How ransomware negotiations work | CSO Online


Ransomware has been one of the most devastating malware threats that organizations have faced over the past few years, and there’s no sign that attackers will stop anytime soon. It’s just too profitable for them. Ransom demands have grown from tens of thousands of dollars to millions and even tens of millions because attackers have learned that many organizations are willing to pay.

Many factors and parties are involved in ransomware payment decisions, from CIOs and other executives to external counsel and insurance carriers, but the increasing need to make such payments has created a market for consultants and companies that specialize in ransomware negotiation and facilitating cryptocurrency payments.

What happens when ransomware hits?

In an ideal world a ransomware attack should trigger a well-rehearsed disaster recovery plan, but unfortunately many organizations are caught off guard. While large enterprises might have an incident response team and plan for dealing with cyberattacks, the procedures for dealing with various aspects specific to a ransomware attack—including the threat of a data leak, communicating externally with customers and regulators, and making the decision to negotiate with threat actors—are typically missing.

“Even in large publicly traded companies that do have IR plans, they don’t usually cover details related to ransomware,” Kurtis Minder, the CEO of threat intelligence and ransomware negotiation firm GroupSense, tells CSO. “Once we get to the process of decryption negotiation, of making that business decision, who should be involved, a lot of that is not documented. There’s no messaging or PR plan either. None of that exists for most companies that we get brought into, which is unfortunate.”

Source…