Four months of chat records spanning more than 40 discussions between the operators of Conti and Hive ransomware and their victims have been analyzed, providing insight into the gangs’ inner workings and negotiation strategies. The Conti team is alleged to have decreased the ransom demand from a startling $50 million to $1 million in one exchange, a 98 percent reduction, indicating a readiness to negotiate for a much smaller amount. Conti and Hive are two of the most common ransomware strains, accounting for 29.1% of all attacks recorded between October and December 2021. The difference in communication techniques between the two groups is a crucial lesson learned from the chat log analysis. Conti’s interactions with victims are formal and use several techniques to persuade victims to pay the ransom, while Hive takes a shorter and more direct conversational approach. Conti also offers IT support to its victims in order to prevent future attacks, sending them a so-called security report that outlines a number of steps the affected companies can apply to defend their networks.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that