Remote management and virtual teams work. And we are seeing more of that movement and preference in 2020 from the pandemic and 2021 both from the pandemic and preference to continue. Workers preference and organizational preference.

​One current LinkedIn survey is asking respondents where they prefer to work from: Office, Home or Hybrid of Both. With over 10,000 responses so far, it’s clear that the preference is at least partially from home. The numbers look like this: Hybrid 49%, Home 36%, and Office 15%. So a whopping 85% prefer to work at least partially from home or feel that’s where they do their best work.

Basic risk management on projects hasn’t changed much over time. During the planning phase of any project, the project manager and team need to plan for risks. Plain and simple. Do we manage risk on every project? Sadly, no… or at least not in enough detail. Should we? Definitely. Risk management should be part of every project – even simple projects. Whether you give it an hour or you give it two weeks – risk management always deserves at least a cursory consideration on the project planning checkoff sheet. For detailed and high-tech projects, you will be gravely sorry if you don’t include an adequate amount of time for risk management. For any risk management process there are several key steps to consider as you plan for a successful project.

Document a risk plan​

As the project manager, it is your responsibility to formally document (at the very beginning of the project) how you and your team – along with the customer’s help – will go about identifying, documenting and reacting to risks throughout the project. Gain the customer’s buy-in and sign- off and use it as the yardstick of reference as you move along in your risk management process.

You think you know all there is about project management or can learn it in two weeks if you lack the experience. How hard can it be, right? You’ve managed resources before, right? Ok, let’s move forward and look at what goes into managing a project….
​
Statement of work. Project budget. Project resource plan. Project charter. Project communication plan. Project schedule. Project test plan. Project implementation plan. Technical project documents like the functional design document and technical design document. All of these are put in place just to make the project manager’s life very complicated. That isn’t true, of course, but it seems that way sometimes. Let’s consider what I believe to be are five key things that you need to know right now about managing a project that may clear your mind and help you go into a big project with the right expectations and frame of thought…

Anyone looking for work online will inevitably bump into a conversation about “startup” companies. These young organizations are born to address unique problems with new services or products. Unfortunately, the culture and conversations surrounding startups can turn job seekers away from the opportunities these budding companies offer.

Job seekers need not be discouraged. Startups offer a wide range of opportunities for those on the hunt for work. That fact is on full display among this year’s LinkedIn Top Startups list. The list features a ranking of startups based on growth, engagement and attraction. (You can read more about the methodology here.)

How many jobs are we talking about?

The firms on this year’s 27-country collection of Top Startups have listed 50,000 job openings during the past year. The companies that make up the U.S. list alone have advertised nearly 20,000 jobs. 

Those who aren’t looking to make a big move are in luck: A big chunk of these startups offer flexible working options. Nearly one-third of the jobs advertised by the startups on the U.S. list were for remote positions. The ability to work from home — possibly miles or even states away from the company’s home base — has become a sought-after perk during the pandemic.

While many of the advertised jobs are — or could be — spread out across the country, many of the roles that don’t offer remote working options are clustered in major U.S. coastal cities. Most roles are based in the San Francisco Bay area, for example. The New York City area came in second. The Los Angeles area came in third.

What type of roles do these startups offer?

The startup space is typically centered around the technology industry. As a result, many of the positions offered by these companies are rooted in engineering or information technology. Sales is also a big in-demand area for U.S. startups, according to LinkedIn data.

Don’t let that scare you away from startups altogether, though. These companies are built around solving unique problems in a variety of spaces — from skincare to bed linens. That means these companies need people who can perform several different kinds of roles.

The top startup on the U.S. list and — coincidentally — one of the companies that looked for the most talent over the past year is Better.com, an online-based mortgage company that aims to make the home-buying process easier and more transparent. Yes, Better is looking for engineers and other tech-focused professionals, but it also is on the hunt for people with finance backgrounds, too. Their recent job postings included a loan consultant in Missouri, a loan consultant in Hawaii and a mortgage loan coordinator in North Carolina.

