Episode Description
What happens after you discover ransomware? You have to talk to the attackers. And that conversation can make or break your entire response.
In this episode, Wade Gettle, a professional ransomware negotiator, pulls back the curtain on the high-stakes world of threat actor negotiations. Wade is the person who gets the call at 2 AM when organizations are facing their worst moment, and he's handled negotiations across every scenario imaginable.
You'll learn:
- What actually happens in the first 72 hours of a ransomware incident
- The psychological tactics threat actors use to manufacture urgency and pressure
- Why those 24-hour deadlines aren't real—and how to buy yourself time
- How threat actors research your financials, insurance policies, and supply chain before making contact
- When data validation saves companies from paying ransoms for data that isn't even theirs
- The real cost of ransomware (spoiler: it's 10x the ransom amount)
- Why paying doesn't guarantee your data back—or that you won't get hit again
- Third-party breaches: the biggest risk vector right now
Key takeaway: Ransomware negotiations are psychological warfare disguised as business transactions. The best defense is being more prepared than the attackers expect you to be.
Resources mentioned in this episode:
- ransomware.live (ransomware group tracking, info, conversations and more)
- ransomlook.io (ransomware group tracking and statistics)
- ChatGPT Ransomware Negotiation Simulator: https://chatgpt.com/g/g-679a6253574c8191a998145044b9c651-ransomsim-ransomware-negotiation-trainer
- Wade Gettle on LinkedIn: https://www.linkedin.com/in/wade-gettle-7733704a/
About the guest: Wade Gettle is a Senior Advisor at Flashpoint and serves as a Cyber Mission Planner for the New York Army National Guard. With a background in intelligence analysis, incident response, and threat intelligence, Wade brings calm to the storm when organizations face their most critical security incidents.
Contact, Courses, and More:
For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn