We use cookies to provide some features and experiences in QOSHE

More information  .  Close
Aa Aa Aa
- A +

Inside a Ransomware Negotiation: This Is How ‘Asshole’ Russian Hackers Shake Down Companies

1 2 1

“$1.1m. We will never go lower and this offer is valid for 48 hours. Keep it or leave it.”

That’s the message a small retail business on the East Coast of the U.S. received earlier this summer when it realized it was being held up by a Russian-speaking ransomware gang.

At first the hackers demanded more than $2 million—an overhead that would have left the victim company reeling, according to transcripts of the negotiations with the ransomware gang The Daily Beast obtained. It wasn’t going to work, even with the hackers’ dangling offer that the millions of dollars would be accepted in exchange for unlocking the business’ systems and a promise to not publish or sell their stolen files.

So instead of coughing up the demand right away, the victims started groveling. They pleaded with the hackers, noting they didn’t have cybersecurity insurance and couldn’t afford the demand.

The hacking gang, known as Conti, appeared to acquiesce slightly, and offered a minor discount. But they balked at the victim’s next suggestion that they only cough up several hundred thousand dollars.

“We have reviewed all the documents we have on file,” the hackers wrote, arguing that the counteroffer was “too low,” according to the transcript.

The victim ended up opting to pay the updated offer of just over $1 million, after verifying they had the correct bitcoin payment address with the hackers. Much to the company’s relief, the hackers quickly sent over the decryptor, the tool that would allow the victims to regain access to their systems, which they’d been locked out of for days.

But reassurances the hackers would delete the stolen data and not publish it did not come so quickly.

That’s when the panic set in.

“Per our agreement, please provide a copy to all of our data,” the negotiators pleaded, before following up a few hours later: “Please confirm that you will delete it everywhere and give us proof of deletion. Thanks.”

Several more pleas were sent to the hacking gang, but they were met with days of silence. In all, the company waited seven days before hearing back.

Dave Wong, who worked with the victim in this case to recover from the ransomware attack, told The Daily Beast he thinks the company got nervous as soon as they paid because the reality set in that the future of their company was in the criminals’ hands, and they had no way of knowing if the gang would follow through.

“A lot of companies are a little bit nervous because they’re handing over a million dollars and you’re trusting the criminal is going to keep his end of the bargain,” Wong, a vice president at FireEye’s Mandiant, told The Daily Beast. “I think that’s........

© The Daily Beast

Get it on Google Play