What happens after you discover ransomware? You have to talk to the attackers. And that conversation can make or break your entire response.

In this episode, Wade Gettle, a professional ransomware negotiator, pulls back the curtain on the high-stakes world of threat actor negotiations. Wade is the person who gets the call at 2 AM when organizations are facing their worst moment, and he's handled negotiations across every scenario imaginable.

You'll learn:

• What actually happens in the first 72 hours of a ransomware incident
• The psychological tactics threat actors use to manufacture urgency and pressure
• Why those 24-hour deadlines aren't real—and how to buy yourself time
• How threat actors research your financials, insurance policies, and supply chain before making contact
• When data validation saves companies from paying ransoms for data that isn't even theirs
• The real cost of ransomware (spoiler: it's 10x the ransom amount)
• Why paying doesn't guarantee your data back—or that you won't get hit again
• Third-party breaches: the biggest risk vector right now

Key takeaway: Ransomware negotiations are psychological warfare disguised as business transactions. The best defense is being more prepared than the attackers expect you to be.

Resources mentioned in this episode:

• ransomware.live (ransomware group tracking, info, conversations and more)
• ransomlook.io (ransomware group tracking and statistics)
• ChatGPT Ransomware Negotiation Simulator: https://chatgpt.com/g/g-679a6253574c8191a998145044b9c651-ransomsim-ransomware-negotiation-trainer
• Wade Gettle on LinkedIn: https://www.linkedin.com/in/wade-gettle-7733704a/

About the guest: Wade Gettle is a Senior Advisor at Flashpoint and serves as a Cyber Mission Planner for the New York Army National Guard. With a background in intelligence analysis, incident response, and threat intelligence, Wade brings calm to the storm when organizations face their most critical security incidents.

Contact, Courses, and More:

For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn