santiago silver - Fotolia

Most ransomware gangs open to negotiation, says F-Secure

Businesses can take several precautions to avoid being victims of ransomware, but if all else fails, they should negotiate with their attackers, according to a report by F-Secure

Three out of four cyber criminal gangs operating ransomware extortion operations are willing to negotiate the price for restoring data their malware has encrypted, a report has revealed.

Crypto-ransomware encrypts the files on the victim’s machine and typically gives a time limit by which the victim must pay a fee to decrypt the files, returning them to a usable state.

If the victim misses the deadline, the ransom usually increases, but if they do not pay, their files may be completely unrecoverable.

Crypto-ransomware has proven to be a profitable business for cyber criminals because organisations often decide that paying the ransom is the cheapest, most efficient way of getting back to business.

However, organisations that have attempted to bargain have achieved an average discount on the original ransom demand of 29%, according to the report by security firm F-Secure.

The report, which is based on F-Secure’s evaluation of the “customer experience” of five current crypto-ransomware variants, also found that all criminal groups contacted granted extensions on payment deadlines.

However, the report notes that those ransomware families with the most professional user interfaces are not necessarily also those with the best customer service.

The report highlights the fact that paradoxically, operators of crypto-ransomware extortion operations need to establish a degree of trust with the victim and be ready to offer a certain level of service to realise the payment in the end.

As a result, crypto-ransomware families often operate similar to legitimate businesses, with accessible web pages, helpful FAQs, “free trials” for file decryption, and even customer support channels with responsive agents on the other side.

Protection against ransomware

Sean Sullivan, security advisor at F-Secure, offered some recommendations on how to safeguard against ransomware attacks.

“We read stories about ransomware every day, and lately the word ‘epidemic’ is being used to describe its proportions,” he said.

“We wanted to offer a different look at this problem of mass crime, but ultimately to take the opportunity to remind people and businesses once again of what they can do to protect themselves from this threat.

“Software updates, good security software, caution with email and most importantly, in case all else fails, back up your stuff regularly, before you ever become a victim.”

Making regular backups of files and testing them to ensure they are reliable enables organisations to avoid being faced with the dilemma of whether to pay or not if they are hit by ransomware.

Keeping all software up to date, organisations can reduce the likelihood that they will be affected by malware that takes advantage of security flaws in outdated software.

Read more about ransomware

F-Secure also recommends using robust security software that employs a layered approach to block known threats, as well as threats that have not yet been seen.

“Businesses should also use a good email filtering system, disable macro scripts from Microscoft Office files received by email, and educate employees on current spam and phishing schemes,” the report said.

In addition, businesses can limit the use of browser plugins; manage access controls so no user gets more access than they need; implement application controls so programs cannot execute from common ransomware locations; implement application whitelisting; and segregate data to limit lateral movement inside a network.

In all else fails, the report said if the criminals offer a channel to get in touch with them, try negotiating because it may just work. ... ... ... ... . . . . . . .. . . . . . .

Next Steps

Ransomware negotiations: An inside look at the process

Read more on Hackers and cybercrime prevention