#BHEU: 5 Ways to Approach Ransomware Negotiations

Five key approaches organizations should take during ransomware negotiations with extorters to improve the outcome were outlined by Pepijn Hack, cybersecurity analyst of Fox-TT, part of NCC Group, in a session at Black Hat Europe 2021.

Hack observed that when a successful ransomware attack occurs and payment demand issued, the attackers immediately have the upper hand in the negotiations that follow. This is firstly because they already have knowledge of their victim through research undertaken before the attack, helping them understand if they are likely to pay and how much they can afford. Secondly, they will have experienced numerous ransomware negotiations in the past, but it is likely the first time the victim is in that situation.

Presenting research carried out with a colleague at Fox-TT, Hack outlined what the attackers will consider during a ransom negotiation. These are the final ransom price, whether the victim will pay or not, the cost and risk to themselves and how many attacks are successfully carried out.

A comparison of two ransomware groups was then made via data collected between late 2019 and early 2021. For the first group, records of 681 negotiations were observed. For the second group, there were 105 negotiations. Across both, a similar amount (roughly 15%) of the victims paid the ransom. However, the average ransom amount paid was much lower in the first group than in the second, with the latter focusing on bigger companies and issuing higher demands. This suggests focusing on fewer but higher-value targets is a more fruitful approach for attackers.

Another interesting finding from this analysis was that “two companies with the ..

Support the originator by clicking the read the rest link below.