Ransomware: Is negotiation possible?

27 Jul 2016

Ransomware: Is negotiation possible?

According to a new report, cyber criminals running ransomware campaigns are usually willing to negotiate if it means exhorting any payment at all from victims.

The report titled: "Evaluating the Customer Journey of Crypto-Ransomware and the Paradox behind It," claims that 75% of ransomware criminal gangs were willing to negotiate the ransom fee.

After using fake accounts and creating victims, it was discovered that threat actors were willing to negotiate the price they originally demanded and would often offer a discount of around 30%.

What is Ransomware?

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or the users' files unless a ransom is paid. More modern strains, often categorised as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.

The most common types of Ransomware

Locker Ransomware denies a user access to the computer by locking the user interface and then demanding that the victim pays a fee in order to restore access.

This type of ransomware normally just locks access to the interface and leaves files and system untouched. Locker ransomware often pretends to belong to law enforcement agencies to spook users into paying up.

Crypto Ransomware, denies a user access to their files or data by finding and encrypting valuable data stored on a computer or device. The user is then unable to gain access to the files unless they pay the scammers a fee for a decryption key from the scammers. This type of ransomware preys on people’s ignorance when it comes to the importance of backing up files. Once the ransomware gains access to a device it tries to remain hidden whilst it searches for files to encrypt.

The Evolving Threat of Ransomware

The report also highlighted how the cybercrime marketplace is continually evolving and how groups are running increasingly professional operations.

Many ransomware operators are now offering "free trials" for decryption, web pages offering advice and direct lines to the groups themselves for help making payments.

The top three ransomware families are Teslacrypt (58.4 percent), CTB-Locker (23.5 percent) and Cryptowall (3.4 percent).

All three find their way towards victims through spam email with infected attachments or links to infected websites.

The "best of the worst" is Cerber, which not only offers support web pages in 12 languages, but also offers victims a free "decryption trial," contact form, and current payment rates displayed clearly on the malware's web domains.

Reducing the Risks

Educate and inform: Ransomware is a constantly evolving threat so it’s important to keep up to date with new developments. PGI’s  Online Hostile Threat Reporting  can keep you up to date with the latest malware trends whilst PGI’s  Protective Monitoring Service  can keep an eye on your networks and alert you to a breach.

Make Backups and have a plan: At a minimum make backups of the files that are important to you and do it regularly. If that fails then call out PGI’s  Computer Security Incident Response Team!

For more information on the services and training offered by PGI give us a call on 0207 887 2699 or email us at  clientservices@pgitl.com

For the latest PGI updates like our pages on LinkedIn –  PGI,  PGICyber  Facebook–  PGI,  PGI Cyber  and  Twitter




Share this article


Your free global geopolitical
risk dashboard

PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.

The Risk Portal gives users up-to-date information and analysis on global affairs.

The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.

Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.

Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.

Visit the Risk Portal

Subscribe to our Cyber Bytes Newsletter

Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.

Get in touch today

For more information on how we can help you or your business, please contact us via:

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of certific...

Read news article

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and gone. The...

Read news article

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be part...

Read news article
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP