06/03/2021

How to Negotiate with Ransomware Hackers

The cat-and-mouse energy of outsmarting criminal syndicates

A few days after Thanksgiving last year, Kurtis Minder got a message from a man whose small construction-engineering firm in upstate New York had been hacked. Minder and his security company, GroupSense, got calls and e-mails like this all the time now, many of them tinged with panic. An employee at a brewery, or a printshop, or a Web-design company would show up for work one morning and find all the computer files locked and a ransom note demanding a cryptocurrency payment to release them.

Some of the notes were aggressive ("Don't take us for fools, we know more about you than you know about yourself"), others insouciant ("Oops, your important files are encrypted") or faux apologetic ("we are regret but all your files was encrypted"). Some messages couched their extortion as a legitimate business transaction, as if the hackers had performed a helpful security audit: "Gentlemen! Your business is at serious risk. There is a significant hole in the security system of your company."

The notes typically included a link to a site on the dark web, the part of the internet that requires special software for access, where people go to do clandestine things. When victims went to the site, a clock popped up, marking the handful of days they had to fulfill the ransom demand. The clock began to tick down ominously, like a timer connected to a bomb in an action movie. A chat box enabled a conversation with the hackers.

Please select this link to read the complete article from The New Yorker.