Stuck in cyberattack nightmare? Call the negotiators / Photo: - - NATIONAL CRIME AGENCY/AFP
RBGPF
59.7500
Zürcher Nachrichten - Stuck in cyberattack nightmare? Call the negotiators
EUR
-
AED 3.883499
AFN 71.615398
ALL 97.964948
AMD 408.53216
ANG 1.896427
AOA 964.805939
ARS 1055.741158
AUD 1.626247
AWG 1.900538
AZN 1.797142
BAM 1.952131
BBD 2.124597
BDT 125.743664
BGN 1.953948
BHD 0.398522
BIF 3107.588652
BMD 1.057323
BND 1.414655
BOB 7.271333
BRL 6.114209
BSD 1.052212
BTN 88.790617
BWP 14.355882
BYN 3.443129
BYR 20723.52596
BZD 2.121004
CAD 1.482456
CDF 3034.516057
CHF 0.934045
CLF 0.037278
CLP 1028.616599
CNY 7.65576
CNH 7.657924
COP 4649.048145
CRC 535.892785
CUC 1.057323
CUP 28.019053
CVE 110.058145
CZK 25.289043
DJF 187.376937
DKK 7.459422
DOP 63.400838
DZD 141.165268
EGP 52.331753
ERN 15.859841
ETB 130.25768
FJD 2.399807
FKP 0.834563
GBP 0.835327
GEL 2.881216
GGP 0.834563
GHS 16.783455
GIP 0.834563
GMD 75.070046
GNF 9067.9567
GTQ 8.12972
GYD 220.146233
HKD 8.227494
HNL 26.580043
HRK 7.542157
HTG 138.230195
HUF 406.433817
IDR 16751.745904
ILS 3.945331
IMP 0.834563
INR 89.24983
IQD 1378.496068
IRR 44505.358261
ISK 144.525419
JEP 0.834563
JMD 167.007687
JOD 0.749961
JPY 162.756874
KES 136.658711
KGS 91.45846
KHR 4252.008315
KMF 491.390569
KPW 951.590077
KRW 1474.473563
KWD 0.325063
KYD 0.876844
KZT 525.033196
LAK 23117.550371
LBP 94229.894127
LKR 306.573792
LRD 193.087091
LSL 19.057082
LTL 3.121999
LVL 0.639564
LYD 5.139316
MAD 10.535598
MDL 19.120064
MGA 4918.708725
MKD 61.55379
MMK 3434.143058
MNT 3592.782658
MOP 8.437142
MRU 41.954147
MUR 48.932955
MVR 16.346446
MWK 1824.670517
MXN 21.415385
MYR 4.725157
MZN 67.589326
NAD 19.057082
NGN 1763.392855
NIO 38.727212
NOK 11.651094
NPR 142.064988
NZD 1.796457
OMR 0.407084
PAB 1.052222
PEN 3.999683
PGK 4.233044
PHP 62.203409
PKR 292.315027
PLN 4.32798
PYG 8201.546341
QAR 3.837587
RON 4.977555
RSD 117.016009
RUB 106.26298
RWF 1445.496848
SAR 3.969163
SBD 8.849283
SCR 14.400772
SDG 635.976973
SEK 11.569652
SGD 1.416019
SHP 0.834563
SLE 23.948434
SLL 22171.534478
SOS 601.375398
SRD 37.434533
STD 21884.446262
SVC 9.207607
SYP 2656.554987
SZL 19.050015
THB 36.556911
TJS 11.196057
TMT 3.70063
TND 3.325849
TOP 2.476357
TRY 36.586719
TTD 7.143574
TWD 34.253349
TZS 2806.115567
UAH 43.578981
UGX 3863.738072
USD 1.057323
UYU 45.125187
UZS 13481.661105
VES 47.877573
VND 26855.997928
VUV 125.527482
WST 2.951613
XAF 654.723346
XAG 0.033674
XAU 0.000403
XCD 2.857468
XDR 0.800488
XOF 654.720256
XPF 119.331742
YER 264.172394
ZAR 19.079304
ZMK 9517.174653
ZMW 29.016326
ZWL 340.457495
- G20 leaders talk climate, wars -- and brace for Trump's return
- US lawmaker accuses Azerbaijan in near 'assault' at COP29
- Tuchel's England have 'tools' to win World Cup, says Carsley
- Federer hails 'historic' Nadal ahead of imminent retirement
- Ukraine vows no surrender, Kremlin issues nuke threat on 1,000th day of war
- Novo Nordisk's obesity drug Wegovy goes on sale in China
- Spain royals to visit flood epicentre after chaotic trip: media
- French farmers step up protests against EU-Mercosur deal
- Rose says Europe Ryder Cup stars play 'for the badge' not money
- Negotiators seek to break COP29 impasse after G20 'marching orders'
Stuck in cyberattack nightmare? Call the negotiators
Criminals have overtaken your computer network, they are threatening to leak your most sensitive secrets and your share price is tumbling. It's time to call in the negotiators.
