What happens after you discover ransomware? You have to talk to the attackers. And that conversation can make or break your entire response. In this episode, Wade Gettle, a professional ransomware negotiator, pulls back the curtain on the high-stakes world of threat actor negotiations. Wade is the person who gets the call at 2 AM when organizations are facing their worst moment, and he's handled negotiations across every scenario imaginable. You'll learn: • What actually happens in the first 72 hours of a ransomware incident • The psychological tactics threat actors use to manufacture urgency and pressure • Why those 24-hour deadlines aren't real—and how to buy yourself time • How threat actors research your financials, insurance policies, and supply chain before making contact • When data validation saves companies from paying ransoms for data that isn't even theirs • The real cost of ransomware (spoiler: it's 10x the ransom amount) • Why paying doesn't guarantee your data back—or that you won't get hit again • Third-party breaches: the biggest risk vector right now Key takeaway: Ransomware negotiations are psychological warfare disguised as business transactions. The best defense is being more prepared than the attackers expect you to be. Resources mentioned in this episode: • ransomware.live (https://ransomware.live) (ransomware group tracking, info, conversations and more) • ransomlook.io (https://ransomlook.io) (ransomware group tracking and statistics) • ChatGPT Ransomware Negotiation Simulator: https://chatgpt.com/g/g-679a6253574c8191a998145044b9c651-ransomsim-ransomware-negotiation-trainer • Wade Gettle on LinkedIn: https://www.linkedin.com/in/wade-gettle-7733704a/ About the guest: Wade Gettle is a Senior Advisor at Flashpoint and serves as a Cyber Mission Planner for the New York Army National Guard. With a background in intelligence analysis, incident response, and threat intelligence, Wade brings calm to the storm when organizations face their most critical security incidents. Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live (https://blueprintpodcast.live/) ! Check out John's SOC Training Courses for SOC Analysts and Leaders: • SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations (https://sans.org/sec450) • LDR551: Building and Leader Security Operations Centers (https://sans.org/ldr551) Follow and Connect with John: LinkedIn (https://www.linkedin.com/in/johnlhubbard/)