By PAULA TRACY, InDepthNH.org
A Portsmouth firm will perform cybersecurity negotiations in Chinese and Russian for the state, among other languages, and pay cyber ransom in cryptocurrency with a stockpile readily available under a contract unanimously approved this week by the state’s Executive Council.
Time is of the essence when a system is hacked and you can’t get your data, and the money demanded to get your data back is crypto, Gov. Chris Sununu and the council were told.
The ATOM Group LCC of Portsmouth will be there to talk to hackers in their language in the hope to negotiate down or out of any ransom paid out.
In August 2021 the town of Peterborough lost $2.3 million in taxpayer funds in a cyberattack.
When Peterborough’s monthly check to ConVal School District for $1.2 million and a payment to a contractor for the downtown roadwork, did not go through but were gone from the bank, they called federal authorities and The ATOM Group.
A listing of other municipal attacks can be found here https://www.seculore.com/resources/cyber-attack-archive/new-hampshire.
There are two parts to this contract.
For $210,000, it will provide 200 hours of cybersecurity per year for four years. The other part is for 100 hours of cybersecurity testing and remediation a year through December 2026 using 100 percent federal funds through the New Hampshire Department of Information Technology, (DOIT.)
The contract was unanimously approved at the Governor and Executive Council table in New London Tuesday at the New London Playhouse Theater.
This was after the council learned a little bit about negotiating with cyber crooks.
The state has a better chance to negotiate down the ransom in their native tongue and quick access to crypto is key.
This contract is a huge discount deal, Denis Goulet, commissioner of the Department of Information Technology, wrote in recommending the contract and only at a discount to the state because it is leverage for an existing public-private partnership forged by the New Hampshire Public Risk Management Exchange (PRIMEX.)
Goulet was asked about the contract by Executive Councilor Joe Kenney, R-Wakefield.
Goulet said that this and another attendant contract is among a few that have come or are coming to the council table on issues related to protecting citizen and government data from cyberattacks. He said this was “the key and the final piece” to the main project for state cybersecurity.
“Any system we have that gets ransomed, it almost guarantees to affect citizens or businesses in this state,” Goulet said.
“The really complex part is a new industry that has sprung up since the advent of ransomware. And there are two pieces to that. One piece is negotiations. So when you get ransomed, where they have taken away the access to your data, right, and they want money so you can get access back.
“So typically what happens is you negotiate to try to get that rate down, if you have to, of course, this is a last-ditch thing, you would never want to do this, but we want to make sure we have that protection in place. So what the data group and the insurance industry have found is if you have native speakers who speak Chinese, Russian, or whatever country is the origin of the ransomware attack, you have a much better chance of getting your ransom negotiated down, and in some cases, down to nothing,” Goulet said.
There are examples, he said of a native-speaking negotiator speaking the same language as the criminal, and the ransom is dropped.
“The criminal says, ‘wait a minute, we wanted to ransom Americans not Chinese’ or whatever the case may be,” he said.
“But in any case, less money out,” he said.
Goulet said the state wants to have vendors who know the landscape, and language and be on the cutting edge of an ever-changing criminal enterprise in cyberspace.
The goal is to have “the best possibility of protecting that property of the government and citizen data,” and not have to go down that hole in the first place.
According to its Facebook page, https://www.facebook.com/ATOMPORTSMOUTH/ ATOM Group is the state’s number one cybersecurity firm.
An attempt to reach officials at the company was not immediately successful.
Also, an attempt to reach Ryan Aubert, state IT contract manager for DOIT, for further details on the contract was also not immediately successful.
Goulet said when dealing with cyber thieves there are two categories for government to consider. One is prevention and the other for recovery and response.
He said having no incident is by far the preferred route rather than having to negotiate out a ransom request.
The second part is the aspect of cryptocurrency.
“The criminals always want to be paid in it,” Goulet said.
A cryptocurrency is a digital form of currency designed for exchange online, with no central authority to maintain its value. It has fluctuated in value drastically and is now down.
Bitcoin and recently in the news, Ethereum Max, are examples of crypto.
The latter was in the news this week for paying social media influencer Kim Kardashian $250,000 to promote it to her estimated 328 million online followers. The federal government claimed she failed to report the payment to the public as required by law.
While she did not admit guilt, Kardashian paid out a $1.26 million fine after the reports of the action by the federal Securities Exchange Commission.
As for the state paying out ransom in crypto, Goulet said, “As a state, we are not experts at doing this. So what we have contracted is they keep a fund of crypto ready. If we were to need it, it would be there immediately. We would have to reimburse on the value of that crypto but we wouldn’t have to go through all the hoops. As time is of the essence, right? You know if we are ransomed…state services aren’t happening, this is a way of shortening that time frame,” and reducing loss.