i Table of contents 210

NCC Group plc Annual Report 2022

Market drivers

Threat landscape meets research

1

The scourge of ransomware continues as a distinct threat to organisations of all sizes. As organisations invest to improve their resilience against attacks, and policymakers struggle to find effective regulatory and law enforcement responses to ransomware gangs, we have used our unique insight, intelligence and research capabilities not only to assess the scale of the threat but to understand underlying dynamics and trends and to devise and advise on appropriate solutions and responses. As more nations realise that ransomware is a threat to national security, I’m hopeful that we’ll see a proactive, joined-up response from governments. European intelligence services need to come together with their allies to develop genuinely coordinated, proportionate defensive and offensive cyber operations. ”

Inside the ransomware negotiation economics When an organisation is hit by a ransomware attack, at the heart of the nightmare is the question – to pay or not to pay? Paying a ransom or negotiating with criminals is problematic to say the least, and not something that we recommend or endorse. Despite some legislative efforts to ban, or require government permission for, or reporting of, ransomware payments, a significant percentage of ransomware-affected businesses see no other option than to negotiate and, in the end, pay the ransom. But not much is known about the economic backgrounds and negotiation strategies of digital extortion. That gap prompted our researchers Pepijn Hack and Zong-Yu Wu to investigate negotiations that take place after the decision has been made to pay a ransom after a successful ransomware attack. More than 700 cases Our researchers looked at how the most notorious ransomware groups use economic models to maximise their profits, examined the victims’ position during the negotiation phase and considered what strategies ransomware victims can use to level the playing field as much as possible. More than 700 attacker–victim negotiations were collated between 2019 and 2020. The researchers had access to the negotiation process between these groups and their victims and, in addition, a large amount of data was examined. The negotiations under investigation were partly done by a negotiator and partly handled by the victim itself. Our researchers found that ransomware gangs have developed negotiation and pricing strategies to maximise their profits, based on understanding their victims’ financial situation prior to executing their attacks. While this leads to an unlevel playing field, ransomware victims are not completely powerless. We summarise our researchers’ main conclusions here but detail comprehensively the strategies victims can deploy to counter attackers’ advantage, as well as practical tips about the negotiating process, in our research report. Read more here: research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside- the-ransomware-negotiation-economics

Inge Bryan Managing Director, Fox-IT

20

NCC Group plc — Annual report and accounts for the year ended 31 May 2022

Made with FlippingBook Online newsletter maker