How to Negotiate with Ransomware Hackers | The New Yorker
How to Negotiate with Ransomware Hackers
Kurtis Minder finds the cat-and-mouse energy of outsmarting criminal syndicates deeply satisfying.
By Rachel Monroe
May 31, 2021
Kurtis Minder
The rise of ransomware has led to new career opportunities for Kurtis Minder.Photograph by David Williams for The New Yorker
Afew days after Thanksgiving last year, Kurtis Minder got a message from a man whose small construction-engineering firm in upstate New York had been hacked. Minder and his security company, GroupSense, got calls and e-mails like this all the time now, many of them tinged with panic. An employee at a brewery, or a printshop, or a Web-design company would show up for work one morning and find all the computer files locked and a ransom note demanding a cryptocurrency payment to release them.
Some of the notes were aggressive (“Don’t take us for fools, we know more about you than you know about yourself”), others insouciant (“Oops, your important files are encrypted”) or faux apologetic (“we are regret but all your files was encrypted”). Some messages couched their extortion as a legitimate business transaction, as if the hackers had performed a helpful security audit: “Gentlemen! Your business is at serious risk. There is a significant hole in the security system of your company.”
The notes typically included a link to a site on the dark Web, the part of the Internet that requires special software for access, where people go to do clandestine things. When victims went to the site, a clock popped up, marking the handful of days they had to fulfill the ransom demand. The clock began to tick down ominously, like a timer connected to a bomb in an action movie. A chat box enabled a conversation with the hackers.
In the past year, a surge of ransomware attacks has made a disruptive period even more difficult. In December, the acting head of the federal Cybersecurity and Infrastructure Security Agency said that ransomware was “quickly becoming a national emergency.” Hackers hit vaccine manufacturers and research labs. Hospitals lost access to chemotherapy protocols; school districts cancelled classes. Companies scrambling to accommodate a fully remote workforce found themselves newly vulnerable to hackers. In May, an attack by the ransomware group DarkSide forced the shutdown of Colonial Pipeline’s network, which supplies fuel to much of the East Coast. The shutdown, which pushed up gas prices and led to a spate of panic-buying, put a spotlight on ransomware’s potential to disable critical infrastructure. A week after the attack, once Colonial paid a ransom of $4.4 million to get its systems back online, eighty per cent of gas stations in Washington, D.C., still had no fuel.
The F.B.I. advises victims to avoid negotiating with hackers, arguing that paying ransoms incentivizes criminal behavior. This puts victims in a tricky position. “To just tell a hospital that they can’t pay—I’m just incredulous at the notion,” Philip Reiner, the C.E.O. of the nonprofit Institute for Security and Technology, told me. “What do you expect them to do, just shut down and let people die?” Organizations that don’t pay ransoms can spend months rebuilding their systems; if customer data are stolen and leaked as part of an attack, they may be fined by regulators. In 2018, the city of Atlanta declined to pay a ransom of approximately fifty thousand dollars. Instead, in an effort to recover from the attack, it spent more than two million dollars on crisis P.R., digital forensics, and consulting. For every ransomware case that makes the news, there are many more small and medium-sized companies that prefer to keep breaches under wraps, and more than half of them pay their hackers, according to data from the cybersecurity firm Kaspersky.
For the past year, Minder, who is forty-four years old, has been managing the fraught discussions between companies and hackers as a ransomware negotiator, a role that didn’t exist only a few years ago. The half-dozen ransomware-negotiation specialists, and the insurance companies they regularly partner with, help people navigate the world of cyber extortion. But they’ve also been accused of abetting crime by facilitating payments to hackers. Still, with ransomware on the rise, they have no lack of clients. Minder, who is mild and unpretentious, and whose conversation is punctuated by self-deprecating laughter, has become an accidental expert. “While I’ve been talking to you, I’ve already gotten two calls,” he told me when we video-chatted in March.
The man who reached out to him in November explained that the attack, the work of a hacking syndicate known as REvil, had rendered the company’s contracts and architectural plans inaccessible; every day the files remained locked was another day the staff couldn’t work. “They didn’t even have an I.T. person on staff,” Minder said. The company had no cyber-insurance policy. The man explained that he had been in touch with a company in Florida that had promised to decrypt the files, but it had stopped replying to his e-mails. He wanted Minder to negotiate with the hackers to get the decryption key. “The people who reach out to me are upset,” Minder told me. “They’re very, very upset.”
As a child, Minder visited his father at the mill where he worked, in central Illinois, and watched him hoist fifty-pound sacks of flour. His mother, who worked for the state, sat in an air-conditioned office with a cup of coffee. He didn’t quite understand what her job was, other than that it seemed to involve a lot of typing. “I was, like, whatever that typing job is, that’s what I want,” Minder told me.
After college, in the early nineties, he got a tech-support job at a local Internet-service provider. Within a year, he was promoted to assistant systems administrator, a job that entailed keeping tabs on the server logs. He began to notice a strange pattern, which he eventually realized was evidence of hackers. “They would use our routers as what we would now call a pivot point—bouncing off them to attack someone else, so the attack looked like it was coming from us,” he said. The attackers were typically hobbyists who were more interested in showing off their skills than in wreaking real havoc; Minder found the cat-and-mouse energy of outsmarting them deeply satisfying.
By that time, hackers had proved that they could inflict serious damage. In 1989, twenty thousand public-health researchers around the world received a floppy disk purporting to contain an informational program about aids. But the disk also included a malicious program that is now considered the first instance of ransomware. After users rebooted their computers ninety times, a text box appeared on the screen, informing them that their files were locked. Then their printers spat out a ransom note instructing them to mail a hundred and eighty-nine dollars to a post-office box in Panama. The malware, which came to be known as the aids Trojan, was created by Joseph Popp, a Harvard-trained evolutionary biologist. Popp, whose behavior grew increasingly erratic after his arrest, was declared unfit to stand trial; he later founded a butterfly sanctuary in upstate New York.
VIDEO FROM THE NEW YORKER
Popp’s strategy—encrypting files with a private key and demanding a fee to unlock them—is frequently used by ransomware groups today. But hackers initially preferred an approach known as scareware, in which they infected a computer with a virus that manifested as multiplying pop-ups with ominous messages: “security warning! Your Privacy and Security are in danger.” The pop-ups told users to buy a certain antivirus software to protect their systems. Hackers posing as software companies could then receive credit-card payments, which were unavailable to those deploying ransomware. In the early two-thousands, ransomware hackers typically demanded a few hundred dollars, in the form of gift cards or prepaid debit cards, and getting hold of the money required middlemen, who siphoned off much of the profits.
ADVERTISEMENT
The calculus changed with the launch of Bitcoin, in 2009. Now that people could receive digital payments without revealing their identity, ransomware became more lucrative. When Minder founded GroupSense, in Arlington, Virginia, in 2014, the cybersecurity threat on everyone’s mind was data breaches—the theft of consumer data, like bank-account information or Social Security numbers. Minder hired analysts who spoke Russian and Ukrainian and Urdu. Posing as cybercriminals, they lurked on dark-Web marketplaces, seeing who was selling information stolen from corporate networks. But, as upgrades to security systems made data breaches more challenging, cybercriminals increasingly turned to ransomware. By 2015, the F.B.I. estimated that the U.S. was subjected to a thousand ransomware attacks per day; the next year, that number quadrupled. Mike Phillips, the head of claims for the cyber-insurance company Resilience, told me, “Now it’s ransomware first and only, and everything else is a distant second.”
Criminal syndicates are behind most ransomware attacks. In their online interactions, they display a mixture of adolescent posturing and professionalism: they have a fondness for video-game references and the word “evil,” but they also employ an increasingly sophisticated business structure. The larger groups establish call centers to help talk victims through the confusing process of obtaining cryptocurrency, and they promise discounts to those who pay up in a timely fashion. Some ransomware groups, including REvil, work on the affiliate model, providing hackers with the tools to deploy attacks in exchange for a share of the profits. (REvil also handles ransom negotiations on behalf of its affiliates.) “It’s way too easy to get into this,” Reiner, of the I.S.T., told me. “You or I could do it—you just hire it out. There’s been an incredible commoditization of the entire process.”
Hackers use various techniques to gain access to a company’s computers, from embedding malware in an e-mail attachment to using stolen passwords to log in to the remote desktops that workers use to connect to company networks. Many of the syndicates are based in Russia or former Soviet republics; sometimes their malware includes code that stops an attack on a computer if its language is set to Russian, Belarusian, or Ukrainian. Some of the syndicates employ current or former members of the military, but they seem to care more about money than about geopolitical machinations. “We are apolitical,” a man claiming to be an REvil representative said in an interview with a Russian YouTuber. “No politics at all. We don’t care who’s going to be President. We worked, we work, and we will work.”
