Criminals have overtaken your computer network, they are threatening to leak your most sensitive secrets and your share price is tumbling. It's time to call in the negotiators.

They might not wear capes, but this new breed of mediator—who often has had prior careers in law enforcement and intelligence—is increasingly on hand to help in such a nightmare scenario.

Britain's National Crime Agency (NCA) and law enforcement partners from several other countries announced Tuesday that they had smashed the cybercrime giant LockBit, whose ransomware attacks have caused billions of dollars of damage and stolen tens of millions from victims.

The gang had targeted governments, major companies, schools and hospitals since 2020.

Institutions of all shapes and sizes are still prey to the growing criminal threat, though.

In a ransomware attack, gangs—sometimes state-backed—hack into networks and demand payment either to unlock the system or prevent the release of top-secret data.

While cybercrime may conjure up images of lawless bandits operating in a world of anarchy, they are usually rational actors, according to Ram Elboim, CEO of US-based cybersecurity company Sygnia.

"It's not the Wild West, where people just shoot everywhere. Ransomware is a business. It's a huge economy," he told AFP during a London visit.

Elboim's company responds to desperate requests from clients under attack, often Fortune 500 companies, by setting up a team and jetting in to take on the criminals.

'Gun to your business'

Integral to this team are the negotiators, who use their experience of dealing with "real-world" criminals to act as a go-between with online crooks, either helping foil the attack, or working out a price if all else fails.

"Usually we get a call, usually it happens on a weekend or the middle of the night. This is the time where organizations let down their awareness," said Elboim.

The first tasks are to understand the nature of the attack, how the attacker got into the network, what systems are down, how to contain the spread and recover any lost data.

"Then there is a negotiation piece," said Elboim, a former member of Israel's military intelligence unit known as "8200".

"You're talking with a criminal—it's not a criminal who pulls a gun to your head, but there's a criminal holding a gun to your business.

"Usually, we advise you to start negotiations as soon as possible.

"If your only goal is to reduce the price from $50 million to $48 million then... just a good salesperson can do that.

"But usually attackers have some kind of a deadline, pay within 72 hours. The goal of the negotiation is to allow yourself more time to recover."

Another goal is to understand what the attackers are looking for and if you can attribute the attack to a specific group.

This is when the negotiators' expertise comes to the fore, setting up a channel of communication—usually via a chat app or email—and squeezing information from the criminals.

© 2024 AFP