May 26, 2022

StrategisChhr

Skillful Business Crafters

Grand Junction man negotiates with ransomware ‘bad guys’ | Western Colorado

Eastern Europe can be perilous if you have the kind of job Kurtis Minder has.

It’s a line of work featuring regular correspondence with the FBI and familiarity with the U.S. Treasury Department’s Office of Foreign Asset Control Sanctions list.

Minder operates in the sprawling world of cybersecurity, drawing interest for his work in ransomware negotiation. Ransomware, the cybercrime du jour that shut down Colonial Pipeline last May and ground the city of Atlanta to a halt in 2018, refers to bad actors infiltrating businesses, nonprofit agencies or government services, encrypting important data and then demanding payment to unlock the files.

It’s an interesting field in which to hang a shingle.

“A local friend made the introduction,” recalled John Marshall, president of Colorado Mesa University, of the first time he met Minder. “And he told me this wild story about how he’s grown this wild business.

“We just fortuitously stumbled across literally the world expert in this hot field.”’

‘NOT VERY FRIENDLY’

After a ransomware victim gets a demand from the attackers is where Minder, who co-founded the company GroupSense, steps in. He specializes in a sort of cyber reconnaissance, in addition to the negotiation work. He closed his first such negotiation in July 2020 and has become a significant figure in the world of ransomware negotiations and cybersecurity, having been interviewed in outlets ranging from The New Yorker, to Vice on HBO.

Of course, that notoriety extends to the world of cybercriminals, who Minder discusses the way a football coach might talk about a division rival.

“They don’t generally like firms like us, so it’s generally not very friendly. They’re not saying, like, I’m going to go get Kurtis or something like that,” Minder told The Daily Sentinel, before offering this caveat: “Although, there has been dark web chatter to that degree. But I don’t know if they’re ransomware actors or just other bad guys. Because we make enemies of a lot of bad guys other than just ransomware.”

Minder doesn’t boast of the dangers of his job the way those who meet him might. He also regularly credits his staff, many of whom are former law enforcement or intelligence professionals.

Still, it’s not a boring job, either, and Minder tells a good story, be it about the curious world of cybercrime or a recent motorcycle ride down Colorado Highway 141 to Gateway.

Take for example the firm Minder’s company owns in Sofia, which he won’t be visiting for awhile for decidedly non-COVID-19 reasons.

“That team, I wanted to go see them and I was sort of told off the record to stay out of Bulgaria for right now,” Minder said. “It’s weird. I never imagined myself getting pushed into a white van or anything.”

While he doesn’t see himself as a future tenant of the back of a van, Minder does know the same people hacking into companies he works with are always trying to embarrass him. Minder jokes that his security team “hates me.”

“It does make us a target and we’re paranoid sufficiently,” he said.

Though international, corporate and legal intrigue headline Minder’s profile, in person he’s a polite character who loves BMW motorcycles and earnestly wants to help his clients as well as nonprofits or small businesses who happen to open the wrong email.

“I don’t poke the bear,” Minder said, referring to his digital opponents in the cyber underground. “I’m just trying to help people.”

HOW IT WORKS

GroupSense sports an impressive list of clients that includes some major companies, but not every problem needs the attention of the company’s co-founder. Minder, who is partnering with Colorado Mesa University on a nonprofit aimed at helping small organizations with cybersecurity, now works on two ends of the negotiation spectrum.

“If the asking price for the bad guy is above eight figures, so above $10 million, then I’m involved,” Minder said. “And then the only other time is when the company is so small that they can’t afford to pay our fees and I do it for free.”

That pro bono work is valuable in a realm as specialized as this. Beyond ransomware negotiation, GroupSense helps companies know what they might be vulnerable to. Minder compares it to intelligence agencies spying on foreign countries to find out what they might be capable of and what they might attack.

“Intelligence in business, and specifically in cyber, is the exact same thing. What are the bad guys doing right now, what kinds of tools are they using?” Minder said.

Ransomware attacks, like the Colonial Pipeline attack that threatened one of the nation’s largest fuel providers, often target internet carelessness.

An employee might use their work email to sign up for something at a different website — Minder, when explaining the problem, cites iloveknitting.com as an example, since the domain doesn’t exist yet. If that other website is hacked, that email and the password are compromised and, since people often reuse passwords, it’s easy enough for a hacker to use the credentials they found at iloveknitting.com to log into the company they can extort.

“That site gets hacked opportunistically” Minder said. “They’re not targeting the knitting lady; she just has a site with some vulnerabilities.”

Once the bad actors have access, they lock down important files and demand payment in the form of cryptocurrency like Bitcoin.

GroupSense helps clients first determine if it’s even worth it to retrieve the lost information. If a company can recover their data, or do without, for less than the cost of the ransom, they’ll cut their losses.

If, however, the locked information is valuable enough, then Minder will go to work using a handful of tactics that he certainly didn’t learn in school and that, until recently, had not been used in this application. It’s something GroupSense has gotten pretty good at.

“We traditionally get the rate down below 10% of the original asking on a pretty regular basis. Or below,” Minder said, adding that the cyber insurance companies he talks with note that success rate to be “pretty —ing good.”

Minder, 44, grew up in central Illinois — “Not near Chicago,” he’ll preemptively quip — and spent about a semester and a half in community college before ditching the pursuit altogether.

“We were poor. I was not a great student in high school so I didn’t get any scholarships. I was about a C/D student. I did start going to the local community college with the intent of getting to the point where I might do a four-year degree,” Minder said.

