teissTalk: Negotiating a ransomware payment

teissTalk host Jenny Radcliffe was joined by Neil Hare-Brown, CEO, STORM Guidance as main guest; Johann van Duyn, Chief Information Security Officer, DO & CO;

Views on news

The number of ransomware attacks reported to the UK’s data protection regulator more than doubled between 2020 and 2021. The verticals most frequently impacted by attacks in 2021 were: finance, insurance and credit (103), and education and childcare (80). To mitigate the risk of falling victim to these types of attack, businesses can either take out dedicate insurance policies or invest in the latest IT security software. 100% can even sound like an understatement considering how ransomware has been all around the place. Insurers have burnt their fingers thanks to the steeply increasing ransoms and they are starting to ask more in-depth questions. Although 70% of respondents felt in a survey that insurance pay-outs aggravate the problem ransomware presents, paying cyber criminals is often the only option for a company to survive.

Can victims negotiate a better deal with the criminals?

It’s becoming increasingly harder for companies to offload the risk of a ransomware attack onto insurers as the latter expect now businesses to show some willingness to have some controls in place. An insurance company, for example, offered a multimillion-pound cover if the business provides an application whitelisting, or, in other words, specifies an index of approved software applications or executable files that are permitted to be present and active on their computer system. This method has already existed for some time but has usually been dismissed by businesses as too hard to implement.

Even if you have no intention to pay, there might be some value to interfacing with the criminals to learn, for example, about the type of data they have exfiltrated to be able to inform the forensic investigation about it.  You also need to make sure that the attackers you’re negotiating with in fact have the decryption to your encrypted data and not just claim to be in its possession, especially because sometimes multiple keys are involved in decryption. Having a professional negotiator can help you with winning more time without the criminals making good on some of their threats. Getting basic security hygiene right will still save you a lot of trouble.

See if you can recover the last three months of your data. I f you can, it may save you from having to deal with the criminals.