Ransomware gangs will swear not to reveal that you were a victim if you pay their ransom demands. SBut if they fail to secure their negotiation chat servers, researchers and intel analysts can discover who their victims are and shoulder-surf any negotiations or payment arrangements. The SuspectFile blog reports on another case like that where a victim paid $800,000 for promises of anonymity and data deletion. Alas, they were not anonymous, even though the blog did not reveal their name:
A company active in the field of software solutions for data management and transformation, based in Germany, was recently hit by a ransomware attack attributed to the criminal group known as Akira.
According to the negotiation chat between the parties, the attackers claim to have deleted 120 terabytes of backups, compromised 118 servers, and locked 787 workstations. It is important to note that these claims come solely from the criminal group, and as of today, no independent verification is available.
During negotiations, Akira presented the victim with a standardized “service package” including: full decryption assistance, proof of data deletion, a technical report on discovered vulnerabilities, a guarantee that the stolen data would not be disclosed or sold, and a promise not to target the company again in the future. The initial ransom request was $6.9 million.
Read more at SuspectFile.
