Journalist Bob Sullivan on negotiating with ransomware gangs. Three interesting bits:
There is a reputation system for ransomware gangs:
It can sound strange, but during a recent lecture at Duke University, Ehuan said there were "good" cybercriminals -- gangs that have a reputation for keeping those promises. After all, it's their business. If they were to take the Bitcoin and run, security firms would stop making payments. On the other hand, you can't trust every criminal -- only the "good" ones.
Make sure they've got the goods before you pay them:
We provide them with a known encrypted file to make sure they are able to unencrypt and provide us back the known file to ensure that actually have the decryptor. We have a discussion with the TA over the dark web to lower price due to funds the client has available, etc.,
"It's just business":
Ransomware attackers may portray the entire ransomware payment process as more akin to an ordinary business transaction than an international extortion scheme. In fact, some recent ransomware attackers purportedly even offer a victim company a discount if the victim company transmits the infection to other companies, just like referral programs of Uber or Lyft.