#BHEU: 5 Ways to Approach Ransomware Negotiations
Five key approaches organizations should take during ransomware negotiations with extorters to improve the outcome were outlined by Pepijn Hack, cybersecurity analyst of Fox-TT, part of NCC Group, in a session at Black Hat Europe 2021.
Hack observed that when a successful ransomware attack occurs and payment demand issued, the attackers immediately have the upper hand in the negotiations that follow. This is firstly because they already have knowledge of their victim through research undertaken before the attack, helping them understand if they are likely to pay and how much they can afford. Secondly, they will have experienced numerous ransomware negotiations in the past, but it is likely the first time the victim is in that situation.
Presenting research carried out with a colleague at Fox-TT, Hack outlined what the attackers will consider during a ransom negotiation. These are the final ransom price, whether the victim will pay or not, the cost and risk to themselves and how many attacks are successfully carried out.
A comparison of two ransomware groups was then made via data collected between late 2019 and early 2021. For the first group, records of 681 negotiations were observed. For the second