Beyond Encryption: Exploring the Tactics Ransomware Operators Use During Negotiation & their Impact

SANS Ransomware Summit 2023 Beyond Encryption: Exploring the Tactics Ransomware Operators Use During Negotiation and their Impact Speakers: Bryce Webster-Jacobsen, Director of Intelligence Operations, GroupSense Sean Jones, Senior Intelligence Analyst, GroupSense Ransomware is one of the most destructive and lucrative forms of cyber crime. While encryption is the hallmark of ransomware, negotiation is the critical phase of the attack where attackers interact with the victim and negotiate a ransom payment. In this talk, GroupSense experts Bryce Webster-Jacobsen and Sean Jones will delve deep into the tactics that ransomware operators use during negotiation and explore their impact on organizations. They will examine the psychological tactics used by attackers, their use of social engineering, and the tools they use to manipulate victims. The session will conclude with practical advice for businesses to mitigate the risks of ransomware attacks. Outline: Introduction Explanation of the negotiation phase of a ransomware attack; review of what Bryce and Sean experience through negotiation Importance of understanding negotiation tactics Tactics Used by Ransomware Operators During Negotiation Psychological tactics Fear, uncertainty, and doubt (FUD) Building rapport with the victim Social engineering tactics Impersonation and deception Pretexting and phishing Tools used by ransomware operators during negotiation Cryptocurrency transactions Dark web communication platforms Impact of Ransomware Negotiation Tactics on Organizations Financial impact Ransom payments Business interruption Reputational impact Public perception of the organization Loss of customer trust IV. Conclusion A. Recap of the tactics and impact of ransomware negotiation B. Final thoughts and recommendations for businesses to protect themselves from ransomware attacks. View upcoming Summits: http://www.sans.org/u/DuS