Ransomware Boom Forces More Companies to Cut Deals With Criminals

Kurtis Minder got into the ransomware negotiation business by accident early last year.

The startup he co-founded, GroupSense Inc., monitors dark web forums and chat groups to see when hackers sell access to businesses’ computer networks. After Mr. Minder’s firm told a software company that criminals appeared to have targeted it, the company asked GroupSense to talk down the attackers from an initial demand of more than $1 million to unlock internal data they had encrypted with ransomware. The two sides settled on a roughly $200,000 payout, he said.

GroupSense soon began fielding more such requests from victims’ law firms and insurance companies, which reached up to 10 a week by the end of last year. The company charges flat rates of $12,000 to $25,000 based on clients’ revenue.

“We did not jump in,” Mr. Minder said of the market for ransom negotiation, adding that it is a loss leader for his firm’s other services. “We got dragged in kicking and screaming, basically.”

The growing prevalence and complexity of ransomware has spurred a cottage industry of first responders to counter it. Startups have launched to communicate with hackers or transmit payments using cryptocurrencies, while large cyber companies have hired personnel or acquired specialty firms to help clients respond to and recover from such incidents.

Ransomware took on new prominence this month after a hacking group known as DarkSide targeted Colonial Pipeline Co. and forced a six-day shutdown of the largest conduit for fuel on the East Coast.

Colonial Pipeline Chief Executive Joseph Blount told The Wall Street Journal Wednesday he decided to pay the hackers about $4.4 million in bitcoin hours after receiving a ransom note.