In some countries, kidnappings are so common that an entire industry of negotiators and consultants emerged to facilitate the exchange of ransoms and the safe recovery of victims. Many aspects of cybercrime are similar to crimes committed offline, so it should surprise nobody that ransomware negotiators not only exist, but have existed for long enough that significant experience has built up within the industry, The Register reports.
As the crypto market enters another “crypto winter,” the move away from simple financial ransoms is accelerating. Ransomware gangs are regularly leaning on threats to publish data publicly, rather than simply encrypt it.
As the stakes rise, a ransomware negotiator is often your best bet to avoid the release of your data, but the entire endeavor should be approached the same way as a discussion about Fight Club: “The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator—at least not to LockBit or another cybercrime gang.”
A negotiator doesn’t have the same emotional investment in the result as their client, and isn’t as likely to make emotional mistakes. This allows them to get the best results for their clients, which is exactly why ransomware gangs don’t like them: "…most ransomware groups specifically and explicitly say: 'We don't want to work with a negotiator. If you do bring a negotiator to the table, we're just going to post your stuff anyway,'" Schmitt told The Register. Hence the need to masquerade as a regular employee.
Ransomware can happen to anyone, and as a result, everyone should have a plan of action if it does. While you’re reviewing that plan, give some thought to whether or not it’s worth having a list of ransomware negotiators handy. Just in case.