Skip to main content

Ransomware groups are looking for new recruits with solid negotiation skills

Ransomware
(Image credit: Image source: Shutterstock/Nicescene)

Are you a team player? Do you work well under stress? Are you a people-person, skilled in negotiation and well-versed in English language? If you answered all of the above with a resounding “yes”, then congratulations, you could easily get a job as a cybercriminal.

A new report from threat intelligence service provider Kela says cybercrime groups have started to resemble corporations, with clear hierarchical structures and diversified roles. 

While coders, network and security experts are a must within a cybercrime group, a new role is gaining popularity, Kela says: negotiation expert. According to the report, numerous “job postings” have started popping up on the dark web, suggesting cybercriminal groups (mostly Russian) are looking for negotiation specialists, possibly with insider secrets and with good knowledge of the English language. This move is thought to have come in response to corporations bringing in their own negotiation experts to handle ransomware attacks.

“Victims started using negotiators – while a few years ago there was no such profession, now there is a demand for negotiating services,” said Kela researcher Victoria Kivilevich. “Ransomware-negotiation specialists partner with the insurance companies and have no lack of clients. Ransom actors had to up their game as well, in order to make good margins.”

While it’s hard to determine the salary for such a position, a few examples show that ransomware operators are happy to give away as much as 20 percent of the ransom to the negotiator.