What To Expect in a Ransomware Negotiation Threat Researcher

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

This standard introduction shows a level of professionalism, indicating that the ransomware group uses a standard playbook for negotiating staff. While other ransomware families do not start every conversation with the same introductory message, chat conversations from the ransomware families we analyzed typically include a few key points, which we list here.

What was stolen

While the amount and nature of stolen data varies, it always includes items that are critical to the company, including but not limited to financials, contracts, databases, and employee and customer personally identifiable information (PII). The criminals always offer to decrypt some sample files as proof, and in some cases they will provide a file tree of what has been stolen.

Price negotiation

Many victims state that they are willing to pay to decrypt data and prevent it from being leaked, but they simply cannot meet the initial demand. The criminals’ main defense or justification for the price includes either the victim’s bank

Read more

Explore the site

More from the blog

Latest News