Tag Archive for: ‘negotiations’

Cyberattack 101: Go inside the ransomware negotiations with hackers | Action News Investigation

/in


PHILADELPHIA (WPVI) — Cyberattacks are surging and health care networks are being increasingly targeted.

Just last week, cyber thieves hit Capital Health in New Jersey.

Criminal enterprises usually get access to networks due to human error on a computer when employees often mistakenly click on what’s called a “phishing email” and accidentally download malware.

But that’s just the early innings in the game of ransomware, then begins the negotiations.

“It’s billions of dollars every year that ransomware groups are making,” said Drew Schmitt with Guidepoint Security.

Schmitt’s job is to negotiate with cyber syndicates who he said go by names like Akira, BlackBasta, Lockbit and the Lazarus Group.

“We see that there are threat actors that exist all over the world,” he said.

He said with the click of a mouse the cyber gangs take over networks.

Hospitals in Delaware County, the City of Philadelphia and a Pennsylvania water authority are just a few of the local victims in 2023.

“These threat groups have evolved in such a way that they have more or less real-time chat applications,” said Schmitt.

Schmitt took us behind the scenes of what happens when entities hire Guidepoint Security. The cybersecurity firm is responsible for past negotiations of one-third of Fortune 500 companies and more than half of US government cabinet-level agencies.

He said after an attack, victims will first get a link. They’ll then be instructed to enter their company name and code, and then negotiations are underway.

“Hey I was told to get in contact with you based on this ransomware. How do we get our files back?” he said they usually ask.

In this ransomware attack, Schmitt shared with the Investigative Team that BlackBast requested $1 million. If not paid, the group warned the sensitive information would be posted to a news board or leaked onto a site on the dark web where other criminals can access the information.

“That’s where they name and shame. That’s where they post the data.”

Schmitt said he’ll then request proof they have the files they say they do.

“So we actually call that proof of life,” he said. “You have what you say you have. But now we need to know that you can actually decrypt the files that you’ve encrypted…

Source…

Negotiations continue with ‘threat actor’ who hacked DMACC computer networks

/in


Rob Denson

The president of Des Moines Area Community College says the institution’s insurance company continues to negotiate with hackers who shut down DMACC’s computer networks on June 2.

Rob Denson says it does not appear any accounts were compromised.

“Our insurance company is talking to the threat actor. We’re not a part of that discussion at this point,” Denson says. “They want to make sure they don’t tell us anything that we might share that could impact the status of any negotiations, but again we’ve not seen anything or been told of anything that’s of any real significance.”

Denson has confirmed it was a ransomware attack, but DMACC did not pay a ransom and has relied upon its insurer to handle the details.

“They brought in all kinds of attorneys, consultants that have worked with us and have been through many, many of these,” Denson said. “We had passwords and some emails that we believe were impacted. We’ve just reset all of those.”

Experts have gone through over 6000 DMACC computers, searching for malicious software, but Denson says none was found. Denson made his comments during taping of the “Iowa Press” program that airs this Friday night on Iowa PBS.

DMACC canceled online classes on June 3 and wound up closing the entire campus on June 4 due to the security breach. In-person classes resumed five days later, but online classes didn’t start back up until last week.

Source…

How ransomware negotiations work | CSO Online

/in


Ransomware has been one of the most devastating malware threats that organizations have faced over the past few years, and there’s no sign that attackers will stop anytime soon. It’s just too profitable for them. Ransom demands have grown from tens of thousands of dollars to millions and even tens of millions because attackers have learned that many organizations are willing to pay.

Many factors and parties are involved in ransomware payment decisions, from CIOs and other executives to external counsel and insurance carriers, but the increasing need to make such payments has created a market for consultants and companies that specialize in ransomware negotiation and facilitating cryptocurrency payments.

What happens when ransomware hits?

In an ideal world a ransomware attack should trigger a well-rehearsed disaster recovery plan, but unfortunately many organizations are caught off guard. While large enterprises might have an incident response team and plan for dealing with cyberattacks, the procedures for dealing with various aspects specific to a ransomware attack—including the threat of a data leak, communicating externally with customers and regulators, and making the decision to negotiate with threat actors—are typically missing.

“Even in large publicly traded companies that do have IR plans, they don’t usually cover details related to ransomware,” Kurtis Minder, the CEO of threat intelligence and ransomware negotiation firm GroupSense, tells CSO. “Once we get to the process of decryption negotiation, of making that business decision, who should be involved, a lot of that is not documented. There’s no messaging or PR plan either. None of that exists for most companies that we get brought into, which is unfortunate.”

Source…

Sanders in ‘negotiations’ with DNC over data breach – Politico

/in

Politico

Sanders in 'negotiations' with DNC over data breach
Politico
Following the data breach, the DNC temporarily suspended the Sanders campaign's access to its voter database — and the campaign in turn filed a lawsuit. The dispute has inflamed tensions between Democratic Party insiders and allies of the insurgent …
Sanders campaign rips DNC for 'praising' data breach stafferNew York Post
Sanders Campaign Maintains DNC Holds Responsibility For Data BreachTPM
Was the Sanders Campaign's DNC Data Breach a Set-Up?PJ Media
American Thinker (blog) –CNN –Bloomberg
all 6,553 news articles »

“data breach” – Google News