Calling in the ransomware negotiator, with Kurtis Minder: Lock and Code S03E20

Ransomware can send any company into crisis. 

Immediately following an attack, the notoriously disruptive malware can spread across networks and machines, locking up important files and rendering vital data almost useless for all employees. As we learned in a previous episode of Lock and Code, a ransomware attack not only threatens an organization’s clients and external customers, but all the internal teams who are just trying to do their jobs. When Northshore School District was hit several years ago by ransomware, teacher and staff pay were threatened, and children’s school lunches needed to be reworked because the payment system had been wiped out. 

These threats are not new. If anything, the potential damage and fallout of a ransomware attack is more publicly known than ever before, which might explain why a new form of ransomware response has emerged in the past year—the ransomware negotiator.

Increasingly, companies are seeking the help of ransomware negotiators to handle their response to a ransomware attack. The negotiator, or negotiators, can work closely with a company’s executives, security staff, legal department, and press handlers to accurately and firmly represent the company’s needs during a ransomware attack. Does the company refuse to pay the ransom because of policy? The ransomware negotiator can help communicate that. Is the company open to paying, but not the full amount demanded? The negotiator can help there, too. What if the company wants to delay the attackers, hoping to gain some much-needed time to rebuild systems? The negotiator will help there, too. 

Today, on the Lock and Code podcast with host David Ruiz, we speak with Kurtis Minder, CEO of the cyber reconnaissance company GroupSense about the intricate work of ransomware negotiation. Minder himself has helped clients with ransomware negotiation and his company has worked to formalize ransomware negotiation training. In his experience, Minder has also learned that the current debate over whether companies should pay the ransom has too few options. For a lot of small and medium-sized businesses, the question isn’t an ideological one, but an existential one: Pay the ransom or go out of business.   

“What you don’t hear about is the thousands and thousands of small businesses in middle America, main street America—they get hit… they’re either going to pay a ransom or they’re going to go out of business.”

Tune in today to listen to Minder discuss how a company decides to engage a ransomware negotiator, what a ransomware negotiator’s experience and background consist of, and what the actual work of ransomware negotiation involves.

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (
Licensed under Creative Commons: By Attribution 4.0 License
Outro Music: “Good God” by Wowa (