HomesecurityHave you been hit by ransomware? Be careful not to make this mistake

Have you been hit by ransomware? Be careful not to make this mistake

Organizations that fall victim to ransomware should not inform hackers that they have cyber insurance - because if intruders know that their victim has an insurance policy, they are more likely to demand huge ransoms.


See also: FBI: ransomware attacks will increase during the holidays

Cybersecurity researchers at Fox-IT, part of the NCC Group, looked at more than 700 deals between attacking ransomware and victims to analyze the financial evidence behind digital extortion attacks that require ransom - often millions of dollars in ransomware. Bitcoin - in exchange for a decryption key.

They found that if the victim has cyber insurance and the attacker knows about it, then no less ransom payment can be negotiated because the attackers will take advantage of cyber insurance to get the payment they are asking for.

Another note from an unspecified ransomware operator appears to indicate that cybercriminals have increased the ransom they demand because they know about the victim's insurance policy.

A company could claim that the insurance company would not pay for the ransom, but it is unlikely that the attacker would believe it to be true.

While researchers suggest that telling an ransomware attacker about a cybersecurity insurance policy is not a good bargaining chip, there is a possibility the attacker will find out about any cyber insurance that the company has as soon as it enters the network before the ransomware attack.

Cyber ​​insurance has become a way for victims to deal with the damage of a ransomware attack, but as Fox-IT research shows, its knowledge can put hackers in an even stronger position by demanding more ransom.

See also: Conti ransomware: Earnings of $ 25,5 million since July


While paying ransom to cybercriminals is generally not recommended because it encourages further attacks, as they have analyzed hundreds of deals, Fox-IT researchers have come up with some suggestions on what to do if your business is ransomware-hit.

This approach begins by preparing employees on how to react to a ransomware attack and essentially by not clicking on links in ransom notes, so that negotiations do not start prematurely.

Before you start negotiations, it is also helpful to know what your ultimate goal is - can the organization do a backup or should a ransom be paid? If the victim is willing to pay a ransom, he should have an idea of ​​the maximum amount he would pay.

See also: Ransomware: It is a black hole that absorbs other cyber threats

And researching the intruder can help prepare victims for negotiations. A free decryption tool for this type of ransomware may be available to prevent the need for ransom payments.

Many ransomware operators try to force victims to pay within a specified period, often with the threat of data leakage if they do not. There is also the option to try to convince the intruder that you can not pay the ransom, but if the intruder has access to the network, he can see financial documents or cyber security policies - and he probably has an amount in mind based on this document that will be the basis for the negotiations.

Source of information:

Teo Ehc
Be the limited edition.