Top Ransom Negotiator, Incident Response & Digital Forensic Expert, and US Air Force Veteran met with the Cybersecurity Students

By Emilia Chiscop-Head

11/20/23

Top Ransom Negotiator, Incident Response & Digital Forensic Expert, and US Air Force Veteran met with the Cybersecurity Students

SHARE

Twitter/X Logo LinkedIn Logo Facebook Logo
Billy Evans in front of the Cybersecurity, Law and Public Policy students
Top Ransom Negotiator, Incident Response & Digital Forensic Expert, and US Air Force Veteran met with the Cybersecurity Students

Students from the Duke Cybersecurity Master’s Program, Sanford School of Public Policy and Law School met with an experienced ransom negotiator on Friday, November 10. Billy Evans, Jr., the Chief Operating Officer for Kivu Consulting, was invited to provide a lecture on his career and work experience to students by Arturo Ehuan, Director of the Master of Engineering in Cybersecurity,  “We are very fortunate to have a ransom negotiator with us today,” said Professor Ehuan about Evans, an expert in computer forensics and digital evidence analysis with more than a quarter-century of service in the U.S. military.

Billy Evans provided an anatomic analysis of ransomware attacks, including threat actors, their tactics and behaviors, their methods and the strategies of ransom negotiating for companies to counteract and minimize the impact. “Negotiations are highly stressful, very exciting and also very rewarding,” said Billy Evans. He described how the attackers prepare for their attacks, how they steal data and, when they are ready, start harassing the company. “Typically, after they have the data, they start calling employees and ask for money. The ransom requests vary from a few hundreds of dollars to hundreds of millions,” Evans said. He added that bad actors steal financial information and insurance policies which gives them information about companies’ capabilities to pay them. “When we start our job, we need to understand that we represent a client who is completely stretched out, their business is down. The first thing we try to do is to  decrypt the systems and help them be back online, which also gives us time,” said Mr. Evans who continued to describe how Kivu Consulting starts to analyze an attack, what information sources are being used and what elements are considered when a negotiation strategy is developed. “My longest negotiation was 42 days long during which the threat actor received zero money,” Mr. Evans recalled. The audience laughed when the speaker showed conversations from the negotiation process showing the frustration of an attacker. However, there is a fine line that negotiators need to consider preventing negotiation failures which result in data leaks with harmful consequences for the company and its users. His work in ransom negotiations has been highly successful, with an average of more than 50% of the initial ransom demands being discounted., Mr. Evans ended his presentation with 20 key steps that companies need to take to prevent threats. These include staff training, multifactor authentication, data mapping, complex password management, risk assessments, and more. “If these steps were put in place, companies would be protected or, at the very least, our work would be much easier,” Billy Evans said.

Prior to joining the Kivu team in 2022, Billy Evans was a Regional Vice President of Worldwide Sales and Breach Response at Unit 42 (formerly The Crypsis Group), by Palo Alto Networks. He had worked as a cybercrime investigator and special agent with the U.S. Air Force Office of Special Investigations (AFOSI), with top secret security clearances, managing and overseeing complex cyber incident response actions, investigations, and security projects.

You may also be interested in: