“When some sort of attack has happened, a demand comes through – and that invariably is through a web-hosting chat forum where the threat actor puts their demands and there’s a ticking clock that shows you the time you’ve got left to deal with that,” he said. “On some occasions, they do create emails but [whichever format] they use, we communicate with them through that.
“There’s some misunderstanding about the word ‘negotiations’, however, because everyone thinks that you negotiate the price and that we’re there just to get the lowest price. Actually, it’s far from that. We engage with the attackers to obtain as much information as possible to enable the client to make a enhanced risk assessment.”
Read more: What is actually fuelling cybercrime?
STORM works to encourage clients, where possible, to engage with attackers to obtain this information and thus increase the quality of their threat assessment. Actual ransom negotiations are generally at the latter stages of any engagement, he said, and STORM actively works to look at all the options available, rather than merely paying demands. Through…
