Confessions of a ransomware negotiator: Well, somebody's got to talk to the criminals holding data hostage Many people outside of IT believe computers will do away with jobs, but the current ransomware plague shows that new and more curious kinds of jobs are created at least as fast. So what sort of background sets you up to talk to people holding your data for ransom? To find out, The Reg talked to Nick Shah of STORM Guidance, who …
Serves 'em right. The IT team says they need a budget for implementing security measures against ransomware. Managers say nah, the insurance company will pay for it. Ransomware happens. Insurance company says you've violated all these security condition that you said you'd follow so as far as we're concerned you can kiss your data goodbye. Ransomware negotiator is contacted.
actually I would hope that during the negotiations they are GIVING a LOT of intelligence TO the police
(I would be MORE interested in NAILING THE PERPS than getting my data back, as anything truly important is being regularly backed up)
>I would be MORE interested in NAILING THE PERPS than getting my data back
If only the bad guys would first move to your local police jurisdiction.
Of course you could be part of some continent sized union which allowed warrants, investigations and even free movement of individuals between countries - but who wants that ?
>I am interested in why you see Russia as part of the EU ?
Who said anything about the Eu?
Soiuz nerushimyj respublik svobodnykh
Splotila naveki Velikaia Rus.
Da zdravstvuet sozdannyj volej narodov
Edinyj, moguchij Sovetskij Soiuz!
The BBC Podcast - Held to Ransom https://www.bbc.co.uk/programmes/m000xs0h really gives insight into a real Ransomware negotiation and incident managment. If it wasn't 'Nick Shah' involved then must have been a clone! Excellent articles both by The Register and BBC's FileOn4!
Just use a throw-away email account. Or if you can download the podcast then do that (not all programmes let you).
I know the beeb are wimps that jump to their master's voice because of the 10 year charter threat, but they have some great people working for them, just not at the very top.
As an aside, I see from my parent's old house, which has been empty for more than three years while my father moved to a care home, Crapita keep trying to threaten him to pay his TV licence. When he refused to reply (the bastard) they then threatened to start an investigation. Not send someone round, just start the investigation. Then they sent him a letter to say they had started the investigation. But still no one has come round.
It's all rather fun, as my dad has been dead for some time now, and I've been sorting out his house. I'm still waiting for the next stage in this -- but not expecting anyone to bother turning up, because they would clearly see the house is unoccupied.
Oh, and as no one is watching TV no one is breaking the law. FUCK OFF CRAPITA.
But anyway, back to the beeb. Radio 4 is on the whole not bad if you ignore it's political news. Just use something like 10minutemail to create an account. (Although I think those other cunts Google have bought that.)
I've been at my current address for seven years without a TV license and have seen their empty threat letters cycle round from nice to (what I presume they think is) nasty more times than I can count. Never had a single visit. I don't think they bother anymore, if they ever did.
I used to get letters and visits when I lived in my flat. On the doorstep they would assert "Why haven't you paid your TV licence?" or similar, rather than "Do you have a TV?" I used to ask whether they wanted to come in and look see, but they always declined.
I used to know a bloke who did these visits. Apparently post office counter staff would often be favoured for the job, good overtime money!
I've seen this cycle too. I've even had cards posted through the door saying they came but I wasn't in -- even when I was in!
I don't tell them I don't have a TV, because it wouldn't save me any hassle. On the other hand, it would give them a name for a computer to generate a summons to a magistrate's court that couldn't attend because of covid.
Best just to ignore the threats.
How would we know? Anyway, here's my guess: you posted it later in the discussion, so fewer people read it, so fewer people clicked the vote buttons. Or maybe the phrasing of this comment was more interesting than yours. I don't remember hearing about this before, so I didn't read your comment. There are a few factors that could contribute.
[P]art of Shah's work is to get samples of what the attackers have exfiltrated to prove they are telling the truth about it (apparently some criminals lie) and/or to get them to decrypt some data…. In this way, the negotiations are a lot more stepwise than the binary state of a hostage release.That's putting it mildly. With a hostage, if they start providing you pieces, that's not a sign that negotiations are going well.
Which thumb do you want first? -->
He agrees that "contract assassination is a perfectly sane and just response". If you can be sure to kill the right people and the assassin is comfortable with the deal and won't take a better offer and kill you instead then possibly a good way of reducing this type of extortion. However probably better to make sure your data is safe.
Do you go private or trust the state to deal with the problem?
I wonder how effective trying to say "now is not the time to assign blame" really is to those who are to blame. If you have management that treats mistakes (so long as they don't keep happening over and over) as learning experiences, figuring they get a smarter employee out of it, you probably don't stress all that much. If you have vindictive management, who will look to throw someone to the wolves (lest their superiors do the same) then you are probably not going to perform that well because you'll keep thinking "I need to update my resume".
In one consulting gig I was tasked with trying to reduce common issues to reduce Service Desk expenses for a managed services provider. Their processes were so broken they had problems everyone knew existed, would generate dozens of tickets a day, and had a simple fix. Certain service desk people were highly resistant to any attempts fixing them, because they spent all day picking up tickets for those common problems and resolving them, making themselves look great.
The first RCA I did was about that, and I scheduled a meeting with some people involved but the main one was the person in charge of the Service Desk. She never responded to the invite. Contacted her directly, no response. I eventually had to engage someone in the C-suite to order her to attend my meeting. Maybe I should have used the "if you aren't there you get the blame" thing lol!
She hated me the rest of the time I was there, because she had a dozen people quit within the first month or two when I pushed through resolutions of 6 of the top 10 most common tickets. Those were obviously useless people, who only had good metrics because they were resolving issues that should have been fixed long (in some cases 5+ years as far as I could tell) ago. I can't believe she was clueless about what they were doing, maybe they were getting bonuses for doing so well and she was getting kickbacks?
You get objetives.
Those objectives have numbers, AKA KPI
Then you make magic so those numbers are met.
Probably not very useful for the company that I have the objective to say reduce the backlog to XX items.. as I would not engage with clients and create a bigger backlog, unless I can create a project and not backlog..
Next year objectives: Y contacts with clients.
And so it goes..
I worked at very large company where the IT team clearly had a backlog KPI. Their strategy was simply to close tickets after 4 weeks for being too old. That combined with the fact they never seemed to fix any tickets at all encouraged people to give up filing them in the first place.
And then they wondered why business units built their own IT teams...
Does the Close Ticket action send a notif to the raiser of the ticket?
One of my clients quite rightly gets immensely irritated when he gets a close ticket from a Big Company in this manner, particularly when couched in patronising terms. He would make a point of re-raising the issue again, but with some awkward questions attached: "Still not fixed? Why Not? You know how long this ticket had been open for before you unilaterally took the decision to close it?"
My company wrote a bit of software that put 28 out of 30 people out of a job and saved them rent on a whole office building. The work was now done in a quarter of the time too. You can't just employ people at great expense in order that things are done badly. You must make improvements.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
