Are ransomware gangs getting too greedy?
How much would you pay to prevent your company’s reputation being trashed by a data leak? If reports are accurate, the Royal Mail has baulked at paying the oddly precise £65.7m demanded by the LockBit hacking group that allegedly encrypted the company’s data. Are the ransomware gangs getting too greedy?
That companies big and small regularly pay off criminals to free their data is well known. Big firms won’t usually disclose how much they’ve paid, or that they’ve even paid a ransom at all – ransoms are often negotiated and paid through third-party security companies, who are then paid in turn for their services.
The ransomware attack on the Royal Mail has already been hugely damaging for the company. International deliveries were suspended entirely for weeks and still remain disrupted.
Logs leaked by the LockBit group, as reported in the Financial Times, appear to show that the Royal Mail was negotiating with the hackers, but that the company’s board refused to meet the high price being demanded.
That unusually specific £65.7m figure wasn’t plucked out of thin air. The hackers calculated it was 0.5% of the company’s annual revenues, a point that the hackers made during the leaked negotiations.
The Royal Mail, however, decided to play hardball. “Under no circumstances will we pay you the absurd amount of money you have demanded,” the Royal Mail’s negotiator told the hackers, according to the FT report. “This is an amount that could never be taken seriously by our board.”
Ending the payment cycle
If – and it remains a big if – companies are baulking at the inflated demands of ransomware groups, it would likely be a good thing. The ransomware model only works if enough victims are willing to pay up, and some experts have long argued that paying ransoms should be made illegal to thwart the trade.
However, security experts point out it’s a high-risk strategy when you refuse to meet the ransomware writers’ demands. “Ransom negotiations are extremely difficult as both sides have game plans and ulterior motives,” said Jake Moore, global cybersecurity advisor at ESET.
“Victim organisations are desperately looking to extend the timeframe before payments are demanded, whilst criminal groups aim to find the sweet spot in which a ransom amount is viable. However, as both sides often know how the other thinks, it can be a dangerous game to play on very thin ice. Without wanting to see any information released onto the dark web, simply negotiating can upset attackers into releasing stolen data.”
However, even if the ransomware model collapses, Moore fears the criminals will simply find another way to extort companies with their own data. “By not paying a ransom it has the power to overthrow the legacy threat of ransomware, by forcing attackers to target more specifically within organisations and carry on threatening the leaking of data rather than encrypting it,” he said.
More security content
- Fake news: how it can endanger your business and what you can do about it.
- Cyberattacks: why small businesses should be worried
- The three biggest risks of BYOD and why you can’t ignore them
- What is ransomware?
Barry Collins
NEXT UP
Panos Skliamis, CEO of SPIN Analytics: “It’s important to see the changes we’re living through in the context of the transformations that have come before”
We interview Panos Skliamis, CEO of SPIN Analytics, an AI-driven platform that automates credit risk management and regulatory compliance
Why hiring for skills future proofs business operations in cyber and tech
For business operations in cyber, hiring based solely on previous experience and formal education is no longer practical, argues Ev Kontsevoy.
Riken to integrate IBM’s quantum system with supercomputer Fugaku
IBM and Japanese laboratory Riken have announced an agreement to deploy IBM’s quantum system and integrate it with supercomputer Fugaku