Haggling With Hackers: Surprising Lessons From 50 Negotiations With Ransomware Gangs
The prevailing wisdom from cybersecurity experts is that trying to negotiate with ransomware hackers is a bad idea, but on December 30th, 2020, one victim broke the rules and gave it a shot.
"Help?" they typed into one of the compromised computers.
"Hello," one of the hackers replied. "Are you ready to negotiate? Your network and all of your data were encrypted by [the] CONTI team. Besides the encryption process, we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. The recovery price is $8,500,000.”
The haggling commences.
“It's the price that's causing us heartburn…” types the victim. Then, after some back-and-forth, an interesting thing happens: The hackers get the mistaken impression that their victims don’t need a decryption key, and just want the files to be destroyed. As a result, the hackers offer to reduce their demand to $2,125,000; a 70% reduction from the original ransom.
In a flash of brilliance, the victim doesn’t correct the misunderstanding and runs with it: “We are still far apart, but we view this as a positive step. Thank you."
After a break, the victim comes back with a counteroffer: a measly $400,000. The hackers push for $600,000, and finally, a deal is reached at $450,000… except it isn't. Just before the deal is done, the misunderstanding about the decryption key becomes apparent.
Luckily it was already too late. By this point, the cat was out of the bag about how little the hackers were willing to settle for. After agreeing on an expedited payment, the hackers accepted the offer -- a stunning 94.7% reduction from their initial demand.
Most of the time, stories like this don't see the light of day. The details of ransomware
Read more on pcmag.com