Phillips told me, “Paying a ransom, you worry about it being venture capital for this dark-Web Silicon Valley on the other side of the world.” Ransomware groups, like their Silicon Valley counterparts, move fast and break things. In May, 2017, the WannaCry attack infected three hundred thousand computers through old and unpatched versions of Microsoft Windows. In the United Kingdom, ambulances had to be diverted from affected hospitals, and a Renault factory stopped production. Just three years after that attack, though, the REvil representative called this scattershot approach “a very stupid experiment.” The WannaCry hackers had demanded ransoms of only three hundred to six hundred dollars, netting around a hundred and forty thousand dollars.
After WannaCry, ransomware groups concentrated on sectors where a combination of lax security and a low tolerance for disruption makes getting paid more likely and more lucrative—industrial agriculture, mid-level manufacturing, oil-field services, municipal governments. Groups timed disruption for periods of acute vulnerability: schools in August, right before students returned; accounting firms during tax season. Certain syndicates specialize in “big-game hunting,” launching targeted attacks against deep-pocketed companies. The group deploying the Hades ransomware strain focusses on businesses with reported revenues of more than a billion dollars. Another designs custom malware for each job. In 2019, during a Webinar hosted by Europol, the European law-enforcement agency, a security expert mentioned that the cryptocurrency Monero was essentially untraceable; soon afterward, REvil began asking for ransom payments in Monero instead of Bitcoin.
When companies seem reluctant to negotiate, executives receive threatening phone calls and LinkedIn messages. Last year, the Campari Group issued a press release downplaying a recent ransomware attack. In response, hackers launched a Facebook ad campaign, using the profile of a Chicago d.j., whom they had also hacked, to shame the beverage conglomerate. “This is ridiculous and looks like a big fat lie,” they wrote. “We can confirm that confidential data was stolen and we talking about huge volume of data.” Last year, printers at a South American home-goods chain began spitting out ransom notes instead of receipts.
More recently, syndicates have added extortion to their playbook. They siphon off confidential files before encrypting systems; if their ransom demand isn’t met, they threaten to release sensitive data to the media or auction it off on the black market. Hackers have threatened to publish an executive’s porn stash and to share information about non-paying victims with short sellers. “I’ve seen social-work organizations where ransomware actors threatened to expose information about vulnerable children,” Phillips said.
Before ransomware took over Minder’s life, he had settled into a routine. He walked to work, where he was usually the first to arrive and the last to leave. On the way home, he stopped at a coffee shop for a glass of wine and a salad. Back at his apartment, where he lived alone, he would work at his desk until he fell asleep. His major social outlet was the local motorcycle club, the BMW Bikers of Metropolitan Washington.
Early last year, GroupSense found evidence that a hacker had broken into a large company. Minder reached out to warn it, but a server had already been compromised. The hacker sent a ransom note to the company, threatening to release its files. The company asked Minder if he would handle the ransom negotiations. Initially, he demurred—“It never occurred to me as a skill set I had,” he said—but eventually he was persuaded.
To buy time, Minder suggested that the company acknowledge receipt of the ransom note. He began studying up on negotiation tips, watching MasterClass tutorials and reading books by former hostage negotiators. He learned that he should avoid making counteroffers in round numbers, which can seem arbitrary, and that he shouldn’t make concessions without providing a justification. During the next few weeks, as the conversation with the hacker unspooled, Minder discovered that he had a knack for negotiation. He did his best to engage the hacker, who appeared to be unaffiliated with any of the major ransomware syndicates. When the hacker complained about how much time and effort he’d invested in breaking into the company, Minder complimented him on his skills: “I told him, ‘You’re a very talented hacker, and we’d like to pay you for that. But we can’t pay what you’re asking.’ ”
The negotiation became all-consuming. On a motorcycle camping trip with his girlfriend, Minder huddled by the campfire with his laptop, using a 3G hot spot to keep talking. Eventually, the hacker agreed to a price that the company’s insurer found acceptable. “ ‘I think I could get him even lower if you gave me a little bit more time,’ ” Minder recalls saying. “But the cyber-insurance company said, ‘This is good enough.’ ”
Kurtis Minder finds the cat-and-mouse energy of outsmarting criminal syndicates deeply satisfying.
By Rachel Monroe
May 31, 2021
Kurtis Minder
The rise of ransomware has led to new career opportunities for Kurtis Minder.Photograph by David Williams for The New Yorker
Afew days after Thanksgiving last year, Kurtis Minder got a message from a man whose small construction-engineering firm in upstate New York had been hacked. Minder and his security company, GroupSense, got calls and e-mails like this all the time now, many of them tinged with panic. An employee at a brewery, or a printshop, or a Web-design company would show up for work one morning and find all the computer files locked and a ransom note demanding a cryptocurrency payment to release them.
Some of the notes were aggressive (“Don’t take us for fools, we know more about you than you know about yourself”), others insouciant (“Oops, your important files are encrypted”) or faux apologetic (“we are regret but all your files was encrypted”). Some messages couched their extortion as a legitimate business transaction, as if the hackers had performed a helpful security audit: “Gentlemen! Your business is at serious risk. There is a significant hole in the security system of your company.”
The notes typically included a link to a site on the dark Web, the part of the Internet that requires special software for access, where people go to do clandestine things. When victims went to the site, a clock popped up, marking the handful of days they had to fulfill the ransom demand. The clock began to tick down ominously, like a timer connected to a bomb in an action movie. A chat box enabled a conversation with the hackers.
In the past year, a surge of ransomware attacks has made a disruptive period even more difficult. In December, the acting head of the federal Cybersecurity and Infrastructure Security Agency said that ransomware was “quickly becoming a national emergency.” Hackers hit vaccine manufacturers and research labs. Hospitals lost access to chemotherapy protocols; school districts cancelled classes. Companies scrambling to accommodate a fully remote workforce found themselves newly vulnerable to hackers. In May, an attack by the ransomware group DarkSide forced the shutdown of Colonial Pipeline’s network, which supplies fuel to much of the East Coast. The shutdown, which pushed up gas prices and led to a spate of panic-buying, put a spotlight on ransomware’s potential to disable critical infrastructure. A week after the attack, once Colonial paid a ransom of $4.4 million to get its systems back online, eighty per cent of gas stations in Washington, D.C., still had no fuel.
The F.B.I. advises victims to avoid negotiating with hackers, arguing that paying ransoms incentivizes criminal behavior. This puts victims in a tricky position. “To just tell a hospital that they can’t pay—I’m just incredulous at the notion,” Philip Reiner, the C.E.O. of the nonprofit Institute for Security and Technology, told me. “What do you expect them to do, just shut down and let people die?” Organizations that don’t pay ransoms can spend months rebuilding their systems; if customer data are stolen and leaked as part of an attack, they may be fined by regulators. In 2018, the city of Atlanta declined to pay a ransom of approximately fifty thousand dollars. Instead, in an effort to recover from the attack, it spent more than two million dollars on crisis P.R., digital forensics, and consulting. For every ransomware case that makes the news, there are many more small and medium-sized companies that prefer to keep breaches under wraps, and more than half of them pay their hackers, according to data from the cybersecurity firm Kaspersky.
For the past year, Minder, who is forty-four years old, has been managing the fraught discussions between companies and hackers as a ransomware negotiator, a role that didn’t exist only a few years ago. The half-dozen ransomware-negotiation specialists, and the insurance companies they regularly partner with, help people navigate the world of cyber extortion. But they’ve also been accused of abetting crime by facilitating payments to hackers. Still, with ransomware on the rise, they have no lack of clients. Minder, who is mild and unpretentious, and whose conversation is punctuated by self-deprecating laughter, has become an accidental expert. “While I’ve been talking to you, I’ve already gotten two calls,” he told me when we video-chatted in March.
The man who reached out to him in November explained that the attack, the work of a hacking syndicate known as REvil, had rendered the company’s contracts and architectural plans inaccessible; every day the files remained locked was another day the staff couldn’t work. “They didn’t even have an I.T. person on staff,” Minder said. The company had no cyber-insurance policy. The man explained that he had been in touch with a company in Florida that had promised to decrypt the files, but it had stopped replying to his e-mails. He wanted Minder to negotiate with the hackers to get the decryption key. “The people who reach out to me are upset,” Minder told me. “They’re very, very upset.”
