He would say that, wouldn't he?
-> The biggest reason is because most ransomware groups specifically and explicitly say: 'We don't want to work with a negotiator...
Says ransomware negotiator. A slight case of conflict of interest in that statement. You need new tyres, says car tyre salesman.
I accept that advice from those who know what they are doing is usually useful. I wouldn't want to do any negotiating with a ransomware group. But to me a ransomware negotiator is a sign of failure somewhere along the line, and "outsourcing" this aspect doesn't fix the problem.
-> Schmitt said he has, on two occasions, negotiated ransoms down to zero dollars. ... Healthcare...
I wonder if Schmitt negotiated his fee down to zero dollars, because it is not clear from this report.
-> The negotiation process itself involves bringing all the key business units to the table: C-suite executives, cybersecurity analysts, lawyers, HR, and PR representatives.
But not law enforcement? Just negotiate with your friendly protection racket henchman and keep it quiet.
-> how is this going to impact our brand if we're exposed on a ransomware leak site?
So not "how is this going to impact our brand when it come to public attention that our data (usually meaning customers' data) has been compromised?" What happens if it is revealed later that the data has been purloined? I don't mean the data being made public, but read it like this: customers read in the newspapers that Acme Corporation's customer data was purloined by cybercrims, and their data is now in the hands of these people. Yet Acme Corporation did not report it.
-> there's just not a lot of discussion of kind of where the funds go after the fact
What those protection racket henchman do with the payoff is not my problem. My shop windows are still intact.
I imagine that ransomware is not an easy thing to deal with, and it's easy for those with unlimited pockets (i.e. governments) to say "don't pay". But needing a ransomware negotiator sounds like a systemic failure.