Similarly, Youth To The People also advertises for a lot of non-tech roles. The cosmetic brand, which is No. 8 on the U.S. list, offers products made from superfood ingredients that are sold in sustainable packaging. Some of their recent job postings include a senior regulatory manager for beauty and a sustainability manager — both based in California.

What about pivoting into a tech role?

If you’re considering a move into the tech industry, the timing couldn’t be better and a startup may be an ideal first step. 

Startups are looking for people who are interested in growing and learning as the company evolves. Often, startup founders and leaders are willing to take chances on people who may not have the perfect background but exhibit a willingness to take risks on a new industry and an eagerness to pick up new skills.

In recent years, several tech companies have responded to an increasingly tight labor market by developing onramps into the industry for people with no prior experience. I covered this topic in a recent edition of #GetHired. 

What’s the bottom line?

Startups are an excellent place to look for roles if you’re seeking a new opportunity that is fast-paced and entrepreneurial. Of course, you need to consider the organization, its leadership and your overall career path, just as you would with any other opportunity.

Still, don’t be turned off from startups because of their reputation as tech-focused, youth-obsessed organizations. Our data show that these companies offer a wide range of opportunities for people from many different industries and fields. And they’re located across the country — possibly wherever you prefer to work. 
​
To discover more about startup life and learn more about all of the companies featured on this year’s lists, click here.

Published on September 22, 2021 by Andrew Seaman
Senior Editor for Job Search & Careers at LinkedIn News

Managing projects is not an easy, straightforward task. There are playbooks, but do they really apply to any given project? No. Do they provide a basic framework to follow? Yes, in many cases. But show me an inflexible project manager and I will show you one that will fail more often than succeed. Show me a project manager who is too flexible, and I will show you one who is possibly going to be manipulated by his team or customer and end up with a project that comes in late or over budget and is not deemed a success. There has to be a middle ground. I consider myself to be easy to work with and flexible enough to meet the client’s wants or needs, but I also know when too much is too much and it may be a train wreck.

Which brings me to the title of this article… accepting what you can’t change, but also changing what you can’t accept. What does that really mean?

The customer wants what they want

This is the accepting what you can’t change part. I had a project customer on a very technical project where the customer lead was the head of human resources. He didn’t want to see a project schedule or Gantt Chart or anything like that. He didn’t want to see a detailed project status report. He wanted an issues list – that’s it. And he was stubborn about it. So that’s what I gave him. It’s not how I managed the overall project and the project team, but it is exactly what we used to drive every project meeting and he was elated. In the end, we had a very successful project and our project sponsor never felt overloaded with the PM tool pieces and reporting structure that he didn’t understand and didn’t want to understand.

A while back - it's hard to believe how long ago it really was - I conducted a number of surveys involving project managers and PMOs. I was reviewing the results again the other day and I found the results very interesting all over again. I would venture to say the numbers even likely still hold up today.

Look these over and tell me if you find this interesting and agree with the results...

Past Survey Results
February 2011 PM Survey Results – Five Things You Do the First Week of the Project

My apologies for being so late with the results on this survey, but I’m finally now getting around to the results.  The turnout was good and the responses were a bit diverse. 

What I wanted to know was this:  What are the five key things you do right out of the gate on the project?  What do you do that first critical week of the project in order to get everything started off on the right foot?  It’s a

After careful review and combining similar items into the same general term, here’s what we all came up with.  I wasn’t able to really narrow it down to five things because there were so many good answers in so many critical categories.  Here are the overall top answers from our readers – they fall into these seven categories:

Knowledge transfer from deal closer – the act of meeting with Sales or the account manager or whoever was critical in closing the project deal.  This is primarily to get customer insight, get any report mockups and budget info, and a chance to ask key questions as you prepare to kickoff the project.

Draft/create the project schedule – Sales may have started this for you, but now it’s your turn to take what you have – or start from scratch – and create a useable project schedule with all the details that you can put together at this point in the project.  More detail will of course be obvious as the planning portion of the project progresses.

