Resources

Ransomware became deadly in 2020.

Joe has a story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giving away Bitcoin again taking advantage of the US election, The Catch of the Day is from a listener named John about an email-based vishing attack, and later in the show, later in the show, we welcome back Kurtis Minder of GroupSense on the burgeoning ransomware negotiation industry. 

Last month, two agencies of the US Treasury department issued advisories warning against paying ransomware.

As a part of our series about “5 Things You Need To Know To Tighten Up Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Kurtis Minder, CEO and co-founder of GroupSense.

For every high-profile ransomware incident in the headlines, there are many more that never get reported. Particularly among small- and medium-sized businesses, often with small IT and cybersecurity teams, a ransomware attack can be an existential problem.

Republished from October 2019

Last week I was asked by one of the 24-hour news networks to comment on camera about Jared Kushner’s use of WhatsApp for official White House business. The news network wanted my thoughts on the vulnerabilities and risks associated with this behavior. My first thought was that this was outside the core focus of what we do at GroupSense, but before I declined I gathered my thoughts on the topic. I quickly realized that this falls squarely in line with the GroupSense mission. Since the networks only want sound bites, I thought I would crystalize the concerns with greater context here. It is my intention to make this post apolitical, but in today’s climate, people are likely to trigger on the particular individual, so replace “Mr. Kushner” with “WH Staffer with critical national intelligence information”, and the risks remain.

Kurtis Minder, CEO of GroupSense, joins Dennis Fisher to discuss the delicate process of ransomware negotiations and how enterprises are dealing with infections today.

It's not very clear what room for maneuvering is left for incident response companies to assist their clients with ransomware attacks and whether providing information about the attackers, engaging with them to test whether they're able to actually decrypt files or to negotiate a lower ransom would qualify as "facilitating" a transaction under the OFAC regulations. "Frankly, that puts us in an interesting situation with a client, where we say: 'Hey, we are not able to facilitate payments. Can we still negotiate on your behalf? Absolutely. And we can validate all the keys and do all of those things to get you to the point where you can do a transaction but we cannot do a transaction'," Kurtis Minder, CEO of threat intelligence firm GroupSense, tells CSO.

Kurtis Minder, CEO of GroupSense, a company that offers ransomware negotiation services, told SC Media that most large ransomware groups with multiple concurrent victims deploy automatic, pre-determined answers through the early stages of a negotiation until it progresses far enough to warrant human interaction. Similar to the business world, ransomware managers are seemingly looking to make sure their workers’ time is being spent wisely.

Threat intelligence firm GroupSense is one recent example. Earlier this month, the company introduced a new service that it says can help ransomware victims navigate a slew of issues following an attack. According to GroupSense, it can help organizations evaluate and confirm attacks, negotiate with threat actors to reduce ransom demands, manage cryptocurrency payments, arrange for the destruction of any stolen data, and carry out other post-transaction activities.