GuidePoint Security’s Mark Lance on Ways to Delay and Gather Info on Cybercriminals
Conventional wisdom recommends to never negotiate with ransomware actors. They can’t be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.
At the very least, that extra time could help security and IT teams formulate a strategy, check on backups and determine whether data has been stolen. Even though an organization may not plan to pay a ransom, the lines of communication stay open – in case paying the ransom turns out to be the best option.
“It’s just buying time before they’re going to publish your information if you don’t make the payment,” Lance said. “It’s allowing you to complete more tasks and do things in a more orderly manner. Traditionally, you just ignore them, and then within anywhere from two days to a week, all of a sudden your information is released.”
In this video interview with Information Security Media Group at Black Hat USA 2023, Lance discussed:
- Whether you can trust cybercriminals to do what they promise;
- Negotiating tactics during a ransomware incident;
- Investments in tools and processes to protect against ransomware.
Lance, who leads digital forensics and incident response, specializes in conducting proactive threat discovery services to help organizations stay secure.