Now What? How to Pay Your Ransom with Mark Grens

Alan Gin
, CEO
, ZeroDown Software
Learn what to do in the aftermath of a ransomware attack. Gain valuable insights from Mark Grens and the importance of being vigilant!

This is a companion blog to the “The SafeHouse” podcast dated February 27, 2025. 

You’ve been breached, and you’ve negotiated a price to get back from your ransomware attack. What’s next? The aftermath of a ransomware attack can feel murky and overwhelming. Today, we’re diving deep into this complex issue with insights from Mark Grens, Co-founder and president of Digital Mint, who has substantial experience navigating the world of ransomware payments.

Listen to the original podcast here: https://safehouseinitiative.org/now-what-how-to-pay-your-ransom-with-mark-grens/

Mark Grens: A Journey into Ransomware

Mark’s career began in financial services, where he quickly realized he wanted to create value rather than extract it. His journey into the world of cryptocurrency started in 2012 when he encountered Bitcoin. After witnessing a hack on the Mt. Gox exchange, Mark recognized the potential of blockchain technology and wanted to get involved. He co-founded a Bitcoin ATM company in Chicago, aiming to legitimize Bitcoin transactions by implementing strict compliance measures.

Fast forward to 2017, when Mark was prompted to delve into the world of ransomware. “We chuckled and I went down some rabbit holes and started reading about it,” he recalls. This led to the development of a platform designed to handle ransomware payments with a focus on compliance, including global sanctions checks on wallets. “We trailblazed and built global sanctions checks on wallets,” he explains.

The Evolution of Ransomware Payments

In the early days of ransomware, payments often involved a “big bag of money” exchanged in shadowy locations. Victims would sometimes attempt to navigate the murky waters of purchasing Bitcoin themselves, often without considering the legal implications. Today, however, the landscape has shifted significantly. “Legal teams started realizing you’re supposed to be licensed,” Mark notes. Organizations would rather not disclose their intentions to banks, fearing their transactions might be blocked. As the amounts demanded in ransoms have exploded into the six, seven, or even eight figures, the need for a more structured payment process has become critical.

The Role of Compliance in Ransom Payments

One of the most significant challenges in paying ransoms today is navigating the regulations set forth by the Office of Foreign Assets Control (OFAC). These regulations prohibit transactions with sanctioned entities, which can include certain ransomware groups. Mark emphasizes the importance of due diligence: “If you do your due diligence, the likelihood of catching someone who is doing something in a sanctioned jurisdiction is very low.” Organizations must verify that they are not inadvertently funding malicious actors. This due diligence is crucial, as failure to comply can lead to severe legal consequences.

How Digital Mint Helps

When a company decides to pay the ransom, they often turn to Digital Mint for assistance. “We handle all of the financial service responsibilities as charged by the Bank Secrecy Act,” Mark says. Digital Mint ensures that the transaction complies with all regulations, including checking against OFAC’s Specially Designated Nationals and Blocked Persons list. “We determine if we’re dealing with a threat actor in a sanctioned country,” Mark explains. This is essential to avoid potential penalties and ensure the company’s liability is minimized.

The Negotiation Process

When a company suffers a ransomware attack, they typically engage a forensics team to assess the damage. Mark explains that Digital Mint often gets called in after the forensic team has analyzed the situation: “We’re kind of a hired gun; we come in when they say they need to negotiate.”

In many cases, the forensics team will discover that the damage isn’t as severe as initially thought, allowing for negotiations to buy time without necessarily making a payment. “Three-quarters of the time, a payment is not even made,” Mark reveals. The focus is often on limiting damage and extracting as much information as possible from the threat actors.

What’s Next in the Ransomware Landscape?

As ransomware continues to evolve, Mark stresses the need for organizations to improve their cybersecurity hygiene. “Two-thirds of all incidents still happen because someone clicks on a phishing email,” he warns. Companies must be proactive about training employees and implementing measures like two-factor authentication. “These hackers want money,” Mark states plainly. “It’s a global capitalist society for the most part, and that’s what drives the world.” He encourages organizations to take cybersecurity seriously before they find themselves in a compromised situation.

Final Thoughts

For businesses facing the reality of a ransomware attack, the guidance from experts like Mark Grens is invaluable. It’s not just about the immediate response but about establishing a robust cybersecurity framework that prevents attacks from occurring in the first place. “Be vigilant; it’s not going to slow down anytime soon,” he cautions.

Ultimately, organizations must understand that the landscape is constantly changing, and staying informed about compliance regulations and cybersecurity measures is essential. As Mark advises, “Do something now. Increase your hygiene.”

In closing, we thank Mark for sharing his insights and experiences in this critical area of cybersecurity. The conversation around ransomware is vital, and as threats continue to evolve, so too must our strategies for combating them.

For more information about the Safe House Initiative, feel free to reach out via email at [email protected] or visit our website at safehouseinitiative.org.