Ransomware gangs hate professional negotiators: Threaten victims with publishing stolen data and destroying decryption keys

Ransomware Attacks
Don’t approach negotiators, warn ransomware gangs. Pic credit: People & Profit/Flickr

With the rise of ransomware gangs and their attacks, there has been a proportional rise in ancillary services as well. While payment facilitators are welcome, threat actors despise professional negotiators.

Malicious code writers and security threat actors are actively threatening victims, hoping to quickly close the deal and make money, preferably in cryptocurrency. These cybercriminals are using multiple coercion techniques to keep negotiation and mediation teams away from the potential deal.

Ransomware gangs issue threats to avoid professional negotiators:

There’s little doubt that ransomware attacks have risen to alarming levels this year. There have been a dozen attacks that involved high-profile targets.

From Apple Inc. suppliers to Gigabyte, and from Colonial Pipeline to Saudi Aramco, multiple companies and even critical state infrastructure are lucrative targets. In fact, threat actors are even going after hospitals and other sensitive businesses that impact the lives of ordinary civilians.

Owing to the rise in attacks, several cybersecurity companies have branched out, and are offering negotiation services as well. Needless to say, ransomware operators do not want third-party services, let alone, negotiators, involved.

Reports indicate negotiators successfully lower the ransom amount, even if they cannot avoid paying the entirety of the sum demanded. Even if negotiations aren’t successful, companies can use the process to steal valuable hours and days to formulate a mitigation plan.

Interestingly, Ragnar Locker, a ruthless ransomware gang has issued a statement, that attempts to paint negotiators in bad light:

“The recovery company will charge you, maybe even help you return the piece of data if our operation was not perfect, they will try to bring down the price, and as a result, the data of their clients will simply be in the public domain, because we will publish it.”

Threat actors warn they will delete the decryption keys, making data recovery impossible, if the victim hires professional negotiators:

The ransomware gang that identifies itself as the Greif Gang (Pay or Grief), has taken the threats a step further. The group has threatened that they will permanently delete a victim’s data entirely.

Alternatively, the group has threatened that they will delete the victim’s decryption key if they hire a professional ransomware negotiator. The group’s statement seems to suggest that the negotiation team or company will get paid either way, but the victim could lose their data entirely, with no chances of recovery:

“We wanna play a game. If we see a professional negotiator from Recovery Company™ – we will just destroy the data.

Recovery Company™ as we mentioned above will get paid either way. The strategy of Recovery Company™ is not to pay the requested amount or to solve the case but to stall. So we have nothing to lose in this case. Just the time economy for all parties involved.

What will this Recovery Companies™ earn when no ransom amount is set and data is simply destroyed with zero chance of recovery? We think – millions of dollars. Clients will bring money for nothing. As usual.”

It is important to note that a few of the ransomware gangs and their members are on the Office of Foreign Assets Control (OFAC) sanction list. And the US Treasury has clearly noted that ransomware negotiators may face civil penalties for facilitating ransomware payments to ransomware gangs on the sanction list.

It is amply clear that civil negotiation teams or businesses are in a dilemma. If they help victims, ransomware gangs could destroy data. If they don’t, victims could end up paying the ransom or risk data exposure or deletion.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x