Stuck in cyberattack nightmare? Call the negotiators

Dubai Telegraph - Stuck in cyberattack nightmare? Call the negotiators

Dubai 22°C

AED 3.883446

AFN 71.895736

ALL 97.900638

AMD 411.253615

ANG 1.90568

AOA 964.776505

ARS 1059.179559

AUD 1.622625

AWG 1.897279

AZN 1.794959

BAM 1.957984

BBD 2.134981

BDT 126.360933

BGN 1.952776

BHD 0.398504

BIF 3064.552793

BMD 1.057289

BND 1.41652

BOB 7.333387

BRL 6.114624

BSD 1.057409

BTN 89.29813

BWP 14.386045

BYN 3.460359

BYR 20722.868637

BZD 2.131438

CAD 1.478328

CDF 3035.47747

CHF 0.934506

CLF 0.037204

CLP 1026.5747

CNY 7.654248

CNH 7.656799

COP 4647.515635

CRC 537.514753

CUC 1.057289

CUP 28.018164

CVE 110.53916

CZK 25.294629

DJF 187.901514

DKK 7.459164

DOP 64.018911

DZD 140.877325

EGP 52.381066

ERN 15.859338

ETB 128.751425

FJD 2.395923

FKP 0.834536

GBP 0.83492

GEL 2.881119

GGP 0.834536

GHS 16.87422

GIP 0.834536

GMD 75.067091

GNF 9125.463708

GTQ 8.163336

GYD 221.116616

HKD 8.229136

HNL 26.617242

HRK 7.541918

HTG 138.904923

HUF 407.915932

IDR 16767.866866

ILS 3.957687

IMP 0.834536

INR 89.227706

IQD 1385.577518

IRR 44503.944681

ISK 145.504269

JEP 0.834536

JMD 167.707047

JOD 0.749935

JPY 163.649346

KES 135.859859

KGS 91.447738

KHR 4283.078889

KMF 491.374875

KPW 951.559894

KRW 1474.675567

KWD 0.325064

KYD 0.881183

KZT 524.710108

LAK 23207.498531

LBP 94733.114058

LKR 307.643121

LRD 192.444637

LSL 18.973037

LTL 3.1219

LVL 0.639544

LYD 5.164848

MAD 10.575017

MDL 19.217434

MGA 4926.967975

MKD 61.463334

MMK 3434.034132

MNT 3592.6687

MOP 8.477055

MRU 42.212296

MUR 48.931243

MVR 16.345495

MWK 1834.396561

MXN 21.312159

MYR 4.729253

MZN 67.587204

NAD 18.978021

NGN 1775.828054

NIO 38.855402

NOK 11.632492

NPR 142.877408

NZD 1.79237

OMR 0.407066

PAB 1.057409

PEN 4.012387

PGK 4.252446

PHP 62.246315

PKR 293.715725

PLN 4.334931

PYG 8235.184869

QAR 3.849065

RON 4.976764

RSD 116.97634

RUB 106.338364

RWF 1448.486226

SAR 3.969218

SBD 8.849003

SCR 14.364561

SDG 635.957428

SEK 11.567035

SGD 1.416107

SHP 0.834536

SLE 23.947671

SLL 22170.831226

SOS 604.244517

SRD 37.574471

STD 21883.752116

SVC 9.252319

SYP 2656.470724

SZL 18.978078

THB 36.516676

TJS 11.239936

TMT 3.700512

TND 3.341085

TOP 2.476276

TRY 36.480924

TTD 7.180212

TWD 34.260928

TZS 2806.026596

UAH 43.654088

UGX 3893.342324

USD 1.057289

UYU 45.390625

UZS 13559.734259

VES 48.349526

VND 26860.432537

VUV 125.5235

WST 2.951519

XAF 656.708074

XAG 0.033917

XAU 0.000402

XCD 2.857377

XDR 0.804297

XOF 655.519126

XPF 119.331742

YER 264.163785

ZAR 19.106588

ZMK 9516.868831

ZMW 29.211409

ZWL 340.446696

CMSC

-0.0320

24.592

-0.13%
BCC

-2.8500

138.69

-2.05%
CMSD

-0.0480

24.342

-0.2%
SCS

-0.1200

13.08

-0.92%
NGG

0.7590

63.659

+1.19%
BTI

0.2250

36.905

+0.61%
GSK

-0.2350

33.455

-0.7%
BCE

-0.0250

27.205

-0.09%
RIO

0.2200

62.34

+0.35%
RBGPF

-0.4400

59.75

-0.74%
RYCEF

-0.1700

6.68

-2.54%
JRI

0.0150

13.245

+0.11%
AZN

0.3700

63.76

+0.58%
BP

-0.3890

29.031

-1.34%
VOD

-0.0250

8.895

-0.28%
RELX

0.2600

45.3

+0.57%

Stuck in cyberattack nightmare? Call the negotiators / Photo: - - NATIONAL CRIME AGENCY/AFP