As a child, Minder visited his father at the mill where he worked, in central Illinois, and watched him hoist fifty-pound sacks of flour. His mother, who worked for the state, sat in an air-conditioned office with a cup of coffee. He didn’t quite understand what her job was, other than that it seemed to involve a lot of typing. “I was, like, whatever that typing job is, that’s what I want,” Minder told me.
After college, in the early nineties, he got a tech-support job at a local Internet-service provider. Within a year, he was promoted to assistant systems administrator, a job that entailed keeping tabs on the server logs. He began to notice a strange pattern, which he eventually realized was evidence of hackers. “They would use our routers as what we would now call a pivot point—bouncing off them to attack someone else, so the attack looked like it was coming from us,” he said. The attackers were typically hobbyists who were more interested in showing off their skills than in wreaking real havoc; Minder found the cat-and-mouse energy of outsmarting them deeply satisfying.
By that time, hackers had proved that they could inflict serious damage. In 1989, twenty thousand public-health researchers around the world received a floppy disk purporting to contain an informational program about aids. But the disk also included a malicious program that is now considered the first instance of ransomware. After users rebooted their computers ninety times, a text box appeared on the screen, informing them that their files were locked. Then their printers spat out a ransom note instructing them to mail a hundred and eighty-nine dollars to a post-office box in Panama. The malware, which came to be known as the aids Trojan, was created by Joseph Popp, a Harvard-trained evolutionary biologist. Popp, whose behavior grew increasingly erratic after his arrest, was declared unfit to stand trial; he later founded a butterfly sanctuary in upstate New York.
VIDEO FROM THE NEW YORKER
Popp’s strategy—encrypting files with a private key and demanding a fee to unlock them—is frequently used by ransomware groups today. But hackers initially preferred an approach known as scareware, in which they infected a computer with a virus that manifested as multiplying pop-ups with ominous messages: “security warning! Your Privacy and Security are in danger.” The pop-ups told users to buy a certain antivirus software to protect their systems. Hackers posing as software companies could then receive credit-card payments, which were unavailable to those deploying ransomware. In the early two-thousands, ransomware hackers typically demanded a few hundred dollars, in the form of gift cards or prepaid debit cards, and getting hold of the money required middlemen, who siphoned off much of the profits.
ADVERTISEMENT
The calculus changed with the launch of Bitcoin, in 2009. Now that people could receive digital payments without revealing their identity, ransomware became more lucrative. When Minder founded GroupSense, in Arlington, Virginia, in 2014, the cybersecurity threat on everyone’s mind was data breaches—the theft of consumer data, like bank-account information or Social Security numbers. Minder hired analysts who spoke Russian and Ukrainian and Urdu. Posing as cybercriminals, they lurked on dark-Web marketplaces, seeing who was selling information stolen from corporate networks. But, as upgrades to security systems made data breaches more challenging, cybercriminals increasingly turned to ransomware. By 2015, the F.B.I. estimated that the U.S. was subjected to a thousand ransomware attacks per day; the next year, that number quadrupled. Mike Phillips, the head of claims for the cyber-insurance company Resilience, told me, “Now it’s ransomware first and only, and everything else is a distant second.”
Criminal syndicates are behind most ransomware attacks. In their online interactions, they display a mixture of adolescent posturing and professionalism: they have a fondness for video-game references and the word “evil,” but they also employ an increasingly sophisticated business structure. The larger groups establish call centers to help talk victims through the confusing process of obtaining cryptocurrency, and they promise discounts to those who pay up in a timely fashion. Some ransomware groups, including REvil, work on the affiliate model, providing hackers with the tools to deploy attacks in exchange for a share of the profits. (REvil also handles ransom negotiations on behalf of its affiliates.) “It’s way too easy to get into this,” Reiner, of the I.S.T., told me. “You or I could do it—you just hire it out. There’s been an incredible commoditization of the entire process.”
Hackers use various techniques to gain access to a company’s computers, from embedding malware in an e-mail attachment to using stolen passwords to log in to the remote desktops that workers use to connect to company networks. Many of the syndicates are based in Russia or former Soviet republics; sometimes their malware includes code that stops an attack on a computer if its language is set to Russian, Belarusian, or Ukrainian. Some of the syndicates employ current or former members of the military, but they seem to care more about money than about geopolitical machinations. “We are apolitical,” a man claiming to be an REvil representative said in an interview with a Russian YouTuber. “No politics at all. We don’t care who’s going to be President. We worked, we work, and we will work.”
