Home Coins Bitcoin (BTC) Ransomware Negotiations Revealed: Flattery and Empathy Works

Ransomware Negotiations Revealed: Flattery and Empathy Works

Ransomware Negotiations Revealed Flattery and Empathy Works

Details of a week-long negotiation between the University of California and a NetWalker ransomware gang have been revealed by Bloomberg.

The University’s School of Medicine was working on a vaccine for Covid-19 in June this year when seven of its servers were locked down by the hackers. Against the advice from FBI, the university took matters into its own hands and conducted private negotiations.

The university negotiator used flattery, appealed to the hackers sense of sympathy and ethics, and managed to reduce the ransom amount from as much as $6M, down to just over $1 million in Bitcoin (BTC) and successfully restored the systems.

Right off the bat, the negotiator ensured they had the hacker’s ‘operator’ on their side, calling for respect from both sides, “I’m willing to work this out with you, but there has to be mutual respect. Don’t you agree?”. Before waiting for a response, they also appealed to the attacker’s pride:

“I have read about you on the internet and know that you are a famous ransomware hacker group and very professional. I know you will honor your word when we agree on a price, right?”

This appeared to work with the operator responding: “We are 100% about respect, and never will we disrespect a client who talk to us with respect.”

Negotiations shifted to feeling out how dedicated each side was, with the negotiator crying poor and stating that all funds had gone into the research with none left to spare.

Calling the apparent bluff, the operator replied that a school who collects over $7 billion in annual revenue should have no trouble paying a few million:

“You need to understand, for you as a big university […] you can collect that money in a couple of hours. You need to take us seriously.”

The first offer by the university was $780,000 and was also scoffed at by the operator. “Keep that $780k to buy McDonalds for all employees. Is very small amount for us,” adding, “I am sorry.”

More time — for both sides

As is typical in ransom situations, the negotiator then asked for two more days in order to allow “the university committee that makes all the decisions” to meet again. The operator agreed on the condition that the $3 million ransom be doubled to $6 million.

A ransomware negotiator from Tel Aviv, Moty Cristal, told Bloomberg the extension might have proved useful for the attackers too, giving them time to identify the value of their stolen data.

The Netwalker Group is a large-scale criminal enterprise and leases its software in a franchise style program. The group posted a recruitment ad in March this year, adding new affiliates to their network.

Getting personal

At this point, either out of desperation or as a psychological strategy, the negotiator started appealing to the operator’s sympathies. “I haven’t slept in a couple of days because I’m trying to figure this out for you,” they said, “I am being viewed as a failure by everyone here and this is all my fault this is happening.”

“The longer this goes on, the more I hate myself […] All I ask is that you be the only one in my life right now to treat me nice. You’re the only one in the world right now who knows exactly what I’m going through.”

The operator seemed responded: “My friend, your team needs to understand this is not your failure. Every device on the internet is vulnerable.”

Four days into the attack, the negotiator eventually came back with an offer over $1 million, saying they were bending their internal rules to accept an additional $120K donation on the grounds that the negotiations come to a close. They even added a time pressure:

“We normally can’t accept these donations, but we’re willing to make it work only if you agree to end this quickly.”

The university spent 36 hours organising the purchase of 116 Bitcoin ($1.14 million) and sending the funds to the attackers. Two more days were required for the hackers to confirm the deletion of all sensitive data and give access back to the university.

After more than eight days without access, the university successfully gained complete access back to all their servers. However the servers remained offline while they investigated the incident with the FBI and other cybersecurity consultants. In the most recent update on June 26, the university stated that the investigation was still ongoing.

First published here

- Advertisement -
Mr Bitcointe
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
474FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,582FollowersFollow
2,230SubscribersSubscribe
USD - United States Dollar
EUR
1.17
GBP
1.27
CHF
1.08
NOK
0.10
JPY
0.01
CAD
0.75
AUD
0.70

Most Popular

A Deep Dive Into Polkadot and How DOT Became a Top Ten Crypto Contender

Just recently a new project called Polkadot joined the top ten crypto coin list almost immediately after the project officially launched. Today,...

SEC halts trading for blockchain company run by former Ron Paul staffer

The United State’s securities watchdog has placed a temporary trading suspension on the stock of Vortex Blockchain Technologies until October 6. The Securities...

Kelta Cafes: Building a Robust Workplace for Blockchain Enthusiasts

Blockchain technology has experienced a lot of growth in the last few years. The immutable peer-to-peer distributed ledger system created by Satoshi...

Bitcoin’s realized cap is now $43 billion above the 2017 all-time high

Crypto market data aggregator Glassnode has published data indicating that Bitcoin’s (BTC) realized capitalization has increased by more than 50% since tagging its all-time...
bitcoin
Bitcoin (BTC) $ 10,490.35
ethereum
Ethereum (ETH) $ 339.63
ripple
XRP (XRP) $ 0.232524
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 215.28
bitcoin-cash-sv
Bitcoin SV (BSV) $ 153.60
litecoin
Litecoin (LTC) $ 44.77
eos
EOS (EOS) $ 2.56
binancecoin
Binance Coin (BNB) $ 23.83
okb
OKB (OKB) $ 6.17
tezos
Tezos (XTZ) $ 2.05
leo-token
LEO Token (LEO) $ 1.24
cardano
Cardano (ADA) $ 0.081115
monero
Monero (XMR) $ 91.48
stellar
Stellar (XLM) $ 0.071276
chainlink
Chainlink (LINK) $ 8.18
huobi-token
Huobi Token (HT) $ 4.61
tron
TRON (TRX) $ 0.025493
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 67.57
neo
NEO (NEO) $ 21.18
iota
IOTA (MIOTA) $ 0.248827
nem
NEM (XEM) $ 0.107425
zcash
Zcash (ZEC) $ 53.18
maker
Maker (MKR) $ 458.58
paxos-standard
Paxos Standard (PAX) $ 1.00
ethereum-classic
Ethereum Classic (ETC) $ 4.95
vechain
VeChain (VET) $ 0.012144
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 3.58
kucoin-shares
KuCoin Shares (KCS) $ 1.03
waves
Waves (WAVES) $ 2.41