Stuck in cyberattack nightmare? Call the negotiators

BOULEVARD 20.02.2024

Criminals have overtaken your computer network, they are threatening to leak your most sensitive secrets and your share price is tumbling. It's time to call in the negotiators.

Text size:

They might not wear capes, but this new breed of mediator -- who often has had prior careers in law enforcement and intelligence -- is increasingly on hand to help in such a nightmare scenario.

Britain's National Crime Agency (NCA) and law enforcement partners from several other countries announced Tuesday that they had smashed the cybercrime giant LockBit, whose ransomware attacks have caused billions of dollars of damage and stolen tens of millions from victims.

The gang had targeted governments, major companies, schools and hospitals since 2020.

Institutions of all shapes and sizes are still prey to the growing criminal threat, though.

In a ransomware attack, gangs -- sometimes state-backed -- hack into networks and demand payment either to unlock the system or prevent the release of top-secret data.

While cybercrime may conjure up images of lawless bandits operating in a world of anarchy, they are usually rational actors, according to Ram Elboim, CEO of US-based cybersecurity company Sygnia.

"It's not the Wild West, where people just shoot everywhere. Ransomware is a business. It's a huge economy," he told AFP during a London visit.

Elboim's company responds to desperate requests from clients under attack, often Fortune 500 companies, by setting up a team and jetting in to take on the criminals.

- 'Gun to your business' -

Integral to this team are the negotiators, who use their experience of dealing with "real-world" criminals to act as a go-between with online crooks, either helping foil the attack, or working out a price if all else fails.

"Usually we get a call, usually it happens on a weekend or the middle of the night. This is the time where organisations let down their awareness," said Elboim.

The first tasks are to understand the nature of the attack, how the attacker got into the network, what systems are down, how to contain the spread and recover any lost data.

"Then there is a negotiation piece," said Elboim, a former member of Israel's military intelligence unit known as "8200".

"You're talking with a criminal -- it's not a criminal who pulls a gun to your head, but there's a criminal holding a gun to your business.

"Usually, we advise you to start negotiations as soon as possible.

"If your only goal is to reduce the price from $50 million to $48 million then... just a good salesperson can do that.

"But usually attackers have some kind of a deadline, pay within 72 hours. The goal of the negotiation is to allow yourself more time to recover."

Another goal is to understand what the attackers are looking for and if you can attribute the attack to a specific group.

This is when the negotiators' expertise comes to the fore, setting up a channel of communication -- usually via a chat app or email -- and squeezing information from the criminals.

"It's not as if the attacker will give you information freely," said Elboim.

- Great reward -

In the best-case scenario, "we drag on the negotiations" for long enough and glean enough information to kick out the attackers and retrieve the data.

"After a few days of this game, the organisation can just... tell the hacker 'I'm not paying, do whatever you want'."

In the worst case, when the system appears lost and with crucial data about to be leaked, many institutions then have to decide whether to pay.

"Some organisations do not want to pay on principal. In some cases, the organisation is willing to pay but not willing to pay so much," with negotiators then haggling over a price.

Even if they pay the ransom and the network is decrypted, it is not plain sailing but rather the beginning of a long recovery process.

Attackers may promise not to attack again for a certain period of time, but there is no guarantee that the network is safe.

"We even had one case where we had a discussion with one attacker and he says 'okay, I move away' and then another came in and it's for sure they exchanged information, they knew everything the first one did," recalled Elboim.

But the rewards for a successful mission are great, he added.

"We had an attack... and the entire company was out, and this is a multinational organisation."

After repelling the attackers, "one of the guards at the entrance stopped us and said: 'Thank you for rescuing my work, now, I will not be hungry'.

"This is one of the most satisfying moments you can have."

Y.I.Hashem--DT