Phillips told me, “Paying a ransom, you worry about it being venture capital for this dark-Web Silicon Valley on the other side of the world.” Ransomware groups, like their Silicon Valley counterparts, move fast and break things. In May, 2017, the WannaCry attack infected three hundred thousand computers through old and unpatched versions of Microsoft Windows. In the United Kingdom, ambulances had to be diverted from affected hospitals, and a Renault factory stopped production. Just three years after that attack, though, the REvil representative called this scattershot approach “a very stupid experiment.” The WannaCry hackers had demanded ransoms of only three hundred to six hundred dollars, netting around a hundred and forty thousand dollars.
After WannaCry, ransomware groups concentrated on sectors where a combination of lax security and a low tolerance for disruption makes getting paid more likely and more lucrative—industrial agriculture, mid-level manufacturing, oil-field services, municipal governments. Groups timed disruption for periods of acute vulnerability: schools in August, right before students returned; accounting firms during tax season. Certain syndicates specialize in “big-game hunting,” launching targeted attacks against deep-pocketed companies. The group deploying the Hades ransomware strain focusses on businesses with reported revenues of more than a billion dollars. Another designs custom malware for each job. In 2019, during a Webinar hosted by Europol, the European law-enforcement agency, a security expert mentioned that the cryptocurrency Monero was essentially untraceable; soon afterward, REvil began asking for ransom payments in Monero instead of Bitcoin.
When companies seem reluctant to negotiate, executives receive threatening phone calls and LinkedIn messages. Last year, the Campari Group issued a press release downplaying a recent ransomware attack. In response, hackers launched a Facebook ad campaign, using the profile of a Chicago d.j., whom they had also hacked, to shame the beverage conglomerate. “This is ridiculous and looks like a big fat lie,” they wrote. “We can confirm that confidential data was stolen and we talking about huge volume of data.” Last year, printers at a South American home-goods chain began spitting out ransom notes instead of receipts.
More recently, syndicates have added extortion to their playbook. They siphon off confidential files before encrypting systems; if their ransom demand isn’t met, they threaten to release sensitive data to the media or auction it off on the black market. Hackers have threatened to publish an executive’s porn stash and to share information about non-paying victims with short sellers. “I’ve seen social-work organizations where ransomware actors threatened to expose information about vulnerable children,” Phillips said.
Before ransomware took over Minder’s life, he had settled into a routine. He walked to work, where he was usually the first to arrive and the last to leave. On the way home, he stopped at a coffee shop for a glass of wine and a salad. Back at his apartment, where he lived alone, he would work at his desk until he fell asleep. His major social outlet was the local motorcycle club, the BMW Bikers of Metropolitan Washington.
Early last year, GroupSense found evidence that a hacker had broken into a large company. Minder reached out to warn it, but a server had already been compromised. The hacker sent a ransom note to the company, threatening to release its files. The company asked Minder if he would handle the ransom negotiations. Initially, he demurred—“It never occurred to me as a skill set I had,” he said—but eventually he was persuaded.
To buy time, Minder suggested that the company acknowledge receipt of the ransom note. He began studying up on negotiation tips, watching MasterClass tutorials and reading books by former hostage negotiators. He learned that he should avoid making counteroffers in round numbers, which can seem arbitrary, and that he shouldn’t make concessions without providing a justification. During the next few weeks, as the conversation with the hacker unspooled, Minder discovered that he had a knack for negotiation. He did his best to engage the hacker, who appeared to be unaffiliated with any of the major ransomware syndicates. When the hacker complained about how much time and effort he’d invested in breaking into the company, Minder complimented him on his skills: “I told him, ‘You’re a very talented hacker, and we’d like to pay you for that. But we can’t pay what you’re asking.’ ”
The negotiation became all-consuming. On a motorcycle camping trip with his girlfriend, Minder huddled by the campfire with his laptop, using a 3G hot spot to keep talking. Eventually, the hacker agreed to a price that the company’s insurer found acceptable. “ ‘I think I could get him even lower if you gave me a little bit more time,’ ” Minder recalls saying. “But the cyber-insurance company said, ‘This is good enough.’ ”
