Despite oft-repeated advice to never pay in response to a ransomware attack, the reality is that this is not always a possibility. However, the desire to pay as little as possible has given rise to companies like Coveware. They act as negotiators between victims (their clients) and the criminals targeting them.
A Business Case
While it may seem counter-intuitive to attempt to negotiate with these cyber-criminals, ransomware generally comes in one size. This certainly does not fit all victims. The ability of a large corporation to pay a ransom is not the same as a small business or an individual.
While Coveware does not reveal their negotiation methods, one might imagine it centers around this. After all, it stands to reason that, to the attacker, a small ransom is better than none at all.
This strategy seems promising as a recent case saw Coveware negotiate a ransom down by 80 percent. Coveware then facilitated a secure cryptocurrency payment in return for the decryption tool.
Stage One — Success
Almost unbelievably, Coveware claims a 100 percent success rate in retrieving the decryption tools. This is, however, only the first stage. These tools are often difficult to use, but each case builds on the available data in order to implement it in the most effective way possible.
Often, Coveware will have to return to the attacker as an unlikely source of advice. As Coveware CEO, Bob Siegel says:
For the most part the attackers do their best to be helpful, which creates an odd dynamic to say the least. But at the end of the day, the criminals are running a business, and they know that if their decryption does not work, word will get out quickly.
There are situations when Coveware advises against payment, even if the client wants to. For example, if the data encrypted is not mission critical, it may be better to create back-ups and wait.
It is common for decryption tools to become available in the public domain down the line. By holding out, a victim could recover their data without cost.
Siegel’s ultimate aim is to eradicate ransomware altogether. By analyzing information on attacks, his company hopes to collect data to share with clients, security firms, and law enforcement. This can enhance cyber-security across the board while rendering companies less vulnerable to attack.
To this end, Siegel offers his services for free to small businesses. He says:
Most ransomware data is gleaned from backwards looking surveys of IT professionals, which are anecdotal and stale. The only way to get hard data on ransomware is to jump into the trenches and help victims through incidents.
What are your thoughts on Siegel’s approach to ransomware? Let us know in the comments below!
Images courtesy of Shutterstock.