Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
3 min read

How to Talk to Threat Actors

May 26, 2022 10:15:00 AM

When faced with ransomware, revenue loss and damage to your organization’s reputation aren’t the only things to worry about. To reach the best-case scenario after an attack, your ransomware response team must understand how to talk to threat actors. With the right people on the team, you’re already off to a good start.

In today’s Ransomware-as-a-Service (RaaS) landscape, your organization is most likely dealing with highly specialized threat actors working within a larger business structure. For cybercriminals, this is a business deal. They will make common business trade-offs during negotiations if your team is skilled. Follow these instructions from GroupSense’s ransomware experts to get off on the right foot with the threat actor.

Avoid Confrontation

As in any other negotiation, your team should never engage in arguments with the threat actor. Though your team may feel anything but respect for cybercriminals, arguing with the threat actor will create a defensive environment that will decrease your chances of getting to the best-case outcome. Negotiators should be kind and professional during the proceedings.

Beyond avoiding confrontation, ransomware negotiators should display as much empathy as possible. Even though your organization is dealing with criminals, they most likely have a supervisor or manager expecting specific results watching over them. Displaying empathy can go a long way to getting your organization back on its feet.

Come Prepared

Through research and analysis, your team should understand all possible outcomes. An experienced negotiator will understand the pressure points on both sides and navigate them easily. Knowing your opponent will go a long way in any negotiation.

Your negotiator will have a leg up in the proceedings by understanding the ransomware landscape, common negotiation tactics, and even the ransomware group’s inner workings. Look for negotiators with years of experience in the space and success stories to share. 

Word Choice Matters 

Many ransomware groups operate outside of the US, and English may not be their first language. Be aware of how your words could be confusing or inflammatory. Instead, use language that is easy to understand, and always look at your words from the opponent’s perspective. 

How you talk to threat actors is essential, but when you speak to them is just as critical. In a ransomware attack, every second matters. With so much on the line, GroupSense suggests hiring a third-party ransomware negotiator as soon as possible. Refer to your organization’s ransomware response plan to identify when you should bring in a negotiator. If you don’t have a response plan, get to writing one. 

The ransomware negotiator should be the intermediary between you and the threat actor in this strategic role. Whether this individual is from a third-party or a part of your organization, the negotiator should have a specialized skillset in threat actor identification, profiling, negotiation, and dark web monitoring. In the early stages of the attack, the ransomware negotiator should determine which type of threat actor your organization is dealing with. This will inform the negotiator’s tactics. 

Bringing in a skilled negotiator will also help you save significantly, as they know the value of what’s being held by the criminal, what their usual asking price is, and what the market will bear today. Skilled negotiators know whether the threat actor is typically willing to accept less money, knowing the ransom can be secured faster rather than waiting on a more significant payday, which comes with more considerable risk. Like in any negotiation, you never want to overpay. A savvy negotiator can also help you save money by ensuring lightning doesn’t strike twice. Supervising the recovery effort is critical to ensure there’s no malicious payload in the decryption keys; this can also thwart future extortion efforts by ensuring exfiltrated data is destroyed or recovered.

If you want more tips from GroupSense ransomware experts, download the Ransomware Negotiation Guide today.


Written by Editorial Team