This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered

Ransomware attacks are topping the charts as the most common attack type to target organizations with a constant drumbeat of attacks impacting industries across the board. In fact, IBM Security X-Force has seen a more than 10% increase in ransomware incident response requests compared to this time last year.

Ransomware is well on its way toward becoming a global billion-dollar enterprise – one that victims are funding. Attackers are operating like a well-oiled business industry, yielding high profits in a year that most businesses struggled. Why? The new ransomware business model is relentless, extortive and paying off.

IBM Security X-Force Threat Intelligence analysts, together with Cylera, an IoT and medical device security intelligence company that works with IBM Security to deliver IoMT solutions, have obtained and analyzed hours of chat correspondence and negotiations that occurred in December 2020 between the notorious Egregor ransomware actors, responsible for upwards of $80 million dollars in losses globally. The chat correspondence had negotiations with approximately 40 victim organizations they chatted with. The activity uncovered in these chat transcripts provides valuable insight into how some ransomware actors operate – from how they conduct ransom payment negotiations, to the strategies and operational structure they used.

Although law enforcement took action against Egregor operations in February 2021, this discovery provides the following insightful takeaways:

Defining the Ransom Demand – Initial ransom amounts ranged from $100,000 to $35 million. The average initial ransom demanded was $5 million. During one negotiation, the threat actors indicated that t ..

Support the originator by clicking the read the rest link below.