Avertium was partially successful in using ChatGPT to write a ransomware encryptor.

Edward Gately, Senior News Editor

May 1, 2023

10 Slides
Ransomware Despair, ransomware negotiation

Ransomware negotiation is a tricky job as ransomware gangs continuously shift their tactics to get as much money as quickly as possible from victims.

The-Gately-Report-logo-300x200.jpgMark Lance, GuidePoint Security‘s vice president of digital forensics and incident response (DIFR) and threat intelligence, specializes in ransomware negotiation. We caught up with him at last week’s RSAC 2023.

A new GuidePoint Security report based on publicly available resources shows a  25% increase in ransomware victims in the first quarter from the fourth quarter, and a 27% increase compared to the first quarter of last year. The report tracked 849 total publicly posted ransomware victims claimed by 29 different threat groups in the first quarter.

Manufacturing, technology, education, banking and finance, and health care organizations continue to represent the majority of publicly posted ransomware victims. LockBit remains the most prolific ransomware threat group, but the widespread exploitation of a file-sharing application vulnerability has brought Clop into a leading position.

Ins and Outs of Ransomware Negotiation

We spoke with Lance about the ins and outs of ransomware negotiation amid this increase in attacks.

Channel Futures: Have ransomware gangs been changing their tactics amid the Ukraine crisis?

Lance-Mark_Guidepoint-Security.jpg

Guidepoint Security’s Mark Lance

Mark Lance: If you look at the evolution of the threat, initially it started out very largely about the encryption and operational impacts. Then a couple of years ago, we saw them start doing the double extortion method where they’re stealing information from the environment prior to performing the encryption and even if you’re able to recover, they’re still going to try to get payment through the extortion of the data that they stole by saying that they won’t release the information if you pay them. With the Russia-Ukraine incident, I wouldn’t say it has changed the methods that we’ve seen. I think we’ve seen some unique impact where the methods they’re using right now are working, they’re effective and they’re making a ton of money.

See our slideshow above for the rest of our Q&A with GuidePoint Security and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIsChannel Research

About the Author(s)

Edward Gately

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

See more from Edward Gately
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal