Negotiations 101

Speaker 1: Alright. So let's go ahead and start this podcast about cybercrime with what I know you've all come here for. A brief history of the economics of kidnapping in Southern And Central America in the nineteen seventies. Obviously. So, it's 1971 and there's this British owned meat packing plant in Argentina. And the manager of the plant, British guy, upper management at the company gets kidnapped by a local guerrilla group. And the guerrilla group says, this is a kidnapping. If you ever wanna see your British meat packing manager friend again, you're gonna have to pay a ransom. And they go back and forth with the company and they decide on a sum, dollars 250,000. Now, adjusting for inflation, that's like $1,600,000. So this was a very profitable enterprise for these Argentinian guerrilla fighters. And soon, word starts getting out. The next year, an executive for an electronics company in South America gets kidnapped, and the electronics company pays a ransom that is twice as much. And with that, the value of of a kidnapped executive just starts to inflate rapidly. In 1973, in ransom for kidnapped executives, Coca Cola paid a million dollars, Kodak paid 1.5, British American Tobacco paid $1,700,000 and Firestone paid 3. One of these guys gets kidnapped and the price tag ends up coming up to $2,300,000. And then, two years later, the same guy gets kidnapped again. And this time, they charge the company $10,000,000. In a kidnapping operation that involved an entire theatrical production involving actors in fake cop outfits, and telephone workers, and custom printed street signs, Juan and Jorge Born, heirs to a multinational food processing empire, were kidnapped and held ransom for what ended up coming out to a $60,000,000 price tag. And when there's this much money flowing around, an economy starts to be born. Because somebody has to negotiate these things. In 1975, a company called Control Risks is founded by two former British Special Forces guys to help insurance companies deal with this growing problem because they're the ones footing the bill. And then, that ecosystem of kidnapping negotiators itself becomes a hotbed of scandal and deception. Because if you make a lot of money negotiating kidnappings, you kind of have an incentive for people to get kidnapped. When an illegal thing becomes profitable enough, a whole secondary economy is birthed around it. And when that illegal thing involves ransoms, the players tend to be the same. The kidnapper, the kidnapped, the insurer, and the subject of this episode, the negotiator. Because recently, I started to notice these same four players in a different show.

Speaker 2: Tonight, President Biden is urging Vladimir Putin to reign in the ransomware attacks emanating from inside Russia.

Speaker 1: United States expects when ransomware operation is coming from his soil even though it's not not sponsored by the state, we expect them to act. We talk about ransomware a lot here on Hacked, and the world is talking about ransomware a lot right now too. And this question kinda got stuck in my head. In that little ransomware chat box, when one of these giant companies is negotiating with some ransomware hacker over the fate of millions of dollars worth of data, who is that negotiator? Because when there's this much money on the line, you don't do it yourself. You hire the people. Last week, a transcript from one such negotiation at the University of California at San Francisco was published in part, and it shows us a peek into one of these negotiations, and it is fascinating. On June 5, a negotiation started in a little text box between two parties, neither of which knew who they were really talking to. And the starting point for that negotiation was $3,000,000 So that's this episode. The story of one negotiation and the whole weird world of recovery companies and criminal bureaucracies and multimillion dollar negotiations that he invites us into. Scott is taking a very well earned month off, so this is gonna be a strange one. This is gonna be a JB goes solo episode. And we're gonna call it negotiations one zero one, here on Hacked. This is gonna be an interesting one, because a, we only have partial transcripts of this negotiation and bigger thing is b, it's kind of an unreliable narrator situation. And that unreliability is super interesting. So, in order to get into one of these ransomware negotiation chat box things, you get given a key by the hacker. And these keys then get handed out to different members of the internal response team. External negotiators. And once that conversation is starting, once the countdown clock has begun, multiple people can get into the chat. Which means that, like, the hacker or hackers never really know who they're talking to, same as the negotiator or negotiators don't really know who's on the other side of the box. And someone with one of these keys with access to this this transcript at UCSF was was who leaked it. University of California, for what it is worth, has not denied that they were hacked. They have not denied that the transcript is real. But they did make a really interesting clarification. Saying quote, the statements made by either party were made in the context of a negotiation. And it's interesting that they wanted that known. It also makes telling this whole story kinda prickly. For example, normally, I would set the scene by saying something like, in one of the earliest messages with the hacker, the negotiator tells them what was going on at UCSF at the time of the hack, and it couldn't have come at a worse time. They suggested that June 5, University of California at San Francisco was in the middle of a research rush to help develop a vaccine or treatment for COVID. The negotiator suggests that some of this research wasn't backed up, which meant that hackers were essentially holding ransom, potentially life saving information. The negotiator wrote, quote, we've poured almost all funds into COVID nineteen research to help cure this disease, which makes holding it ransom a pretty messed up thing to do. Here's the thing. That's a really smart thing to say in the context of a ransomware negotiation, but it doesn't really mean it's true. It's kind of what I would say if I was a medical research hospital negotiating with my own hacker. I'm trying to solve COVID. You should give me all this back. It's very clever. And UCSF was doing COVID nineteen research. At the time of writing, they were doing 36 ongoing clinical trials related to COVID nineteen. A fact that has zero bearing on whether a $7,000,000,000 operating budget has $3,000,000 sitting around to pay off a hacker. But, like, when you hear it, you feel it. It's kind of a smart chess move in the context of a negotiation, and that's that's really this whole thing. Everything that gets said during this drama has to be taken with a huge grain of salt. It's in the context of a negotiation. So when I read these lines, I'm not telling you what happened. I'm telling you what's being said between these two parties, negotiator and hacker. And here's what it said. June 6, 06:50PM, hackers locked down a bunch of servers in the biostatistics and epidemiology departments at UCSF. In order to give the keys to unlock the data, they're demanding $3,000,000 from the school. That's their opening bid. This little chat box where the negotiation is going down kind of reads visually almost like a customer service portal, except there's a little red flashing timer that reads two days, twenty three hours, zero minutes down in the corner. And the ransom message up top above the text box explains that if that countdown hits zero, the price doubles. So a little sales pressure for you. To my mind, there's like two thoughts on this. In a negotiation, you should either wait for the other side to say the first number or that you should always say the first number so as to anchor the conversation where you want it. So the hacker has already said that their number is $3,000,000. They know what they're very clear about what they're asking for. They've beaten the negotiator the punch. That's kind of an interesting question just to imagine, like, what what is your counter proposal to $3,000,000 for some data that and we'll get to this later. No one knows what's in it. It could be worth 10,000,000. It could be worth none. So negotiator comes back with their number, and the negotiator starts by hitting hacker with compliments, which according to negotiators is like one on one level negotiating strategy. Negotiator says, quote, I'm willing to work this out with you. There has to be mutual respect. Don't you agree? I've read about you on the Internet, and I know you are a famous ransomware hacker group and very professional. I know you will honor your word when we agree on a price. And this this tactic, negotiations one zero one, flattery, it works. The hacker replies,

Speaker 3: we are 100% about respect. Never will we disrespect a client who talks with us with respect.

Speaker 1: But he adds, do not offer anything ridiculous. The negotiator's response is is is next to ridiculous. The negotiator replies, I can submit a request for the maximum amount of $780,000, but I would be lucky if I got even half of it. So that's his response to a $3,000,000 opening salvo, $390,000. And the hacker replies, poorly.

Speaker 3: Quote, I suggest you reconsider another offer, at this time, a serious one.

Speaker 1: The hacker then threatens to blow the whistle on UCSF's loss of student faculty data to the Federal Trade Commission. But the negotiator, Sly Boots, calls the bluff. The FTC is not a concern for us. We would just like to unlock our computers to get our data back. I know you wanna make a lot of money here. I get it. But you need to understand that we don't have this much cash sitting around. So kinda like a car salesman, the negotiator goes away for a little bit to talk to their manager. And they come back and they say, quote, we are having a meeting with a few of the department heads to discuss finding more money. The sense is that it's not looking good. The more I ask around, the more I hear about how all the departments are hurting for funding. I ask that you keep an open mind. To which the hacker replies,

Speaker 3: Keep that $780,000. Buy McDonald's for all your employees.

Speaker 1: It's a counter proposal. Just shut shut down. In reading through this, I kept trying to, like, pause. And before I would I would go ahead, think about, like, what my next move in this would be. Like, imagine I'm I'm sitting in the car dealership. I'm typing in the box. What would I say? There's this guy named Curtis Minder. He's one of the better known ransomware negotiators. He's got a traditional cybersecurity background, but he's carved out this niche in the space as a go to for big firms negotiating these things. And there's a really, really good profile of him in the New Yorker. And he talks about two things that I found super interesting and relevant at this point in the story. First, is that a lot of rookie negotiators tend to almost talk down to the hacker. It comes from a place of anger, which is apparently pretty big mistake. And it's kind of intuitive. You should you should be nice to the person that you're trying to make a deal with. It should be a little bit flattering and empathetic. But the big one was that you needed to avoid making counter offers in big round numbers. This is apparently super important. You should never give a new number without, like, a really solid justification. Because if you let the number just move randomly, if you just give another five, another 10 here and there, it tells the other side that there's more money if they just wait. And, we see that philosophy everywhere in this conversation. Every new sense in play has a story behind it. So the negotiator replies to the hackers, like, you know, use this little bit of money you're offering to go buy your staff McDonald's joke in a pretty earnest way. They say, quote, I hope you know this isn't a joke for me. I haven't slept in a couple of days because I'm trying to figure this out for you. I'm being viewed as a failure by everyone here, and this is all my fault this is happening. The longer this goes on, the more I hate myself and wish this were to end one way or another. I know you must deal with people treating you bad all the time, but I'm really trying to figure this out, and I don't mean any disrespect. All I ask is that you be the only one in my life right now to treat me nice. You're the only one in the world right now who knows exactly what I'm going through. I guess we're both alike in this sense. Everyone hates us and blames their problems on us. We both want the same thing here. It's like, yeah. You feel that. I don't really believe it, but I feel it. And the hacker replies, my friend, your team needs to understand that this

Speaker 3: is not your failure. Every Internet device is vulnerable. I understand you, but your university has a lot of money, and I'm 100% sure they can get more than $780,000. You need to understand us, the initial price was $3,000,000 How can I accept $780,000 It's like I work for nothing You need to understand, for you as a big university, our price it's shit You can collect money in a couple of hours? I wish we can make an agreement, but 780,000 is not good.

Speaker 1: So, like, if empathy and relatability is the language of, like, a really good negotiation, both sides speak it. So the negotiator is able to trace the hackers back to their online presence on the dark web, this blog. And he's able to learn some stuff about how they launched the initial attack against UCSF. And it's here that we learn a little bit about the tool that this hacker used to launch the attack, something called NetWalker. I don't know the the absolute best way to describe what NetWalker is. It's something between, like, an employer and a franchising opportunity. NetWalker malware, can be leased to, like, would be hackers as kind of this, like, franchise program. In March 2020, the team that made NetWalker, this group called Circus Spider, decided that they wanted NetWalker to become like a just a household name. They decided to expand through something that kinda worked like an affiliate network, almost like the maze ransomware game, that allowed them to operate at just this way bigger scale, target way bigger organizations, and increase the size of, you know, the ransoms that were coming in. But what's interesting is that in order to use NetWalker, you're gonna have to apply for it like a job. And there are qualifications to use NetWalker, and the important ones are that you have to be a, quote, Russian speaking network intruder, not spammers with a preference for immediate consistent work. In June of the same year, they posted a second ad saying, if you're an English speaker, you cannot apply. And our hackers here are using NetWalker, so we can infer some stuff about where they're coming from. So we got this negotiation going on over how much money this is gonna cost the university. That's our a plot. But then down here, there's like a b plot, which is that the negotiator wants to start getting assurances that they're actually gonna get their files back. That this hacker that they're talking to is actually telling the truth. And the negotiator has also kind of shown their hand a little bit. They've shown that they've been researching this hacking group. They know that they're Russian. They know that they're using NetWalker. And and the negotiator has come back with the 780 ks as number, and the hacker says, we can agree on a price, but not like this. I I take this number as an insult. And negotiator replies, quote, I'm also sorry. I don't mean to insult you. I know you work for this and need to make money. I understand. I've read about you on the Internet. I know that you're a famous ransomware hacker group and very professional. I know you'll honor your word when we agree on a price, and you'll provide a decryption tool and full list of files you stole. To which the hacker replies,