Secure the project team – The earlier you can assemble the project team, the better, usually.  Starting too early can cause a strain on the project budget, but it is nice to have at least a portion of the team assembled by the time you kick off the project with the customer.

Identify stakeholders – Figure out who the critical stakeholders are on each side of the project.  Knowing who the main customer sponsor can be a huge plus as this first week may be a good time to engage that person in a one on one call prior to kick off.

Establish communication streams – Communication is critical on the project and understanding who is responsible and how and when the communication will happen is very important.  This sets the right expectations and accountabilities right out of the gate.

Review statement of work – Knowing the project statement of work inside and out is important for two key reasons.  It is critical input into the project schedule you are putting together and it is likely going to be the basis for most discussion that will occur at the project kickoff meeting with the customer.

Hold kickoff meeting – Finally, hold the kickoff meeting.  I understand that this isn’t always going to be during the first week of the project landing in your hands, but it will likely be very close to that time frame.  At any rate, most of what you do that first week is going to end up being preparation for that critical kickoff event.

October 2010 PM Survey - PM Frustrations

1. What is your #1 frustration as a project manager?

Lack of management support - 26%
Poor communication in the organization - 21%
Lack of PM authority and decision-making ability - 13%
Lack of planning time allowed - 12%
Lack of funding - 6%
Lack of available tools/processes - 4%
The customer - 2%
Other - 17%

2. Other?

Answers included responses such as...
- too many processes 
- 3rd party vendors
- poor reliability among team members
- bad Sales to PM hand-off

3. Do you routinely network with other PMs to share knowledge, lessons learned, and good/bad feedback?
Sometimes, but no formal or regular process - 63%
Yes - 29%
No - 9%

4. Why do you think most projects fail?
Bad or incomplete requirements - 38%
Poor communication - 19%
Poor planning by delivery team - 12%
Lack of customer involvement - 10%
Budget issues - 5%
Funding goes away - 2%
Other - 14%

5. Other?
Answers included responses such as...
- indecision
- poor management
- lack of stakeholder involvement

August 2010 Survey - Where are You Now?


1. What is your current employment status?
W2 employed in PM-related position - 38%
Working as a PM-related consultant - 31%
W2 employed in non-PM role - 19%
Unemployed - 13%
Self-employed doing non-project work - 0%

2. If  you're looking for work are you....
Not looking, content with  your current situation? - 44%
W2 employed and looking? - 25%
Consulting and looking for W2 employment? - 19%
Unemployed and looking? - 13%

3. If you're looking for work, additional opportunities or have searched for work in the last year, what is your primary source for searching?
Dice - 38%
Other - 30%
Careerbuilder - 15%
Craigslist - 11%
Monster - 6%

4. If you're looking for new or more work for whatever reason, given the economy, what compensation are you expecting in relation to your current or last position?
About the same - 52%
More pay - 17%
Less pay - 14%
Not looking - 11%
Unsure - 6%

5. What salary (or equalized hourly rate) are you at or were you at in your most recent position?
$81-$100k - 32%
$101-$120k - 27%
Less than $60k - 12%
$121-$140k - 9%
$161+k - 8%
$61-$80k - 7%
$141-$160k - 5%

June 2010 PM Survey Results - Managing the Project
1. What is the primary tool that you or your company uses to manage project schedules?
MS Project - 85%
Primavera - 9%
Excel - 2%
Other - 4%

2. Do you allow individual team members update access to the project schedule?
No - 74%
Yes - 13%
On some projects - 13%

3. Do you allow the customer update access to the project schedule?
No - 87%
On some projects - 9%
Yes - 4%

4. Do you track costs/budget through the project scheduling tool or separately?
Separately - 65%
Depends on the project - 22%
Through the scheduling tool - 13%

5. Do you fully use the resource scheduling portion of your scheduling tool to plan and schedule resources and spread efforts (including resource leveling) on tasks or do you just assign resources to tasks within the software tool and do resource planning elsewhere?
Assign resources, but uses a separate tool for managing resource forecasts/actuals - 48%
Fully use the tool for resource planning and scheduling - 35%
Depends on the project - 17%

