Acting swiftly and strategically can make all the difference
Our approach is scientific, structured, collaborative, fully confidential, and measured.
With over 20 years of ransom negotiation experience, we appreciate the sensitivities involved with ransom negotiation and offer a gratis, no obligation strategic consultation prior to any assignment.
STORM's threat actor engagement service enables businesses and their appointed professional advisors to make informed decisions about the impact, obligations, recovery and other options, to manage risk optimally in the aftermath of a cyber incident involving an extortion demand.
Coordination support
Assimilation of incident scenario and strategy consultation with ongoing situational updates.
Threat intelligence
Briefing intel on the threat actors/criminal group and MO. Dark web monitoring of breached data.
Sanctions checks
Analysis of key threat actor and crypto wallet identifiers with checks in relevant jurisdictions.
Ransom negotiation
Controlled and secure engagement with threat actors following agreed strategy and pursuance of target objectives.
Ransom settlement
Cryptocurrency payments with financial accounting and insurer coordination, as well as blockchain analysis and tracing.
Data recovery
Expert advice and support to ensure critical systems and data are rapidly returned to business-as-usual.
STORM's threat actor engagement service highlights
Engagement & coordination
-
Working closely with legal experts and digital investigations specialists
-
Free initial strategy consultation without obligation to continue
-
In-brief with management and agreeing target objectives
-
Establishing and using credible negotiation personas (legends)
-
Initiating timely and considered, communications with threat actors over anonymous and secure channels
Threat intelligence
-
Adjusting negotiation strategy to identified criminal group
-
Cross-match gathered intelligence to digital investigation results including knowledge of:
-
Breached datasets
-
Root causes
-
Positively identifying initial points of compromise and enabling remedial protection
-
-
Dark web monitoring for breached data (6 months)
Breached data analysis
-
Using our AI-driven CyberDiscover platform
-
Extremely rapid, low-cost analysis for the identification of sensitive PII
-
Analysis performed in specified region complying with data protection requirements
-
Swift turnaround time with results typically generated in a few days
-
Enables decisions relating to the sensitivity of stolen data
Ransom negotiation
Progressing to obtain any combination of required objectives:
-
Obtaining Proof of Life (of stolen data)
-
Gathering intelligence on the Threat Actors and Initial Points-of-Compromise
-
Obtaining Proof of Decryption capability
-
Introducing controlled delays
-
Obtaining assurance of data deletion
-
Negotiating an agreed settlement
Law enforcement liaison
With full authorisation of client:
-
Liaison with law enforcement
-
National and/or international
-
-
Coordination of any actions:
-
Monitoring, disruption/delays, intelligence, recovery
-
-
Separate LE engagement report
Sanctions checks
Our specialists provide:
-
Sanctions checks in all relevant jurisdictions
-
Immediate alerting to positive hits
-
Named and associative
-
-
Complete report of findings
Ransom settlement
Preparing and settling the ransom demand:
-
Receipt of client funds for the ransom demand
-
Conversion from fiat into designated cryptocurrency
-
Test payment and verification of receipt
-
Completion of payment
-
Separate settlement report
Advice on data recovery
Working with IT specialists to:
-
Ensuring multi-key ransomware encryption methods are fully understood and factored into negotiation
-
Advising to ensure re-infection risk is reduced
-
Assisting with coordinating efficient recovery
-
Advising on fast decryption techniques
-
Testing & validation
Ransom payment tracing
-
Using advanced analysis to trace ransom settlement payments
-
Both blockchain and fiat trace capabilities and liaison with law enforcement
-
Overcoming TA countermeasures such as mixing
-
Supporting client-appointed advisors with freezing orders
-
Assisting in settlement recovery efforts
Contact the CyberCare team
If you would prefer to speak to the team, give us a call:
UK/Europe: +44-203-693-7480
Africa: +230-434-1277
USA: +1-703-232-9015
Your contact details will only be used in connection with this enquiry. Please read our Privacy Policy.
Threat Actor Negotiation Uncovered
Behind the Ransomware Curtain
Take a closer look at ransomware negotiations with STORM’s unique expertise, including a case study on the Royal Mail attack and insights from a seasoned negotiator.
The Economist - Secrets of a ransomware negotiator
A rare behind-the-scenes look at the strategies and expertise of STORM’s own negotiator.
Royal Mail Ransomware Negotiation Analysis
STORM’s in-depth analysis of leaked threat actor transcripts following the Royal Mail attack.
What People Don’t Know About Negotiating a Cyber Attack Ransom
An in-depth exploration of the complexities involved in ransomware negotiations.
Our distinctive approach to ransom negotiation
When experience matters
As authors of the UN Handbook on Ransom Negotiation, we have formulated a set of typical objectives which make it easy for our clients to understand and be confident in the process.