Speaker 3: if you read about us, tell me you saw something that we didn't provide decryption tools. I'm 100% sure. You will see. So if we agree on a price, which will be okay for both, don't worry. Everyone will continue life like normal.

Speaker 1: So both sides have established that they're men of honor, followers of a code. They're also not really getting anywhere. They're stalled out at kind of that opening move. Hackers want 3,000,000. School wants to pay 780 k. There's two days, twenty two hours, and thirty one minutes left on the clock. And the UCSF negotiator asks for a two day extension so the, quote, the university committee that makes all the decisions could meet again. I was kinda curious why he might do that. I read a pretty interesting piece in researching this that talked about playing for time as a pretty useful tactic in these negotiations, and that it gives you a bit of a chance to evaluate the actual scale of the threat that you're facing further. A Canadian air ventilation manufacturer that was hit explained that after asking for more time, they used that time to figure out what they could and couldn't restore from their system, what had actually really been stolen that they couldn't get back some other way. And they also figured out that they didn't really need what the hackers had. So after asking for an extension, they just stopped talking to them altogether. So buying that time saved them buying the data. So UCSF starts using this time the negotiator bot to start kinda combing through the wreckage. And they figured that their hackers had managed to encrypt data on about seven of their servers and that the attackers had copied about 20 gigabytes of data from the machines. And it wasn't worth nothing. They discovered with their extra time that they actually did really want this data back. As with everything, there are pros and cons to this delaying tactic. A pro of delaying is that you can go digging around to figure out what the hackers actually have and kind of put a price tag on it. A con is so can the hackers and maybe they find something in there that's worth a lot of money in that data. Maybe so do you. Maybe after holding strong at $7.80 k for like four days, you buy time, you go investigate. Instead of ghosting the hackers because they don't have anything good, you come back with a new offer because you kinda want what they've got. $1,020,895. But as we know, you never do round numbers, and you always gotta come back with a story every time you come back with a new number. That story, right after the break. Starting some new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's gonna work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10% of all e commerce in The US. From household names like, well, hacked podcasts merch, to brands just getting started, you can get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button is used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot, and more sales for you. It's time to turn those what ifs into

Speaker 4: sign

Speaker 1: up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked.

Speaker 4: Whatever your thing, it could be anything. Canva helps you make that thing a thing. Canva is a simple online tool thing. It's a way to design with our magic AI tool things. You can social media your thing, generate images or videos of your thing, make decks or presentations to show your thing. Whatever needs to be done for your thing, Canva can make it an even better and bigger thing. Canva, the thing that makes anything a thing.

Speaker 1: Act solo. This is weird. I miss Scott. So we've talked a lot about ransomware, on this show. This episode is specifically about, like, the negotiation side of it. But in researching it, I started getting curious about the history of this whole thing. We started the episode by going back to the nineteen seventies to track the heyday of physical ransoms. So I was curious, how does the digital version of this start? One of the earliest sort of iterations comes in 1989, when 20,000 public health researchers around the world got a floppy disc in the mail and a letter explaining that the disc contained new research and an information database on the AIDS epidemic. What it actually contained was a malicious program that is now considered the first instance of ransomware. So, they put the disk in the computer and everything works normal for a while, but after users rebooted their computer exactly 90 times, a text box would appear on the screen informing them that their files were now locked. Then, there's a nice little bit of theater. Their printer spat out a ransom note, instructing them to mail a $189 to a post office box in Panama. The malware, which came to be known as the AIDS trojan, was created by a guy named Joseph Popp, a Harvard trained evolutionary biologist. Popp, whose behavior grew increasingly erratic after his arrest, was then declared unfit to stand on trial. He would eventually, donate the modest profits he made from inventing ransomware, to AIDS researchers. And he would later go on to found a butterfly sanctuary in Upstate New York. So Joseph Pop contains multitudes. So that's the first ransomware. But it's kinda like a musician who invents a genre, like, twenty years before someone else comes along and, like, makes it blow up with that first big hit single. Because for a long while before Pop's ransomware idea kinda comes back, we've got broadly considered its precursor scareware, which is essentially just when someone infects a system with a piece of malware that says,

Speaker 3: you you've heard it before, you love it, quote Security warning. Your privacy and security are in danger.

Speaker 1: Like a pop up that tells a user to buy a certain antivirus software to protect their system, and then a hacker posing as a software company could then receive a legitimate credit card payment, which was unavailable to those deploying full on ransomware. So that scareware to ransomware transition is really just waiting on someone to be able to take untrackable payments. There's this window of time where people are deploying early ransomware using gift certificates or prepaid debit cards as payment methods. You really still need someone to then launder that money, which means doing it at any kind of scale was tough. The margins just aren't there. No mean, like, a $189 to a PO box in Panama. It's it's not a great way to make a fortune. So the whole thing really pops off with Bitcoin. With Bitcoin, this relatively mature space of malware that locks down files that are worth a lot of money to the owners meets a payment method that lets that hacker extract that value from the owner anonymously. Your files are worth a thousand bucks to you? Well, now there's a way you can pay me that thousand bucks that law enforcement cannot track. A jillion years ago in 2015, the FBI estimated that The US was subjected to a thousand ransomware attacks per day. In the next year, that number had quadrupled. Kind of like hostage ransoms in South America in the seventies. Mike Phillips, the head of claims for cyber insurance company Resilience says, quote, now it's ransomware first and only, and everything else is a distant second. Those cyber insurance companies are a really big part of where these negotiation companies come from. They're who pays those companies. So, like, imagine you get hacked. Your first call, if you have it, is probably to your insurance company because they are kind of in this mess with you. Ultimately, if you have cybersecurity insurance, it's in the insurance company's best interest to get that payment as low as possible because they're gonna be paying a pretty big chunk of it. And they, they're not negotiators. They don't wanna be in that text box, and they don't wanna have you negotiating it because you might suck at it. So they hire a negotiator like Minder or the one in the UCSF combo that we've been following. But that also creates this ripple in the economy as well. Because the second word gets out, the insurance companies have, like, opened the money spigots to pay negotiators.

Speaker 3: Well, a

Speaker 1: lot of people are gonna wanna, like, come along and maybe fill up their cup a little bit. Not just the ransomware criminals, but people who wanna get into the negotiations game. For example, Minder, the ransomware negotiator, there's a story that he's got of encountering, you I guess you could call it one of his competitors, another negotiator of sorts. So last November, one of Minder's colleagues, a guy named Fowler, ex narcotics detective from North Carolina, and this is just an aside, but what a great name for a negotiating duo, Minder and Fowler. It's awesome. Fowler was designated negotiator for this construction engineering firm. And he goes on to log onto the dark website, like the portal where the negotiation is set to go down. And he notices when he logs in for the first time, the timer that counts down from the moment you log in the first time had showed that three days had already elapsed. And in the little chat box that he's about to start a conversation in, there's already a conversation underway. And negotiator was not very good at it. Whoever had been chatting on behalf of the engineering firm was acting like a huge asshole. When the hackers demanded $200,000 to unlock the company's files, the negotiator initially counter offered $10,000 and then quickly jumped up to 14,000 and then quickly jumped up to 25,000. They're immediately breaking rules one and two of this whole thing. Fowler explained it as quote, what that communicates to the threat actor is that there is more money here. And Fowler is, like, is reading along, and he's seeing that the hackers are they're getting angry with the negotiator.

Speaker 3: The hacker says quote You've reported an annual income of $4,000,000. We are not expect small money from you.

Speaker 1: The final message in the chat had arrived from the hacker two days earlier.

Speaker 3: Are you ready to close with the cost of 65,000?

