We all know the risk of a ransomware attack. Headlines of the latest victims might haunt the dreams of chief information security officers (CISOs) and security operations centers (SOCs) due to the multi-extortion models used by modern ransomware groups.
We wanted to get a better understanding of what victims go through during the aftermath and recovery process of a ransomware attack to help others in case they find themselves in a similar situation. To do this, we analyzed victim support chats for five ransomware families: Conti, Lockbit 2.0, AvosLocker, Hive, and HelloKitty for Linux. Each of these ransomware groups uses unique victim identifiers to offer negotiation and “support” while the victim tries to recover their data.
Source: Trend Micro