Coveware: Negotiation between victims and computer criminals
"Never Pay" is the general advice when it comes to a ransomware attack. Despite repeated advice, the reality is that this is not always a possibility. However, the desire to pay as little as possible has given rise to companies like Coverware; which act as negotiators between the victims (their clients) and the criminals who target them.
"We are pragmatic and the mantra of 'never pay' is simply not in line with the reality of the choices that companies have when they are hit," says Bill Siegel, CEO and co-founder of Coverware.
According to Siegel, the negotiation process is fluid and can vary depending on the company attacked, the nature of the ransomware used, as well as the advantages that the IT department already has in responding to problems. On some occasions, it even says that Coverware has advised companies to refrain from paying the ransom, at least until they can formulate a better strategy to respond.
While it may seem counter-intuitive to try to negotiate with these cyberdelicuents, the ransomware usually comes in one size. This certainly does not fit all the victims. The ability of a large corporation to pay a ransom is not the same as a small business or an individual.
Although Coverware does not reveal its negotiation methods, one could imagine that it focuses on this. After all, it is reasonable to think that, for the attacker, a small rescue is better than none.
This strategy seems promising, since in a recent case, Coverware negotiated a bailout of 80 percent. Next, Coverware provided a secure cryptocurrency payment in exchange for the decryption tool.
Coverware is changing the way companies see ransomware. It is quite possible that the days of "never pay" have disappeared, replaced instead by a fluid system of negotiations and business in the rapidly changing world of cybersecurity.
It's certainly unusual to hear, but Coverware has had a 100% success rate when receiving attackers' decryption tools, although the full data recovery rate after the decoder is completely depleted is about 90%, says Siegel.
However, negotiating is only a first stage of the attack. Once the decryption tools are obtained, they are often difficult to use, but each case is based on the data available to implement it in the most effective way possible.
Often, Coveware will have to return to the attacker as a source of unlikely advice. About this Bob Siegel says:
"For the most part, the attackers do everything possible to be useful, which creates a strange dynamic to say the least. But at the end of the day, the criminals are running a business, and they know that if their decryption does not work, they will spread the word quickly. "
There are situations in which Coverware advises not to pay, even if the client wishes it. For example, if the encrypted data is not critical to the mission it may be better to create backups and wait.
It is common for decryption tools to be available in the public domain later. By resisting, a victim could recover their data without cost.
The ultimate goal of Siegel is to eradicate ransomware completely. By analyzing information about the attacks, your company hopes to collect data to share with clients, security firms and law enforcement. This can improve cybersecurity in general and make companies less vulnerable to attacks.
To this end, Siegel offers its services free of charge to small businesses. It states that "the majority of ransomware data is collected from backward-looking IT surveys that are anecdotal and outdated. The only way to get concrete data on ransomware is to jump into the trenches and help the victims through incidents. "
Siegel does not give much to know about his negotiation tactics, which are usually carried out through email or chat. But he says that the company can facilitate a payment in a secure way.
First, Siegel and his colleagues, who have experience in cybersecurity and cryptocurrencies, help companies obtain cryptocurrencies. "A ransomware incident is not the time to learn the vagaries of the cryptocurrency capital markets," he says. "We show the customer, at the last cent, how, when, where, at what price and with what transaction rates the cryptocurrency was acquired".
At the same time, the company executes internally a compliance program against money laundering, developed from the previous jobs of the founders in SecondMarket with a regulated stockbroker. "We execute controls in each part involved in each case, the company, its authorized representatives and any service provider that assists them," says Siegel.
Siegel says his company has "several ways to find information about the attacker" and determine if they are more than a daily cyber criminal.
Rasonware is one of the oldest tricks when it comes to swindling people without money. And when the creators of ransomware technology use blockchain and crypto technology to carry out their nefarious operation, it is even easier for criminals to steal businesses that simply might not know better. As a result, clandestine ransomware continues to grow in 2018, aided by the anonymous nature of the cryptocurrency.
Congratulations @anawertymary! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!