Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims
September 24, 2021 – Article posted on Cyberscoop
Less than 48 hours before the deadline for Iowa-based grain cooperative New Cooperative to pay the BlackMatter ransomware group’s demands, negotiations took a turn.
BlackMatter, threatened to leak sensitive data allegedly stolen from New Cooperative, and ramped up those threats this week after claiming the company “violated our data recovery guidelines” during negotiations by allegedly working with recovery firm Coveware.
The victim shot back with a surprising barb… except the response wasn’t from New Cooperative – the ransomware negotiation was hijacked. While this was eventually resolved, the incident raises questions about the potential drawbacks of highly sensitive ransomware negotiations entering the public spotlight. Once public, chats that can provide a goldmine of intelligence for researchers and law enforcement can also become a stomping ground for trolls.
“It’s a possibility that maybe the threat actor won’t catch on as easily and they’ll just sever communication altogether,” said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security. “And now you’re not able to decrypt files, so I definitely think that there is a relatively high potential for a lot of negative aspects to come out of that.”
Read More HERE.