2nd Edition

Tracking the trends and news for IT and IT Security

Paul

7 Insights From a Ransomware Negotiator

favicon-32x32.ico7 Insights From a Ransomware Negotiator>
Dark Reading – Ericka Chickowski
1) Thereâs a Definite Taxonomy to Ransomware Gangs

The majority of attacks came from what the taxonomy dubbed full-time groups, which have been active for nine or more months and publicly claim 10 or more victims.

Then there are the rebrand groups, which have been active for less than nine months but claim nearly the same number of victims as full-time groups, and with some examination of TTPs usually have some correlation with a retired group.

Meantime, âsplinterâ groups are those that have some TTP overlap with known groups, but are less consistent in their behaviors.

2) Rapid Rebranding of Ransomware Groups Makes Threat Intelligence Key

The classification into those four taxonomy groups looks cleaner in an annual report than it does on the ground when a SOC starts lighting up.

Schmitt, who explains that keeping tabs on rebranding and splintering of groups is where threat intelligence should come into play. 3) RaaS Groups Are a Wild Card in Negotiations

For example, as many groups have employed the ransomware-as-a-service (RaaS) model, they employ a lot more affiliates, which means negotiators are always dealing with different people. 4) Ransom Demands Are Climbing Sky High

One of the anecdotal observations Schmitt made was the fact that heâs seen a lot of very high initial ransom demands from ransomware operators lately.

5) Improved Backup Strategies Are Making a Difference in Preparation

The ratio of clients he sees who can successfully recover without caving to the extortion demands versus those that need to pay a ransom is coming close to a 1:1 parity, Schmitt says.

6) Double Extortion Is the Norm

However, there are still plenty of organizations that are still behind the curve, he says, which keep ransomware more profitable than ever. 7) Thereâs No Honor Among Thieves, but Thereâs Business Sense

Finally, the big question in dealing with criminal extortionists is whether the bad guys are even going to keep their word once the money drops in their account. As a negotiator, Schmitt says that, for the most part, they typically do so.
Link: https://www.darkreading.com/attacks-breaches/7-insights-from-a-ransomware-negotiator

Categories:

Tags: