https://live.paloaltonetworks.com/t5/threat-vector/threat-vector-inside-ransomware-negotiations-trust-criminals-or/ta-p/1249891 <DIV class="lia-message-template-content-zone"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Threat Vector Template (1).jpg" style="width: 960px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/70915i58C9F663FF553086/image-size/large?v=v2&amp;px=999" role="button" title="Threat Vector Template (1).jpg" alt="Threat Vector Template (1).jpg" /></span></P> <P>&nbsp;</P> <P><STRONG>What happens when you're face-to-face with a ransomware gang demanding millions—and every decision could determine whether your company survives?</STRONG></P> <P>&nbsp;</P> <P><A href="https://www.linkedin.com/in/jeremy-dbrown-189693340" target="_blank"><SPAN>Jeremy D. Brown</SPAN></A><SPAN>, Consulting Director at Palo Alto Networks Unit 42 with nearly seven years negotiating with cyber criminals, reveals the hidden world of ransomware negotiations. With hundreds of negotiations under his belt, Jeremy knows which groups honor their promises, which ones to never pay, and exactly what mistakes can cost you everything.</SPAN></P> <P>&nbsp;</P> <P><STRONG>You'll learn:</STRONG></P> <UL> <LI style="font-weight: 400;" aria-level="1"><SPAN>Why contacting a threat actor doesn't mean you have to pay (the #1 misconception that paralyzes victims)</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>How to extract critical forensic intelligence from attackers during initial contact</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>The fatal mistakes organizations make that destroy their negotiation leverage</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>Which ransomware groups are sanctioned entities that will land you in legal trouble if you pay</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>Why being polite to criminals actually gets you better outcomes than hostility</SPAN></LI> </UL> <P><SPAN>Jeremy has negotiated with everyone from aggressive groups who email your executives to methodical operators following strict playbooks. He's seen organizations with backups walk away and others pay millions for decryption keys. Managing over 100 incidents, Jeremy has tracked how double extortion evolved from rare to standard practice, and now watches single extortion (data theft without encryption) surge again.</SPAN></P> <P><SPAN>This episode is essential for CISOs who need a negotiation plan before the crisis hits, incident responders building their skillset, and executives who must understand that ransomware response is about far more than just paying or not paying.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG>Related Episodes:</STRONG></P> <UL> <LI style="font-weight: 400;" aria-level="1"><A href="https://www.paloaltonetworks.com/podcasts/threat-vector" target="_blank"><SPAN>Mastering the Basics: Cyber Hygiene and Risk Management</SPAN></A><SPAN> -</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><A href="https://www.paloaltonetworks.com/podcasts/threat-vector" target="_blank"><SPAN>Crisis in the Kitchen</SPAN></A></LI> </UL> <P>&nbsp;</P> <P><STRONG>Join the conversation on our social media channels:</STRONG></P> <UL> <LI style="font-weight: 400;" aria-level="1"><STRONG>Website</STRONG><SPAN>:</SPAN><A href="https://www.paloaltonetworks.com/unit42" target="_blank"> <SPAN>⁠⁠⁠⁠https://www.paloaltonetworks.com/</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>Threat Research:</STRONG><A href="https://unit42.paloaltonetworks.com/" target="_blank"> <SPAN>⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>Facebook:</STRONG><A href="https://www.facebook.com/LifeatPaloAltoNetworks/" target="_blank"> <SPAN>⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>LinkedIn:</STRONG><A href="https://www.linkedin.com/company/unit42/" target="_blank"> <SPAN>⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>YouTube:</STRONG> <SPAN>@paloaltonetworks</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG style="font-family: inherit;">Twitter:</STRONG><A style="font-family: inherit; background-color: #ffffff;" href="https://twitter.com/PaloAltoNtwks" target="_blank"> ⁠⁠⁠⁠</A><A style="font-family: inherit; background-color: #ffffff;" href="https://twitter.com/PaloAltoNtwks%E2%81%A0%E2%81%A0%E2%81%A0%E2%81%A0" target="_blank">https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠</A></LI> </UL> <IFRAME src="https://playlist.megaphone.fm?e=CYBW4758051562" width="100%" height="200" frameborder="0" scrolling="no"></IFRAME> <P>&nbsp;</P> </DIV> Thu, 19 Mar 2026 16:00:00 GMT dmoulton 2026-03-19T16:00:00Z https://live.paloaltonetworks.com/t5/threat-vector/threat-vector-inside-ransomware-negotiations-trust-criminals-or/ta-p/1249891 <DIV class="lia-message-template-content-zone"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Threat Vector Template (1).jpg" style="width: 960px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/70915i58C9F663FF553086/image-size/large?v=v2&amp;px=999" role="button" title="Threat Vector Template (1).jpg" alt="Threat Vector Template (1).jpg" /></span></P> <P>&nbsp;</P> <P><STRONG>What happens when you're face-to-face with a ransomware gang demanding millions—and every decision could determine whether your company survives?</STRONG></P> <P>&nbsp;</P> <P><A href="https://www.linkedin.com/in/jeremy-dbrown-189693340" target="_blank"><SPAN>Jeremy D. Brown</SPAN></A><SPAN>, Consulting Director at Palo Alto Networks Unit 42 with nearly seven years negotiating with cyber criminals, reveals the hidden world of ransomware negotiations. With hundreds of negotiations under his belt, Jeremy knows which groups honor their promises, which ones to never pay, and exactly what mistakes can cost you everything.</SPAN></P> <P>&nbsp;</P> <P><STRONG>You'll learn:</STRONG></P> <UL> <LI style="font-weight: 400;" aria-level="1"><SPAN>Why contacting a threat actor doesn't mean you have to pay (the #1 misconception that paralyzes victims)</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>How to extract critical forensic intelligence from attackers during initial contact</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>The fatal mistakes organizations make that destroy their negotiation leverage</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>Which ransomware groups are sanctioned entities that will land you in legal trouble if you pay</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN>Why being polite to criminals actually gets you better outcomes than hostility</SPAN></LI> </UL> <P><SPAN>Jeremy has negotiated with everyone from aggressive groups who email your executives to methodical operators following strict playbooks. He's seen organizations with backups walk away and others pay millions for decryption keys. Managing over 100 incidents, Jeremy has tracked how double extortion evolved from rare to standard practice, and now watches single extortion (data theft without encryption) surge again.</SPAN></P> <P><SPAN>This episode is essential for CISOs who need a negotiation plan before the crisis hits, incident responders building their skillset, and executives who must understand that ransomware response is about far more than just paying or not paying.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG>Related Episodes:</STRONG></P> <UL> <LI style="font-weight: 400;" aria-level="1"><A href="https://www.paloaltonetworks.com/podcasts/threat-vector" target="_blank"><SPAN>Mastering the Basics: Cyber Hygiene and Risk Management</SPAN></A><SPAN> -</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><A href="https://www.paloaltonetworks.com/podcasts/threat-vector" target="_blank"><SPAN>Crisis in the Kitchen</SPAN></A></LI> </UL> <P>&nbsp;</P> <P><STRONG>Join the conversation on our social media channels:</STRONG></P> <UL> <LI style="font-weight: 400;" aria-level="1"><STRONG>Website</STRONG><SPAN>:</SPAN><A href="https://www.paloaltonetworks.com/unit42" target="_blank"> <SPAN>⁠⁠⁠⁠https://www.paloaltonetworks.com/</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>Threat Research:</STRONG><A href="https://unit42.paloaltonetworks.com/" target="_blank"> <SPAN>⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>Facebook:</STRONG><A href="https://www.facebook.com/LifeatPaloAltoNetworks/" target="_blank"> <SPAN>⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>LinkedIn:</STRONG><A href="https://www.linkedin.com/company/unit42/" target="_blank"> <SPAN>⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠</SPAN></A></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>YouTube:</STRONG> <SPAN>@paloaltonetworks</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG style="font-family: inherit;">Twitter:</STRONG><A style="font-family: inherit; background-color: #ffffff;" href="https://twitter.com/PaloAltoNtwks" target="_blank"> ⁠⁠⁠⁠</A><A style="font-family: inherit; background-color: #ffffff;" href="https://twitter.com/PaloAltoNtwks%E2%81%A0%E2%81%A0%E2%81%A0%E2%81%A0" target="_blank">https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠</A></LI> </UL> <IFRAME src="https://playlist.megaphone.fm?e=CYBW4758051562" width="100%" height="200" frameborder="0" scrolling="no"></IFRAME> <P>&nbsp;</P> </DIV> Thu, 19 Mar 2026 16:00:00 GMT https://live.paloaltonetworks.com/t5/threat-vector/threat-vector-inside-ransomware-negotiations-trust-criminals-or/ta-p/1249891 dmoulton 2026-03-19T16:00:00Z