Christopher Janaro writes:
The prevailing wisdom from cybersecurity experts is that trying to negotiate with ransomware hackers is a bad idea, but on December 30, 2020, one victim broke the rules and gave it a shot.
“Help?” they typed into one of the compromised computers.
“Hello,” one of the hackers replied. “Are you ready to negotiate? Your network and all of your data were encrypted by [the] CONTI team. Besides the encryption process, we’ve downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. The recovery price is $8,500,000.”
The haggling commences.
Read more at PCMagazine.
This piece may encourage some victims to do what law enforcement recommends against doing — paying attackers. If the victim feels they have no option but to pay, however, being aware of what Valéry Marchive found and shared about ransom negotiations can be helpful. If a company has pre-considered whether they would ever pay ransom in the event of a ransomware attack and have not ruled out paying ransom, then maybe as part of being proactive, read up more on negotiating with threat actors.
Related:
Marchive: RansomChats
Zscaler: ThreatLabz/RansomwareNotes
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination