Professional ransomware negotiators going out of business as hackers threaten victims to delete encrypted data if they ask for their help

Ransomware groups are always looking for ways to make their attacks more efficient, which involves doing as much damage as possible to victims. According to recent security reports, the Grief Corp ransomware operation is threatening affected organizations with permanently deleting all their information if they refuse to pay the ransom or turn to a professional negotiator.

Through its platform on the Tor network, this hacking group mentioned: “We want to play a game. If we see a professional negotiator, we will simply destroy the stolen data. Either way, negotiators get paid for their work.”

This is the second group to take a similar measure, as a few days ago RagnarLocker operators announced this new trading policy, adding much more pressure to hacking victims. The hacking group even referred to a statement by cybersecurity expert Brett Callow, who for months already mentioned that “ransomware groups do not want their victims to ask for help from professionals or law enforcement.”

The victims of this group are at a crossroads, as Grief Corp is known to be just the rebranding of DoppelPaymer, a ransomware group that wreaked havoc across the U.S. for the past two years. Consequently, US authorities imposed sanctions against any DoppelPaymer-related operation, so victims of these ransomware variants could find themselves in serious legal trouble if they decide to negotiate with hackers.

Moreover, ransomware negotiator Nick Shah believes that hacking groups want to avoid dealing with these professionals because this is one of their weakest points: “Many of today’s most important ransomware groups operate from countries in the former Soviet Union, so communication with victims is not their forte.”

Despite warnings from these groups, authorities around the world advise victims not to pay the ransoms demanded by these cybercriminal groups, as there is no guarantee that the information will be recovered and the payments only help hackers fund subsequent attacks.

Restrictions in these cases have become stronger, so affected companies should opt for a prevention approach, keeping backups up to date and training their staff to spot the risks of ransomware infection before it’s too late.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.