In a recent panel discussion on the “Ransomware Case Study,” cybersecurity expert Bikash Barai shared compelling insights into his advisory experience, shedding light on his active involvement in negotiating ransomware with hackers and threat actors. This discussion, featuring Bikash Barai (Co-Founder, FireCompass), Kinshuk De (Head Incident Response, TCS), Venkat Ramshet (Founder, Flexible IR) and Ashwani Paliwal (Founder, SecOps), delved into two riveting cases that exemplify unconventional tactics and strategic responses in the face of cyber threats.
Turning the Tables on a Hacker
Bikash detailed his experience in a case involving an e-commerce company grappling with a hacker who had infiltrated their systems, gaining access to sensitive personally identifiable information (PII). The hacker demanded a substantial ransom, prompting the company to adopt a unique approach. Bikash recounted how they reframed the situation, treating the hacker not as a criminal but as a security researcher who had uncovered a vulnerability.
By positioning the hacker as a “good guy” and acknowledging the discovery of a security flaw, the negotiation took an unexpected turn. The company ultimately saved both face and funds by reaching a mutually agreeable resolution. This case exemplifies the power of shifting perspectives in the midst of a ransomware negotiation.
Navigating a Publicized Ransomware Attack
In another riveting case, Bikash discussed a larger organization facing a severe ransomware attack with threats of media exposure within 24 hours. As the negotiation process began, the hackers escalated by leaking samples of sensitive data. Faced with a rapidly deteriorating situation, the company had to decide whether to pay the ransom or not.
The management ultimately chose not to negotiate further, acknowledging that the attack was already public knowledge. Instead, they focused on managing the fallout, engaging in stakeholder communication, and implementing strategies to mitigate the impact on their reputation.
Closing Thoughts: Proactive Measures for a Resilient Future
By sharing real-world examples and lessons learned from the panel discussion, this blog aims to provide valuable insights for organizations seeking effective strategies in the face of ransomware threats. Bikash Barai detailed advisory experience adds depth to the exploration of unconventional tactics and strategic responses, empowering organizations to proactively navigate the evolving landscape of cybersecurity.
Speakers: Bikash Barai (Co-Founder, FireCompass), Kinshuk De (Head Incident Response, TCS), Venkat Ramshet (Founder, Flexible IR) and Ashwani Paliwal (Founder, SecOps)
Blog By: Dev | Marketing, FireCompass
FireCompass is a SaaS platform for Continuous Automated Pen Testing, Red Teaming and External Attack Surface Management (EASM). FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify breach and attack paths that are otherwise missed out by conventional tools.
Feel free to get in touch with us to get a better view of your attack surface.