Under the guise of ‘negotiators don’t care about the victim, they’re only in it for the money,’ at least two ransomware groups have recently upped the ante on their quest for a quick buck – or hundreds of thousands of bucks. Amid the flurry of ransomware attacks, the Grief ransomware group is now threatening to destroy the decryption keys of any victim who hires a professional negotiator. Similarly, the Ragnar Locker ransomware group threatened to release stolen data if the victim contacted law enforcement or a negotiator.

Understandably, cyber threat actors are typically averse to involving negotiators in the ransomware process. Negotiators, or ransomware response firms, not only help victims navigate any potential contact with ransomware groups, but also afford the victim time to perform incident response. This time also allows for the potential to recover files and restore systems without the need to pay the ransom, much to actors’ dismay. Likewise, the involvement of law enforcement and credible negotiators advise victims of potential violations to OFAC sanctions that would make it illegal to transact finances with certain criminal groups. These developments, while annoying, don’t really change the need for ransomware resilience. Members are encouraged to embrace ransomware response planning should the unfortunate occur. It’s much better to be able to restore systems than resolve to capitulate to a ransom demand. CISA’s StopRansomware page is a great place to start on the path to ransomware preparedness so you don’t have to consider negotiating for anything. Read more at BleepingComputer.