SecureWorld and the BBC have published a dark recitation that we all should read. It outlines a Ransomware Negotiation where hackers demanded a ransom of $3 million dollars. The following are excerpts from the article showing the hackers hubris:
“UCSF, or its negotiators, asked for hackers to take down information they had posted, to get things rolling.
[Netwalker hackers] “Done, your data is hide from our blog. Now let’s discuss.”
Hackers explained that UCSF had more than $5 billion in annual revenue, so a $3 million ransom seemed reasonable.
The university responded by offering $780,000 and explained that the coronavirus had been very costly to the university.
[Netwalker hackers] “How can I accept $780,000? is like, I worked for nothing. You can collect money in a couple of hours. You need to take is seriously. If we’ll release our blog, student records / data, I am 100% sure you will lose more than our price what we asked. We can agree to an price, but not like this, because I’ll take this as insult.”
Keep that 780,000 to buy McDonalds for your employees. Is very small amount for us.”
In his BBC article, Tidy says back and forth negotiations continued for a day until the University of California came up. It now offered a ransom of $1.02 million.
Then, the high stakes negotiating continued.
[Netwalker hackers] “I speak with my boss. I sent him all messages and he can’t understand how a university like you: 4-5 billions per year. Is really hard to understand and realise you can get $1,020,895. But okay. I really think your accountant / department can get $500,000 more. So we’ll accept $1.5m and everyone will sleep well.”
With the two sides still almost $500,000 apart, it was the university’s move.
A few hours later, Tidy writes, UCSF made a final offer of $1,140,895.
Hackers squeezed nearly another $120,000 from the university.
[Netwalker hackers] “Ok, good. Now you can sleep well. Well can you pay?” {End Comments}
Security is our new battlefield for business.
Article from