June 2010 Survey - Managing the Project

1. What do you consider to be the most important characteristic of a good Project Manager?
Good communicator - 52%
Experienced leader - 22%
Wise decision-maker - 12%
Organized professional - 11%
High integrity - 3%

2. From your experience, what is the primary cause of project failure?
Poor communication - 40%
Poor requirements/planning - 26%
Poor project leadership - 15%
Lack of senior management support - 11%
Untracked issues/risks - 6%
Poor governance and/or role definition - 2%

3. How often do you conduct lessons learned sessions on your projects?
Less than 10% of the time - 38%
More than 50% of the time - 34%
Never - 19%
11-25% of the time - 6%
26-50% of the time - 2%

4. In your organization or in your opinion, what is the key factor for determining project success?
Customer satisfaction - 81%
On time delivery - 19%

5. In your opinion, what percentage of the projects that you've led or been involved in have been successful?
51-75% successful - 35%
76% or more successful - 31%
26-50% successful - 19%
11-25% successful - 10%
0-10% successful - 5%

6. What percentage of your projects' revenue usually comes from change orders?
11-25% of revenue - 68%
26-50% of revenue - 15%
51% or more of revenue - 10%
0-10% of revenue - 7%

7. Which of the following are regularly performed on a weekly basis on the projects you lead or are a part of? (check all that apply).
Weekly status reports - 81%
Weekly customer status meetings - 76%
Weekly distribution of revised project schedule - 67%
Weekly internal team meeting - 57%



May 2010 Survey - Equipping the Project Manager

1. Does your organization provide project managers with a formal project life cycle or methodology to follow including processes and templates
Yes - 53%
No - 47%

2. What, if any, software tool does your organization use?
MS Project - 58%
Other desktop software - 5%
Web-based software - 11%
No specific tool - 26%

3. Does your organization issue smartphones to project managers for managing calendars, contacts, and email?
Yes - 32%
No - 68%

4. Does your company issue laptops to project managers and project personnel ?
Yes - 79%
No - 21%

5. How much travel do you do for projects?
0-10% - 84%
11-25% - 5%
25-50% - 11%
50+% - 0%

April 2010 Survey - PMO Effectiveness
1. If you had to choose, would you say that your PMO Director or leader was/is more of a Director or Project Manager? What was that person's primary function, in your opinion? Are they spending more time leading the PMO or are they spending more time as a Project Manager on projects?
PMO Director – 57%
Project Manager – 43% 

2. Were/are consistent, repeatable processes, procedures, and templates in place to help you manage projects and effectively do your job? 
Yes – 34 % 
No – 13% 
Some structure, but still lacking – 53% 

3. Concerning available training, please indicate which of the following is/was true: 
Good training in place both for onboarding and for ongoing development – 6% 
Good onboarding training available, but no ongoing training – 45% 
Good ongoing training available, but no training for onboarding new PMs – 8% 
There was no training available at all – 41% 

4. (Please check all that apply) In terms of PMO visibility with your company's executive leadership (beyond the PMO director)... 
Leadership periodically attended customer meetings and/or project kickoff meetings with customers – 5% Leadership received dashboard reports of PMO projects – 43% 
Leadership periodically attended weekly project status meetings and/or PMO internal group meetings – 10% Leadership had basically no visible involvement in the PMO – 47% 

5. In general, do you feel that your PMO was/is effective? 
Yes  - 42% 
No – 58% 

March 2010 Survey - Remote Project Management


1. Does your current organization support remote project management?

Yes - 76%
No - 24%

2. Are you currently or have you at any time managed projects remotely?

Yes - 82%
No - 18%

3. If yes to #2, what do you like the most about the experience?

Time savings / no commute - 57%
Fewer co-worker distractions - 36%
Fewer supervisor disruptions - 50%
Fewer meaningless meetings - 36%

4. If yes to #2, what did you like least?

Isolation - 21%
Difficult to control team and get feedback - 43%
Frequent electronic communication and no face-to-face - 29%
24/7 availability expectations - 50%

5. If yes to #2, would you do it again / are you still doing it?

Yes - 92%
No - 8%

Building an innovative firm can be challenging if you're not using project management that properly fits your organization. Industry leaders David Capece and Doug Pace created the Agile Management System (AMS) as a tool to help professional service executives manage and scale their growth. The AMS is a five-phase framework that maps out the natural progression of team-building, and includes the necessary tools and strategies to ensure long-term success.


