Negotiating with hackers
The author is an industry 1 team reporterof the JoongAng Ilbo.
Hostages are computer files, and negotiation is done through emails. Ransom is paid in bitcoin. American weekly magazine the New Yorker published a story about ransomware negotiators. Ransomware is malware that infects a computer, locking files and demanding a ransom.
The ransomware negotiators work for insurance companies or as freelancers to negotiate with hackers. Their job is not to upset the hackers, minimize the ransom and get the decryption key. As hackers work systematically to get a big ransom, negotiators are getting busier.
Their fees vary with the size of the damage. Colonial Pipeline, the biggest pipeline provider in the United States, suffered a cyberattack last month and paid $4.4 million in ransom. Providing 45 percent of the oil to the East Coast, the pipeline was shut down for nearly a week, and people were panic-buying gas.
The hostage situation hasn’t changed much, only the target has changed. We are familiar with the scene from films. The FBI recommends avoiding negotiation with hackers. However, you have to sit at the negotiating table as the damage is snowballing. The hackers have a psychological advantage. So, among the ransomware negotiators is a former narcotics detective with ample experience in psychological dealings.
Ransomware attacks on companies around the world are on the rise since the third quarter of 2020. The U.S. Department of Justice warned that companies should prepare for exponentially growing ransomware attacks.
Korean companies are no exception. Web hosting service Internet Nayana suffered a ransomware attack in 2017 and paid 1.3 billion won ($1.2 million) to hackers. E-Land Group shut down some stores in department stores and outlets due to a ransomware attack in November 2020. LG Electronics and SK Hynix also suffered ransomware attacks.
Lately, smaller businesses have become the target of hackers. A plastic surgery clinic in Gangnam, Seoul, got a ransomware attack earlier this month. The hacker obtained personal information from the clinic, contacted customers directly and demanded payment in bitcoin. The police are investigating it as a leak of personal information. Soon, ransomware negotiators will appear in Korea.