Speaker 1: So someone had been negotiating on Fowler and the company's behalf, and Fowler doesn't know who. And they've the the negotiators totally messed it up. The hackers are set now on the 65 k figure, and they're not gonna wiggle. So Fowler and Miner try and piece together what exactly happened here. And the client insists they've never gone to the dark website, much less interacted with the hacker. And then Fowler reminded Miner about a recent post that he'd read on one of the large ransomware consortium's dark web kind of corporate blogs warning about this new player. These, like, to use their words, quote, fraudulent middlemen. Not quite negotiators like Meijer and Fowler, but something else. The middlemen would claim that for a fee, they could decrypt the files, which they couldn't because math. What they would actually do is secretly negotiate with the hackers, agree on a rate before turning around and offering the files that they decrypted back to the victim at a huge markup. It's pretty funny to me that a ransomware gang would have, like, a company blog where they're warning about fraudsters attacking their clients who were actually their victims because they are fraudsters. But in any case, Miner goes back to his client and they admit, oh, yeah. You're the only negotiators we hired, but we also reached out to this company who claimed they could just recover the data, that they could decrypt it. This company called MonsterCloud. MonsterCloud, a Florida company that advertises itself as, quote, the world's leading experts in cyber terrorism and ransomware recovery. MonsterCloud's website encouraged victims to use their, you know, ransomware kind of removal service instead of paying a ransom. And that whole premise is probably pretty appealing to a lot of people, including the heads of this big engineering firm, who were according to Minder, very very patriotic and didn't like the idea of giving a ransom to a foreign criminal syndicate, and would vastly prefer to give it to a software company in Florida. Who was claiming to do this, unbeknownst to them, the impossible thing of decrypting these files. So miners sitting in the text box, just watching these hackers in Monster Cloud agree on this price of 65 k. And MonsterCloud doesn't know that anyone is in the negotiation with them. At which point, a MonsterCloud rep comes back to the engineering firm saying, hey. We we we cracked it. We can decrypt these files for the price of a $145,000. That's a pretty big markup. According to an investigation by ProPublica, MonsterCloud has a long track record of secretly negotiating with hackers. ProPublica spoke with a number of former clients who believed that their files had been decrypted without them ever paying a ransom, even though the, like, strains of ransomware in question made this outcome, if not impossible, then certainly very unlikely. MonsterCloud is one of a handful of US based data recovery companies that appear to follow this similar business model. They claim to decrypt files using super high-tech tools, which makes victims think that they can get their money back without giving any money to a criminal syndicate. And for, like, publicly funded clients, like a city that gets hacked or a law enforcement department, that's a very appealing sales pitch. And this now is becoming so common that ransomware groups have actually recognized that these middlemen data recovery firms can be great partners. They just wanna close the deal quick, and depending on what the hacker's doing, maybe they do too. One ransomware crew was found offering a promo code just for these middlemen. MonsterCloud declined to discuss their methods with ProPublica, but their response was, not that surprising. Quote, we work in the shadows, Zohar Pinhasi, the company's CEO, told the publication. How we do it, it's our problem. You will get your data back. Sit back, relax, and enjoy the ride. And they do it according to this report by negotiating secretly and then selling you the data that they negotiated a markup. According to this report, there is no cool decryption tech in sight, and the criminals still made their money. Minder has since reported MonsterCloud to the Federal Trade Commission. Back to our main story. Back at the University of California, San Francisco, the negotiator has just come back with his new offer. A very specific, not at all round figure. The hacker takes a minute and then comes back with a counter proposal. Let's go through the numbers again. Remember, we'd started at $3,000,000, the negotiator at $7.80. The negotiator had finally flinched and come back with his number. Dollars 1,020,895. And the hacker replies,

Speaker 3: How about 1,500,000?

Speaker 1: Well, that's a big round number. And suddenly the negotiation starts to feel like it's kinda circling the drain a little bit. These numbers are getting closer to each other. But ever the professional, never giving a number without a story behind it, the negotiator comes back the next day writing quote, The good news that I wanted to share is that a close friend of the school knows what's going on and has offered to help donate a $120,000 to help us. We normally can't accept these donations, but we're willing to make it work only if you agree to end this quickly. Can we please end this so we both can finally get some good sleep? And there's this delay, this lag between messages, this long pregnant pause before the hacker comes back after six days of negotiating in that little customer service window and they say, quote, When can you pay? The negotiator had made a deal. So the same way that your smartphone is like basically a mature product it there's little tweaks to it every year but the basic architecture of it isn't really changing. The manufacturers and operators of cybercrime products have kind of circled in on a mature design that works. Ransomware has come of age. In a June 7 press conference, American president Joe Biden said, quote, I made it very clear to him, him being Putin, that The United States expects when a ransomware operation is coming from his soil, even though it is not sponsored by the state, we expect them to act if we give them enough information to act on who that is. So even though more eyes are on this, it would seem that this ecosystem is just gonna keep growing and thriving. And as it does, there are gonna be services and providers that are necessary to keep the money flowing. Just like in the nineteen seventies, if a CEO is getting kidnapped every other day, if data is getting stolen every other minute, eventually people are gonna start looking for someone to solve the problem. And they might bump into someone who, in the broad light of day, will negotiate that ransom for them. Will follow some simple rules of negotiation. Be empathetic, never work in round numbers, and take advantage of the detachment that comes from not having been the ones hacked. Or they bump into a, to borrow the hacker's term, fraudulent middleman. We'll tell them not to worry about how they do it or how they make their money, just that the deal gets done. Because that's what it is now, what it was in the seventies. It's just a deal. Six days after, University of California, San Francisco puts together the 116 Bitcoin necessary to pay the $1,140,000 payment. Along with access to the decryption key, the deal included a commitment by the hackers to transmit all the data that they had stolen, presumably so that UCSF could determine what data the hackers had in their possession and could possibly have sold. It would take the attackers almost two days to decrypt, transmit, and show that they deleted their copies of the files, that they would deliver at 02:48AM on June 14. And you can tell for how, like, personal the negotiator made some of this. I remember him saying, quote, everybody hates me. You're the only one who knows how it feels. You could tell that this was just another deal. This is what he does for a living. Because when the payment goes through, the hacker sends one last message asking, so which recovery company are you with? And the negotiator doesn't say a word. Know how long is too long to talk into a microphone by yourself? Forty four minutes is too long to talk into a microphone by yourself. I hope you enjoyed this weird one. Just me, just the JB solo. Scott was, as I said at the top of the show, Scott was enjoying a much needed break. We were away last month because I was moving and, that takes more work than I thought it did. But I'm back. We'll be back, both of us, next month in the interim. Calling all Joey's and Irina's. You're this month's new patrons. What's up? You actually get two months. You get July and August. Thank you so much for your support of the show. It means the world to us. If you wanna support the show, you find us find us at patreon.com/actpodcast. It's normally a podcast hosted by two people. It's even better. I'm gonna be back next month. This is the morning, and I'm tired, and I just talked for forty four minutes. So I'm a dip. Thank you so much for listening, and we'll catch you on the next one.

Speaker 5: Have no fear, Chosen Foods is here to defend your favorite foods from the forces of seedy oils and sketchy ingredients. With cooking oils, salad dressings, and mayo, all powered by the good fats from 100% pure avocado oil and simple delicious ingredients, Chosen Foods.

Speaker 2: Starting a business can seem like a daunting task unless you have a partner like Shopify. They have the tools you need to start and grow your business. From designing a website to marketing to selling and beyond, Shopify can help with everything you need. There's a reason millions of companies like Mattel, Heinz, and Allbirds continue to trust and use them. With Shopify on your side, turn your big business idea into sign up for your $1 per month trial at shopify.com/ special offer.

Speaker 6: Athletic Brewing Company crafts award winning non alcoholic beers for those who wanna be part of every round. With over 185 flavor awards, they're exceptional NA beers that fit your lifestyle and any social occasion. Summer's full of good times and athletic fits right in. Go to athleticbrewing.com to have brews delivered to your door or find them at a bar, restaurant, or store near you. Near beer, athletic brewing company fit for all times.