Before diving into the AMS, it is important to consider what stage of growth your company is in.The size of your team dictates your organizational priorities and is the root of the challenges you are facing, which stem from either people, profit, or process. Keep in mind that no two paths to success are the same, but all companies can benefit from using the right project management sys
tem.


Unify

The first phase of the AMS starts with defining a purpose. Before you can grow, you need to define your mission and set goals for your organization so you know what you are aiming for. You will also need to identify opportunities and create a plan for how you will reach your goals, complete with individual steps and checkpoints for the entire operation. And like any beginning phase, you need to have a clearly defined strategy to ensure that everything is aligned with these goals.


If this step looks easy, think again. While this phase may seem unnecessary for organizations who are further in their growth, it is important to continue unifying your team as you bring on more employees. Creating the perfect culture in your organization cannot happen overnight; instead, it has to be nurtured over time to be sustainable. This is often overlooked by larger companies who are too focused on profit, and is the reason they are unable to reach their full potential.


Create

Building the future you envision for your company requires that you go through the process of organizing your resources. Clients should have clear expectations of the services you offer, how they are delivered, and how responsibilities are divided up amongst all stakeholders. Once you have established a successful design of processes and timelines, it should be replicated so that new team members can be trained to produce similar outcomes.


By activating the strategy map created in your initial phases of growth, you will begin to create your sales pipeline and repeatable models. This is how you will scale your business and track the way work is distributed to your team. In this phase you should also evaluate how roles and responsibilities are implemented as new employees join your organization and you continue to grow.


Operate

The daily operations of your organization will be proof of how strong your strategy and system are. In this phase, you will submit deliverables based on the standards you created, and begin to develop a model for managing your organization. Ideally, there will be weekly scorecard reviews to align day-to-day operations with strategic objectives. You should also make sure your success is sustainable over a long period of time, rather than shooting for a short term profit or a quick rise to popularity.


Though it will be challenging, resist the urge to change or start over if you do not immediately see results. Instead, continue to analyze reports and give the process time so that you have meaningful insights to work with. One day’s data cannot speak for an entire year of performance, and the same can be said for new operation techniques.


Automate

Work smarter, not harder. If you want to build a lasting framework for automation in your organization, start with standardizing your process. Having tools like project templates, style guides, and a standardized delivery system will set you up for continued success and efficiency. Not only will this make life as a project manager easier, but it will also allow you to take on more clients and expand your capabilities. Keep in mind that not all processes can be simplified down to a few steps, so establishing automation may require some trial and error.


This is also where you will assess which technology will allow your team to succeed. Creating a centralized location for tools like project templates, style guides, and delivery instructions will set your entire team up for continued success and efficiency. Streamline your processes so you can stand out from the competition.


Accelerate

The last phase of the AMS is all about evaluating and optimizing for growth. Now you have all the tools you need to succeed, and everything in your organization is set up efficiently. At this point your priority should be to strategize for the future and what your next steps toward growth will be. Take the time to recognize where you have been successful, and determine where you want to improve as a company. As your industry evolves, strategize ways you can innovate as a team to become a group of leaders who are able to trend ahead of the curve. Growth always involves risk, but with the right tools and planning you can master the art of pivoting.


David Capece is an innovative leader who founded the award-winning digital agency Sparxoo. He is the founder and CEO of CROOW, a platform designed to help companies unify teams, automate processes, and deliver profitable work.

Doug Pace is a transformative leader who is the founder and CEO of the nationally ranked strategy consultancy Stonehill. His work has provided process and structure to small organizations allowing them to accelerate their growth.

