Are ransomware gangs getting too greedy?
How much would you pay to prevent your company’s reputation being trashed by a data leak? If reports are accurate, the Royal Mail has baulked at paying the oddly precise £65.7m demanded by the LockBit hacking group that allegedly encrypted the company’s data. Are the ransomware gangs getting too greedy?
That companies big and small regularly pay off criminals to free their data is well known. Big firms won’t usually disclose how much they’ve paid, or that they’ve even paid a ransom at all – ransoms are often negotiated and paid through third-party security companies, who are then paid in turn for their services.
The ransomware attack on the Royal Mail has already been hugely damaging for the company. International deliveries were suspended entirely for weeks and still remain disrupted.
Logs leaked by the LockBit group, as reported in the Financial Times, appear to show that the Royal Mail was negotiating with the hackers, but that the company’s board refused to meet the high price being demanded.
That unusually specific £65.7m figure wasn’t plucked out of thin air. The hackers calculated it was 0.5% of the company’s annual revenues, a point that the hackers made during the leaked negotiations.
The Royal Mail, however, decided to play hardball. “Under no circumstances will we pay you the absurd amount of money you have demanded,” the Royal Mail’s negotiator told the hackers, according to the FT report. “This is an amount that could never be taken seriously by our board.”
Ending the payment cycle
If – and it remains a big if – companies are baulking at the inflated demands of ransomware groups, it would likely be a good thing. The ransomware model only works if enough victims are willing to pay up, and some experts have long argued that paying ransoms should be made illegal to thwart the trade.
However, security experts point out it’s a high-risk strategy when you refuse to meet the ransomware writers’ demands. “Ransom negotiations are extremely difficult as both sides have game plans and ulterior motives,” said Jake Moore, global cybersecurity advisor at ESET.
“Victim organisations are desperately looking to extend the timeframe before payments are demanded, whilst criminal groups aim to find the sweet spot in which a ransom amount is viable. However, as both sides often know how the other thinks, it can be a dangerous game to play on very thin ice. Without wanting to see any information released onto the dark web, simply negotiating can upset attackers into releasing stolen data.”
However, even if the ransomware model collapses, Moore fears the criminals will simply find another way to extort companies with their own data. “By not paying a ransom it has the power to overthrow the legacy threat of ransomware, by forcing attackers to target more specifically within organisations and carry on threatening the leaking of data rather than encrypting it,” he said.
More security content
- Fake news: how it can endanger your business and what you can do about it.
- Cyberattacks: why small businesses should be worried
- The three biggest risks of BYOD and why you can’t ignore them
- What is ransomware?
NEXT UP
James Frampton, Chief Revenue Officer at SugarCRM: “AI is a game-changer for sales, service and marketing”
We interview James Frampton, Chief Revenue Officer at SugarCRM a veteran of the technology arena, with over 23 years of ERP, CRM and IT Service Management experience.
IBM acquires Accelalpha, world’s biggest Oracle logistics practice
IBM has announced plans to snap up Oracle consultancy and services company Accelalpha
Why Rotterdam is a tech haven: a love letter from a startup
We reached out to Kees Wolters asking for a comment on Rotterdam as one of the best cities in Europe for tech workers – he sent us what amounted to a love letter to the city, which we decided to publish in full (with his consent), below.