Security News > 2024 > April > Ransomware group maturity should influence ransom payment decision

Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers' servers, and/or not leaked online.

The decision will depend on a variety of factors but, according to GuidePoint Security, an important one should be the overall maturity and prominence of the ransomware operators who pulled off the attack.

GuidePoint researchers have offered additional advice: "Consider the known history, credibility, and plausibility of ransomware groups and the claims of their operators in order to reach an informed decision regarding ransom payment or non-payment."

Based on previous experiences and discussions with peers, the researchers found that while mature RaaS groups work to have a solid reputation so victims are more likely to pay the considerable ransoms the group and its affiliates demand, the smaller, less known groups are much less incentivized to play by the rules they set out.

"Without a brand to build or defend, or with a name that can be changed at a moment's notice, there is little to no risk for an immature ransomware group to re-extort victims until they refuse to pay any further. Community information sharing on the topic is low and this class of threat actor attracts less security reporting or scrutiny in general," the researchers noted.

They also argue that, "When threat modeling or response planning for ransomware incidents, unbranded or immature ransomware groups should be considered as a distinct threat as opposed to larger, more established ransomware groups."

News URL

https://www.helpnetsecurity.com/2024/04/11/ransomware-payment-decision/