They might not wear capes, but this new breed of mediator -- who often has had prior careers in law enforcement and intelligence -- is increasingly on hand to help in such a nightmare scenario.
Britain's National Crime Agency (NCA) and law enforcement partners from several other countries announced Tuesday that they had smashed the cybercrime giant LockBit, whose ransomware attacks have caused billions of dollars of damage and stolen tens of millions from victims.
The gang had targeted governments, major companies, schools and hospitals since 2020.
Institutions of all shapes and sizes are still prey to the growing criminal threat, though.
In a ransomware attack, gangs -- sometimes state-backed -- hack into networks and demand payment either to unlock the system or prevent the release of top-secret data.
While cybercrime may conjure up images of lawless bandits operating in a world of anarchy, they are usually rational actors, according to Ram Elboim, CEO of US-based cybersecurity company Sygnia.
"It's not the Wild West, where people just shoot everywhere. Ransomware is a business. It's a huge economy," he told AFP during a London visit.
Elboim's company responds to desperate requests from clients under attack, often Fortune 500 companies, by setting up a team and jetting in to take on the criminals.
- 'Gun to your business' -
Integral to this team are the negotiators, who use their experience of dealing with "real-world" criminals to act as a go-between with online crooks, either helping foil the attack, or working out a price if all else fails.
"Usually we get a call, usually it happens on a weekend or the middle of the night. This is the time where organisations let down their awareness," said Elboim.
The first tasks are to understand the nature of the attack, how the attacker got into the network, what systems are down, how to contain the spread and recover any lost data.
"Then there is a negotiation piece," said Elboim, a former member of Israel's military intelligence unit known as "8200".
"You're talking with a criminal -- it's not a criminal who pulls a gun to your head, but there's a criminal holding a gun to your business.
"Usually, we advise you to start negotiations as soon as possible.
"If your only goal is to reduce the price from $50 million to $48 million then... just a good salesperson can do that.
"But usually attackers have some kind of a deadline, pay within 72 hours. The goal of the negotiation is to allow yourself more time to recover."
Another goal is to understand what the attackers are looking for and if you can attribute the attack to a specific group.
This is when the negotiators' expertise comes to the fore, setting up a channel of communication -- usually via a chat app or email -- and squeezing information from the criminals.
"It's not as if the attacker will give you information freely," said Elboim.
- Great reward -
In the best-case scenario, "we drag on the negotiations" for long enough and glean enough information to kick out the attackers and retrieve the data.
"After a few days of this game, the organisation can just... tell the hacker 'I'm not paying, do whatever you want'."
In the worst case, when the system appears lost and with crucial data about to be leaked, many institutions then have to decide whether to pay.
"Some organisations do not want to pay on principal. In some cases, the organisation is willing to pay but not willing to pay so much," with negotiators then haggling over a price.
Even if they pay the ransom and the network is decrypted, it is not plain sailing but rather the beginning of a long recovery process.
Attackers may promise not to attack again for a certain period of time, but there is no guarantee that the network is safe.
"We even had one case where we had a discussion with one attacker and he says 'okay, I move away' and then another came in and it's for sure they exchanged information, they knew everything the first one did," recalled Elboim.
But the rewards for a successful mission are great, he added.
"We had an attack... and the entire company was out, and this is a multinational organisation."
After repelling the attackers, "one of the guards at the entrance stopped us and said: 'Thank you for rescuing my work, now, I will not be hungry'.
"This is one of the most satisfying moments you can have."
R.Bernasconi--NZN
