Cybersecurity researchers at Fox-IT, part of NCC Group, examined over 700 negotiations between ransomware attackers and ransomware victims in order to analyze the economics behind the digital extortion attacks that demand a ransom payment – often millions of dollar in Bitcoin – in exchange for the decryption key.
They found that if the victim has cyber insurance and that the attacker knows about it, then there’s little maneuver for negotiating for a smaller ransom payment, because the attackers will exploit the existence of the cyber insurance to cover the payment they’re demanding.
Cyber insurance has become a way for victims to deal with the damage of a ransomware attack, but as Fox-IT’s research shows, knowledge of it can put criminals in an even more powerful position for demanding payment – especially if the insurance holder doesn’t have good cybersecurity in the first place.
“The first thing any company should teach their employees is not to open the ransom note and click on the link inside it… the timer starts to count when you click on the link. You can give yourself some valuable time by not doing this. Use this time to assess the impact of the ransomware infection,” the researchers said.
Before starting negotiations, it’s also useful to know what your end goal is – can the organization restore from backups, or will a ransom have to be paid? If the victim is willing to pay a ransom, they should have an idea about what the maximum they’d pay would be.
There’s also the option of trying to convince the attacker that you can’t pay the ransom, but if the attacker has access to the network, they may be able to see financial documents or cyber-insurance policies – and likely have a figure in mind based off that document that will be the basis for negotiations.
Get in touch and let’s talk
ACUMEN IT
www.acumenit.com
yourpartner@acumenit.com
(864) 271-9000
#ransomware #DontSayThis
