According to a new report, cyber criminals running ransomware campaigns are usually willing to negotiate if it means exhorting any payment at all from victims.
The report titled: "Evaluating the Customer Journey of Crypto-Ransomware and the Paradox behind It," claims that 75% of ransomware criminal gangs were willing to negotiate the ransom fee.
After using fake accounts and creating victims, it was discovered that threat actors were willing to negotiate the price they originally demanded and would often offer a discount of around 30%.
What is Ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or the users' files unless a ransom is paid. More modern strains, often categorised as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.
The most common types of Ransomware
Locker Ransomware denies a user access to the computer by locking the user interface and then demanding that the victim pays a fee in order to restore access.
This type of ransomware normally just locks access to the interface and leaves files and system untouched. Locker ransomware often pretends to belong to law enforcement agencies to spook users into paying up.
Crypto Ransomware, denies a user access to their files or data by finding and encrypting valuable data stored on a computer or device. The user is then unable to gain access to the files unless they pay the scammers a fee for a decryption key from the scammers. This type of ransomware preys on people’s ignorance when it comes to the importance of backing up files. Once the ransomware gains access to a device it tries to remain hidden whilst it searches for files to encrypt.
The Evolving Threat of Ransomware
The report also highlighted how the cybercrime marketplace is continually evolving and how groups are running increasingly professional operations.
Many ransomware operators are now offering "free trials" for decryption, web pages offering advice and direct lines to the groups themselves for help making payments.
The top three ransomware families are Teslacrypt (58.4 percent), CTB-Locker (23.5 percent) and Cryptowall (3.4 percent).
All three find their way towards victims through spam email with infected attachments or links to infected websites.
The "best of the worst" is Cerber, which not only offers support web pages in 12 languages, but also offers victims a free "decryption trial," contact form, and current payment rates displayed clearly on the malware's web domains.
Reducing the Risks
Educate and inform: Ransomware is a constantly evolving threat so it’s important to keep up to date with new developments. PGI’s Online Hostile Threat Reporting can keep you up to date with the latest malware trends whilst PGI’s Protective Monitoring Service can keep an eye on your networks and alert you to a breach.
Make Backups and have a plan: At a minimum make backups of the files that are important to you and do it regularly. If that fails then call out PGI’s Computer Security Incident Response Team!
For more information on the services and training offered by PGI give us a call on 0207 887 2699 or email us at firstname.lastname@example.org
Your free global geopolitical
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.