Their combined business expertise led them to publishing their project management and growth tips. If you want to learn more about the Agile Management System, download their free ebook, Level Up.

While leading our projects we like to make sure we are doing so to the best of our abilities, helping our project team gain responsibility and experience, and keeping our project customer engaged. Sticking to overall project management best practices is what we strive for – or at least should be striving for – every time out.


So as we go through our project engagements, let’s consider a few “best practices” litmus tests to perform (if only in our heads) to make sure that we are properly delivering on our projects. If we don’t do this, in my opinion, it can become too easy to fall into a rut of going through the motions on everything and “just running the project.” And by that I mean, doing what you’re “supposed to do” but not necessarily what the project needs or the customer needs or wants and providing that extra WOW factor that customers like to see…it’s what they keep coming back for, right?


There are many things we can do that meet this criteria and what they are and how we do them can depend on the customer, the project, the industry, etc…. but there are a few that you can consistently inject into your projects to make a difference. Here’s my list of five….


Formally kick the project off. Make the project kickoff a formal occasion and make sure all the important people are there. I don’t care if it’s a $50,000 project or a $50 million project. Do this. The $50k project may kickoff over the phone if budget doesn’t allow for a face to face gathering, but still do it…you aren’t limited by technology in this area so make it nice and make it formal. It will set a certain expectation for the project and your customer will appreciate the dog and pony show….trust me.


Document the project well. This is broad, I know. But be thorough and purposeful with your documentation. Create some formal plans that mean something – communication plans on how project discussions will happen, requirements documents putting project scope in perspective for everyone to see, and design documents that help developers move forward with coding and testing the solution they are working on. And get signoff from the customer on these…make them official. Don’t go overboard on the $50k project, and – likewise – don’t just phone it in on the $50 million project. Let the formality and effort match the budget and visibility/importance of the project. But documentation is important so do it right. And peer review all documentation before giving it to the customer. The worst thing you can do for customer confidence is hand over error-filled documentation and plans. Ouch. I’ve been there and it is a very hard hole to dig yourself out of.


Conduct regular status calls with the client. I have to admit that – while I do this for every project - I don’t do this for every consulting engagement. I probably should. I let the size of the engagement and the customer’s wants and needs dictate how that goes – and with frequent contact via email, skype and irregular phone calls everything is usually well covered on consulting gigs. But with projects it’s a different story. Always conduct regular weekly calls with your team and your customer. Always.


Help your customer with testing. I’ve said this before, don’t do the testing for them…and don’t help them too much. Basically, help them be well prepared for it. Help them with test planning and test cases and be there on hand to help when they run into issues (and they will).


Put together a solid closeout checklist. Finally, do a very thorough job with project close out. Don’t just wing it when making sure everything is in proper order for deployment or rollout or implementation of whatever your proper terminology happens to be for the handing off of the final solution. Make sure all deliverables are done and signed off, all tasks are complete, all training is in place, all testing has been done, etc. A good checklist that is put together early on and revised as needed, will do the trick.


Summary


The bottom line here is add value and show value. You are running important projects and you need to show that they matter. You need to put the proper effort into making sure that things are done right. And you can do that by doing more than the absolute minimum effort needed on the project. Look for ways to make your customer happy. Look for ways to get your team fully involved and take ownership of tasks and deliverables. Look for ways to ensure that what you are supposed to deliver is what you are actually delivering. And by following these and other best practices, in the long run, you will actually make your job as project manager easier…not harder. Work smarter, not harder…that’s what my wife always tells me…and I try to listen to her most of the time. It’s a healthy situation.

What ransomware negotiations look likeFear can overwhelm the decision of whether to pay a ransom. But in negotiations, companies have to take a backseat.

Negotiating a ransom down to $0 is possible.

When COVID-19 began to put serious pressure on healthcare organizations, cybercriminals took advantage, especially ransomware gangs. But in at least one instance, a victim healthcare organization was able to level with their attackers.

"The threat actor basically said, 'Hey, we're actually really sorry about that. We're not trying to hit healthcare organizations, we're just going to give you a decrypter," said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security, who has been partnering with third parties since 2019 to negotiate ransom payment.

"One of the most notable experiences I've had is having that free issuing of the decryptor."
 
Drew Schmitt
Principal threat intelligence analyst at GuidePoint Security

Some ransomware groups are "not necessarily just doing what they're doing to watch the world burn. There are varying levels of how some groups feel about their operations," he said. "One of the most notable experiences I've had is having that free issuing of the decryptor."
Not all organizations are as lucky and not all cybercriminals have a moral compass.

Fear lies at the root of the decision of whether to pay a ransom. When considering whether to pay, companies want to know how quickly operations can resume while uncovering the hole that allowed the ransomware in. As for the negotiation, companies have to take a backseat.
"The victim organization is involved very little in the direct negotiations. You don't want the emotions coming through in the negotiations and involving the client directly almost always results in that," said Jake Williams, co-founder and CTO at BreachQuest.

The ransom negotiator business took off in tandem with the rise of ransomware, starting around 2018. As negotiations become a more routine component of incident response, "I don't think it will be its own business for long," said Williams.

Tick tock

When a company onboards negotiators, they hand the reins to professionals with ransomware group experience. There is a sense of familiarity and anecdotes that allow negotiators to adapt to who they're talking to.

The first thing ransomware negotiators do is ensure a secondary backup to communication with the criminals as the actors might disable their email accounts, said Williams.

Historically, ransomware actors would provide the email address for their victims to contact. Now, ransomware actors share a link with instructions on how to interact with them. Once initial contact has been made, negotiations can start.

"Once you reach out and engage the threat actor, that's going to be kind of when your proverbial clock starts," said Schmitt. "That's when they know that you're aware of the situation, you've reached out to them, and they're going to kind of have this timeline in their head of how long this negotiation process should take."

If a company is able to determine what was encrypted or breached during an attack, the negotiator will ask the actor for sample data or screenshots to get a sense of the depth of the infection.

This is the most important role the victim company will play in the negotiation process because "there is no reason to pay if recovering encrypted data has no value. Only the victim company can forecast or ascribe what the value is," said Bill Siegel, co-founder and CEO of Coveware.

Negotiators, at the end of the day, do not make decisions on behalf of the company, Schmitt said. They are there to provide guidance to the victim company, insurance provider, or counsel based on previous interactions with the threat group.

Threat group relations

If a company determines the value of the hacked data could cause harm to the business and there are no effective solutions, fear can return. Payment will feel like the only option, so negotiations proceed.

This is where "we get a temperature check for how amenable the threat actor is to negotiating down the price. We have threat intelligence on groups and know the typical ransom demand movement and timelines for that," said Williams.

Negotiations are seldom linear, though negotiators try to keep the process within a few days of when a ransom note goes live. If a company is tempted to take longer or be more specific in their counteroffers, "it's our experience that that's when a threat actor starts to get a little bit more annoyed with the processor," and even aggressive, said Schmitt. The actors might retaliate and call the whole deal off, revoke the decryption keys, or publish the stolen data.

"Another reason we try to keep it shorter is because we want their attention during that time," especially when the interactions are based on a real-time chat platform, he said. Ransomware actors might lose interest in negotiations lasting longer than a few days and become less communicative.

"At this point, everybody's aware of how busy a lot of these groups are," said Schmitt. "I mean, they have a lot of victims that they're hitting on on a very consistent basis."

The Conti ransomware group, for example, will usually have multiple negotiations going simultaneously. "They're interacting with the client, and not necessarily us. So there's still a little bit more of that veil or obfuscation as to who they're actually talking to," he said.

When the final amount is agreed upon by both parties, they involve a certified money services business (MSB) for the logistics of the payment. The MSB must confirm the group is not sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC), to secure cryptocurrency and complete the transaction.

Insurance companies become involved when the negotiation and payment processes are complete. "They just process claims when the entire process is over," said Siegel.

Customer service check

Ransomware groups pride themselves on their reputation and customer service, relationships between criminal gangs and negotiators do develop. "We have worked with the same ransomware groups on multiple occasions and we rely on our MSB payment partners to ensure their due diligence negates the chance of paying a sanctioned group," said Williams.

However, ransomware groups that employ affiliates can complicate the negotiator-threat group relationship. Affiliates can go rogue, which gangs would have to answer to. Ransomware group SunCrypt claims healthcare organizations are not one of its preferred targets. But last year SunCrypt operators had to clarify a hack on University Hospital in New Jersey was due to a new affiliate.

Though ransomware groups' customer service tends to be accommodating, trusting criminals is not a perfect science. Industry has seen ransomware groups make false promises before — like when Maze operators claimed its ransomware stopped short of "socially significant services," including "hospitals, cancer centers, maternity hospitals and other socially vital objects" in December 2016, but the group proceeded to target healthcare organizations involved in COVID-19 response in 2020.

A similar empty promise was made by the DarkSide gang. In October, DarkSide operators claimed to donate $10,000 in bitcoin to charities. "No matter how bad you think our work is, we are pleased to know that we helped change someone's life," DarkSide operators said, according to Emsisoft research. It's illegal for charities to collect funds illegally obtained anyway, Emsisoft clarified. DarkSide also has a blacklist of targets; affiliates cannot target hospitals, nursing homes, morgues, funeral homes, schools, non-profits, and so forth.

Regardless of who targeted who and why, affiliates are typically not involved in the actual negotiations, according to Schmitt.

Negotiators have profiles of known threat actors, which includes how those actors prefer to negotiate. These profiles can dictate which negotiation strategies are effective when using anecdotal evidence they're based on.

Read More in Strategy

InfoSec teams under pressure to compromise security for productivity: report
Sep 09, 2021

Behind the Firewall: What to do if your vendor has a security incident
Sep 03, 2021

IT-OT crossover relitigates who is responsible for ICS security
Sep 02, 2021

What cyber insurance CEOs want to see from customers
Aug 31, 2021

Why a ban on ransom payments will not work
Aug 27, 2021

Companies are investing in security operations but limited by talent gaps
Aug 25, 2021

Why most companies don't understand speed is vital to cybersecurity
Aug 24, 2021

In the event of a cyber incident, think like a lawyer
Aug 17, 2021

Want to see more stories in Strategy?

When negotiators work with groups using affiliates, they might ask the gang if it was one individual working out of line that caused the attack. But even if the group claims it was an individual act, "we of course can't confirm any of that," said Williams. "If we don't have reputational data on the group, it's hard to send significant sums of cryptocurrency with no means to recover it if you don't know you're getting a decryption key.">

Negotiators have to build trust with cybercriminals, unreliable as that sounds. Trust goes beyond a company's chances of receiving a decryption key because the key may not work as promised.

If we don't have reputational data on the group, it's hard to send significant sums of cryptocurrency with no means to recover it if you don't know you're getting a decryption key."
 
Jake Williams
Co-founder and CTO at BreachQuest

"I've seen [encryption programs] encrypt entire file systems — 100 gigabyte file systems — in about five minutes. The decryption of that same file system took about 36 hours," with some files still missing, said Tyler Hudak, practice lead of incident response at TrustedSec, during a July webcast hosted by NinjaRMM. Costs will accrue despite paying a ransom.

Almost half of organizations that paid a ransom regained access to their data, however, at least some of it was returned corrupted, according to a Cybereason survey of more than 1,200 information security professionals conducted in April. Fifteen percent of respondents said they had no issue with their returned data.

Williams tests the decryption program in a "safe environment" prior to paying, though it's an optional step, he said. "Most malware developers are not software engineers, so there's always a risk that sloppy encryption was performed because the software is buggy."

Recommended Reading:
CYBERSECURITY DIVE: What to consider before paying a ransom
Published Sept. 9, 2021 in Cybersecurity Dive
Samantha Schwartz - Reporter