Feedback
Tech

What Real-Life Kidnappings Can Teach Us About Dealing With Digital Ones

Kidnappings for ransom have been dramatized on television and in the movies and detailed on the news. Heck, even Julius Caesar was once kidnapped by pirates, held for ransom and even lived to document his tale for the history books.

While the methods are literally as old as ancient history, cyber security experts are now looking to the kidnapping and ransom industry to better understand how to deal with the growing threat of ransomware, which is now a billion dollar a year industry.

On Assignment: Growing Threat 'Ransomware' 2:04

"Ransomware is less about technological sophistication and more about exploitation of the human element," a report from the Institute for Critical Infrastructure Technology said. "Simply, it is a digital spin on a centuries-old criminal tactic."

Related: Ransomware: Now a Billion Dollar a Year Crime and Growing

As ransomware continues to become a nightmare for hospitals, police stations, businesses and home users, it's also showing the need for a new cyber security job: Ransomware negotiator.

"Who is going to pay more money for your data for you? And there's exactly one buyer and one seller. That's it," Jeremiah Grossman, chief of security at SentinelOne, told NBC News at the RSA Conference in San Francisco this week.

Grossman, who said he has negotiated for friends who have been hit with ransomware, said cyber criminals want to make sure they get paid — and they're almost always willing to negotiate.

"It is a slightly contentious, mostly professional but a very hard negotiation," he said. "Generally speaking, since it is a money making thing, everyone has to be on their best behavior.

What was a $24 million industry in 2015 morphed into a billion-dollar nuisance last year. Experts say the problem of ransomware is only going to get worse.

While the average ransom is a few hundred dollars, according to a report from Symantec, some businesses have reported making payments as high as six and seven figures.

One challenge is paying those ransoms, which are demanded in cryptocurrency. An increasing number of companies are now turning to special consultants for help.

"We have the cryptocurrencies lined up. If there is an angle for negotiating, we will work it," Winston Krone, global managing director at Kivu Consulting in San Francisco, told NBC News.

Krone's team works on behalf of businesses to make the ransomware process go as smoothly as possible.

Since English isn't the first language of many ransomware attackers, Krone said he relies on in-house foreign language speakers to help negotiate with attackers in their native language — usually through a message board.

"It certainly helps when we can approach them in their own language and they calm down a little bit," he said. "Sometimes they are very nervous and they know they are breaking the law."

Often, it's not just about the price. Krone said having a negotiator work with the attacker helps ensure a business is getting the proper decryption tools to unlock their data. Many times, this requires a good faith fee put up first before the cyber criminal receives the full payment, he said.

"A lot of times, we need up to 20 hours working with the attacker getting the decryption to work," Krone said. "They'll help us because it's in their best interest for it to go smoothly."

And while the cyber attackers are committing crimes, Krone said some of the people he has negotiated with have ulterior motives.

"We are having several attackers approaching us wanting to become good guys and go into security consulting," he said. "While a significant amount are pure criminals, others are funding tech start-ups."