Ransomware Negotiation Playbook Adds New Chapters

The result: attackers not only encrypt data, but also threaten to disclose sensitive information or pressure third parties, forcing organizations to balance reputational risks and operational disruptions.

“Confidence in negotiations is eroding,” Rivas-Vásquez tells CSO. “Enforcement measures against major ransomware-as-a-service operations revealed that many attackers failed to delete stolen data, even after ransoms were paid. »

Many countries promote international cooperation and intelligence sharing and exercise careful control over third-party cryptocurrency payment agents.

“With governments cracking down on payments, growing distrust of attackers’ promises, and the increased maturity of corporate responses, paying ransoms has become a less viable and riskier option for many organizations,” he said. concluded Rivas-Vásquez.

Simply put: paying ransoms may encourage further attacks and does not guarantee data recovery.

Websites such as No-More-Ransom offer a lifeline to businesses that have suffered a ransomware attack, but prevention and hardening systems and procedures are always better beforehand than dealing with the increased risk of a potential violation.

“Incident response and preparation can play a key role in recovering from an incident such as a ransomware attack,” says Nicholson of Pentest People. “By detailing and testing the answers, organizations can better understand what their specific problems are and close any security gaps to reduce risk. »