Black Hat , Events , Fraud Management & Cybercrime

How Ransomware Group Stability Affects Payment Decisions

Robert Boyce on Accenture's Strategy for Assessing the Behavior of Ransomware Gangs
Robert Boyce, global cyber resilience lead, Accenture

Organizations facing ransomware threats must evaluate the stability and credibility of the attacking group to make informed decisions about paying ransoms, said Accenture's Robert Boyce.

See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware

Accenture has developed a maturity matrix to help companies gauge the trustworthiness of extortion groups by analyzing the group's past behavior, promises to victims and overall stability, Boyce said. This should help organizations determine whether the ransomware group is likely to follow through with its promises, such as decrypting data after payment or refraining from conducting further attacks, Boyce said (see: How Criminals Are Weaponizing Leaked Ransomware Data).

"This past year, we've seen a number of the prominent ransomware-as-a-service gangs disappear because they have either been the target of law enforcement or, more notably, executed exit scams," Boyce said. "These different points of analytics help an organization really understand, 'If we pay, can we trust that we're not going to be a victim again from the same threat group?'"

In this video interview with Information Security Media Group at Black Hat 2024, Boyce also discussed:

  • The importance of evaluating ransomware group stability and track records;
  • The shift from encrypting data to targeting executives with stolen information;
  • The rise of ransomware exit scams and their implications for future attacks.

Boyce's primary focus is helping clients prepare for and respond to significant cyber events by focusing on the threats that matter and driving digital transformation through innovative protection strategies. He provides hands-on consulting services to the Global 2000 in the areas of advanced security operations, crisis preparedness and response, and cyber defense and protection strategies.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.