https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Paying ransomware

NCC Group: Attackers Know How Much Ransom You’ll Pay Before Negotiation

  • Written by Edward Gately
  • November 16, 2021
Attackers are offering discounts when negotiations go well.

By the time an organization is hit with ransomware, the attacker has already thoroughly researched it and knows how much it will pay in ransom before the negotiation even starts.

That’s according to new research by NCC Group. It collected and analyzed more than 700 attacker-victim negotiations between 2019 and 2021. It investigated ransomware groups that are among the most notorious.

Ransom Negotiation, Discounts, Payments

Among the findings:

  • Each ransomware gang has created their own negotiation and pricing strategies meant to maximize their profit. There are clear signs adversaries have adopted price discrimination techniques based on the yearly revenue of their victims.
  • After negotiating, victims can get a “discount” of 10%-90%. In two-thirds of the cases examined, this discount was more than 50%.
  • With good negotiation tactics, in most cases 50% or more of the ransom can be recovered.
  • A metric, ransom per annual revenue, or RoR, was created. It’s to calculate how much victims paid in ransoms per every million dollars in the company’s revenue. Small companies generally pay more in RoR, less in absolute amount but higher in percentage of revenue.
  • The largest ransom paid was $14 million by a Fortune 500 company. But this was only $822 per every million in revenue, or less than .01% of the annual revenue. By contrast, the medium ransom of small enterprises within the first data set was .22%.
  • Once payments were made, ransomware groups in all cases adhered to the agreements. But in one of every two cases, the decryptor was not very efficient. That led to calling on an external specialist to build a better one.
  • The same criminals have not come back to attack the same victim again. However, researchers did find a rare case where two separate criminal groups gained entry into the same victim at the same time, and agreed to divide the loot.

Well-Developed Business Side

Pepijn Hack is cybersecurity analyst at Fox-IT, part of NCC Group.

NCC's Pepijn Hack

NCC’s Pepijn Hack

“We were surprised that not only the technical side of ransomware has developed in recent years, but also that the business side has been developed as well,” he said. “The business model of attackers has evolved in a way in which they use business strategies to increase profit. Furthermore, they have a system in place in which they use different people for different parts of their business. The people who hack a victim’s network are not the same as the people who run negotiations. This means that they can also specialize in their craft and this makes it more difficult for victims to get the upper hand.”

It’s difficult to prevent attackers from conducting their financial research prior to an attack, Hack said.

“First of all, we have seen multiple attackers making use of open-source databases regarding revenue of their victims such as ZoomInfo,” he said. “The main problem is that the figures the attackers base their ransom on do not have to be correct. As long as they are a rough estimate of the actual revenue, it’s good enough for them. We also did not often see attackers actually refer back to details they got from financial statements. This might be because …

  • Page 1
  • Page 2
Tags: MSPs Best Practices Channel Research MSSP Insider Security

Most Recent


  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • Intelisys Pre-AMP'd Marketing Forum
    Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap
    Marketing is historically a second thought for the sales-focused world of technology advisors.
  • 2023 Opportunities
    There Are Plenty of New Opportunities for MSPs in 2023
    Partnership is key, along with automating data protection and cloud optimization technologies.
  • DE&I mental health
    Mental Health Is Also a DE&I Conversation
    Employees need safe spaces where they can feel comfortable being who they are.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Ransomware Santa Christmas
    Ho, Ho, Ho! Ransomware Attacks Aplenty Expected During Holidays
  • Digital.ai and BlackBerry
    SMBs’ State of Cybersecurity Is Not Great
  • Digital.ai and BlackBerry
    Cloud Migration, Security Gaps Among Top Opportunities for MSPs
  • Data breach on desktop
    Robinhood Data Breach Leaves Millions Potentially Vulnerable

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X