In May, an anti-ransomware specialist (negotiator) working for a European manufacturing company received an unexpected chat message from an attacker who hacked a specialist’s client.
Buyout negotiations are an area dominated by lawyers, information security companies and consultants well versed in working with hacker groups. Specialists are hired by organizations to negotiate with intruders in order to mitigate their demands. According to Palo Alto Networks Research ransomware ransomware increased to an average of $2.2 million in 2021, which is 2 times more than in 2021. According to Palo Alto Networks, victims usually pay less than half of the ransom amount (about $541 thousand).
The negotiator shared the information with journalists on condition of anonymity because he is not authorized to discuss the incident. The expert helps companies affected by ransomware to bargain with hackers to reduce the amount of ransom.
After the negotiator negotiated a ransom of hackers for several tens of thousands of dollars, the hackers became nervous and demanded a copy of the negotiator’s contract with the company as proof of the legality of the specialist’s work. The scammers said they were afraid of being deceived. “We need to know that you are honest with us”, — the hackers wrote to the specialist.
“The attackers were afraid that I would take an additional amount from my client in excess of the ransom amount”– said the expert.
Then the hackers made a bold offer: they offered the negotiator access to the database of other companies so that he could provide his services to new clients. In return, cybercriminals offered to pay them a commission on each ransom, but the specialist rejected the offer.
According to the expert, hackers are members of the group Haron . This group became known after cyberattack on the Colonial Pipeline disrupted the supply of gasoline to the United States and led to the arrests of members of hacker groups, related to Russia .