Cybercriminals tout their ‘honesty’ in negotiating ransoms | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

More than 500 Australian business owners, partners, directors and executives at companies with more than 50 employees across industries were surveyed.

Mr Hopkins said companies that paid quickly wanted to minimise harm to others, such as staff and customers, as well as protecting their brand after data leaks.

“Negotiation meant that they got a full file listing of what was taken,” he said. “That immediately helps you prepare for your regulatory obligations, your privacy obligations that also helps you start to answer those questions if your customers and stakeholders ask ‘what did they take’.”

Mr Hopkins also said negotiation can often lead to discounts on the original ransom demand and an extended time period to comply.

Mr Hopkins, who is involved in incident response, said the way criminal groups such as Russia-linked ALPHV, or BlackCat engage is like an advertisement from them on why to pay.

“Hi, we’re ALPHV aka BlackCat. We’re a top hacker group. If you don’t know who we are Google us and you’ll see who you’re dealing with,” the criminal group began one negotiation with.

“We will delete your data so it can’t be recovered. We will make sure mainstream media won’t know about this incident or who you are, you’ll get a detailed report of how we got into your network. And you will get recommendations on how to stop this from happening again.”

Mr Hopkins said statistics from negotiators showed a lot of the major ransomware groups were honest after making those promises as it was part of their business model.

“If they don’t get that part right, no one’s ever going to trust them,” he said.

Mr Hopkins said criminals would often send a video of themselves deleting the data from their computers, although “you don’t know how many copies they’ve got. It’s just a bit of theatrics.”

However, he said the reports by criminals have previously detailed things such as having paid for compromised credentials, which allowed the tracing of those details to a major hacking Telegram group. The criminals also revealed details of the home computer of the user whose login details had been stolen which had malicious software on it.

“Then they connected the breach to a range of issues such as the absence of antivirus protection, lack of server updates and the absence of any monitoring,” he said.

The criminals also blamed the hacked company’s third party managed service provider.

“Providing recommendations was somewhat challenging without knowing the exact conditions under which data was stored,” the criminals wrote.

“However, here are some general suggestions, consider managing your data independently without intermediary firms, and then demand that your service provider implements more robust monitoring and security.”


Click Here For The Original Source.

National Cyber Security