But, by that time Minder was well into his tech career, having gotten a job when he was 16 working nearly full time at an internet service provider. In high school he was writing papers about how users could fake their identity in the early days of the internet and, after reading one of the preeminent books on computer hacking at the time, Minder was already combing through logs at his internet company and kicking out early hackers.

By the time he was taking classes, he was well ahead of what most universities were capable of teaching at the time.

“The stuff I was doing at work wasn’t slightly ahead of what they were teaching, it was years ahead of what they were teaching,” Minder said.

That knack for independent learning carried through Minder’s career all the way into his evolution as a negotiator, where he picked up tips from his colleagues as well as former FBI negotiator Chris Voss, whose book Minder read and who Minder now texts regarding negotiating tactics.

However, what Minder was dealing with — talking someone on another continent down off their opening offer — does not conform to the standards that negotiating dogma relies on.

“They rely on the ability to see my opponent or hear them — so eye contact, body language, tone. That’s not true here,” Minder said.

And it’s not just that millions of dollars are being discussed via keyboard.

“It also assumes that there’s some asymmetry to the leverage. Not true. Bad guy has almost all the leverage. Especially if they took a copy of your financials. Can’t even lie about how much money you have.”

Then there’s the most basic of differences.

“It assumes you speak the same language,” Minder said. “Not true.”

As Minder adapted the craft — with, as he often credits, help from others at his company — the work he was doing drew interest from the Harvard Negotiation Project, which is more or less exactly what it sounds like.

Minder worked with the Harvard Negotiation Project on translating that analog field of study into a digital world. The effort culminated in a presentation Minder did with Voss, the ex-negotiator whose book Minder read when he was starting out.

KARMA AND THE WESTERN SLOPE

Minder believes both that you get out of the universe what you put into it and that BMW produces some of the finest motorcycles around.

While those principles have little in common, Minder is living them both in Grand Junction, having left his GroupSense headquarters outside of Washington D.C. during the pandemic.

“We had this amazing office. Such a bummer,” Minder said of the Ballston, Virginia location. “Super startup-y with the concrete floors and all that.”

After enough days skateboarding around an empty office, Minder mentioned on a conference call that he was moving west, possibly Arizona. Thankfully for the Grand Valley, GroupSense Chief Operating Officer Kelly Milan had just added another property to his Grand Junction real estate portfolio, and he was looking to rent it out.

“I was like, give me the keys. And that was it. And I still rent that house,” Minder said.

After the move, Minder needed a few things that his home office didn’t yet afford and in that, Marshall, the CMU president, saw opportunity.

“It started with, he needed a room for a zoom call,” Marshall said. And the president was happy to oblige, hoping that the right background and a “goodbye from Grand Junction and CMU,” send off from the conference call might get the Mavericks in front of a bigger tech audience.

“It started as a cheap publicity stunt and just kind of grew,” Marshall said.

What it’s grown into is a partnership for a long-running GroupSense effort. Minder is looking to park the philanthropic arm of his work, dubbed GoodSense, in Grand Junction and Colorado Mesa University is ready to help.

The 501c3 non-profit paperwork for GoodSense is now wending its way through the system, but the spirit of providing pro bono help on cyber security matters has a track record at Minder’s company.

“We’re all very altruistic in nature,” Minder said, adding that staffers at GroupSense will bring up different organizations or groups to help and be empowered to do so. Essentially, GoodSense will formalize that effort and allow Minder and his colleagues to continue helping out small organizations, something he’s already started to do through some relationships in Grand Junction.

And Minder builds these relationships quickly. He has a knack for getting to know people — he doesn’t just know who he might see on a motorcycle trip to Gateway, but also how many miles they’ve got on their Indian Chieftain — and has already provided some help for companies and organizations in Grand Junction.

Cyber security changes quickly and Minder doesn’t scoff at those who aren’t sufficiently protected because, he says, the scope of the problem is such that no one person could be expected to stay on top of it.

Fortunately, he thinks there’s some low-hanging solutions to the issue that don’t involve FBI investigations or international diplomacy.

A common refrain about cybersecurity is to describe it as a war, which Minder says is only partially true.

“It’s kind of a weird war. The bad guys have a bunch of spears, and they’re going to throw the spears at us, and we have a bunch of shields on the ground.”

Much like the axiom that most burglaries are crimes of opportunity — targeting unlocked houses or cars left running in the driveway — cybercrimes go after easy targets and picking up the shields in Minder’s metaphor is a good place to start.

“Eventually they’d run out of spears or they’d throw spears at someone else,” Minder said.

GoodSense will help do that. The idea melds the acumen and resources of GroupSense with the talent pool at CMU to create a nonprofit that can scale up to help Main Street America become as savvy to the perils of the online world as Fortune 500 companies have.

“We’re going to provide ransomware (help) but also cyber hygiene instruction and services for small businesses that meet a certain criteria for free,” Minder said, adding that the board of the nonprofit will range from Grand Junction locals to big names in the cyber security industry.

The nonprofit organization creates enormous potential for CMU and Grand Junction, from protecting local businesses from dubious emails all the way up to a pipeline of future cyber experts graduating from CMU.

Marshall, who is used to partnering with experts across industry, said an opportunity like this is difficult to fathom for a place like CMU.

“To state the obvious, Kurtis doesn’t really need us,” Marshall quipped.

But for Minder, a believer in karma, the priority is the same whether it’s a $10 million negotiation for a top client or creating an opportunity for a junior in college.

He’s just trying to help.


https://www.gjsentinel.com/news/western_colorado/wild-business/article_fcabd840-86ba-11ec-a7dd-c3112d839147.html