at least, if they don't want to cause someone to die).
So that are forced to deal with the groups responsible for these kinds of attacks: many of them located in Eastern Europe, and that require professionals capable of dealing with their sometimes quasi-adolescent rhetoric… and their almost always highly professionalized operating dynamics.
But, of course, there is another element that decisively influences the work of the negotiators in this kind of kidnapping: the position of the authorities. And in most advanced countries, it does not differ much from the one they maintain against the kidnappings of people: do not negotiate.
In the US, for example, its legal situation has become confused after the Treasury Department's Office of Foreign Assets Control issued a notice aimed at cyber insurance companies and negotiators, warning that could be fined for facilitating payments to criminals.
How does someone end up acting as a file hijacker negotiator?
Minder's landing in this field was totally accidental- In early 2020, GroupSense warned a large company that an attacker had broken into their systems - one of their servers had already been encrypted, and they soon received the 'ransom note'.
So this company convinced Minder that will be in charge of the negotiations for the 'rescue', an activity that he had never carried out. His first reaction was to consult the literature related to hostage negotiators.
From his books, he learned things he should avoid making counter offers on round numbers (since they transmit arbitrariness), and that should not make concessions without providing a justification to them.
After that, he spent several weeks negotiating with the attacker (an independent 'hacker', isolated from the large cybercrime groups) until he managed to reduce the amount demanded to an assumable by the insurance company.
"I told them 'I think I could lower it even more if you gave me a little more time,' but the business firm told me the figure was 'good enough.'
Following such success, began to receive more calls for similar orders. Tasks that he personally handles:
"Most of our employees are actually technicians, but this is not a technical skill, but a 'soft skill'. It is very difficult to train your people for it."
In fact, he emphasizes that many times he has to have the same cool head both when negotiating with the hacker and with his victims, as they have a tendency to erupt in anger or to pretend to supervise each message addressed to the attackers.
Via | The New Yorker