A mistake that many organizations must avoid, if they are hit by a ransomware attack, is to not let the attackers know that they have insurance.
The revelation by security researchers at Fox-IT shows that once attackers know that the victim has cyber insurance, negotiating a lower ransom becomes almost impossible.
The reason for this is that attackers exploit the existence of a cyber insurance to manipulate the victims in order to pay the demanded ransom amount. It is possible that attackers know about the cyber insurance of a company even without informing the victim.
This can be achieved once the attackers have gained access to the victim’s network prior to carrying out the attack. Therefore, organizations are warned not to store any document related to their cyber insurance on an accessible server.
The research examined over 700 negotiations between Ransomware attackers and Ransomware victims in an attempt to unravel the economy behind digital extortion.
If you are hit with a Ransomware attack, the researchers advise: “The first thing any company should teach their employees is not to open the ransom note and click on the link inside it… the timer starts to count when you click on the link. You can give yourself some valuable time by not doing this. Use this time to assess the impact of the ransomware infection.”