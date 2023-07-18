In January 2021, JBS—the world’s biggest meat-processing company—announced it had paid an $11 million ransom in Bitcoin to cyberattackers. In May of that same year, Colonial Pipeline, the largest refined-products pipeline in the U.S., suffered a severe attack that caused the company to shut down operations and freeze its IT systems; the energy giant wound up paying a $4.4 million ransom (also in Bitcoin) to restore its operations.

What was common in both events? Ransomware. Ransomware—that is, malware built to deny a user access to data on their computer—comes in different shapes, sizes, and codes. But the end goal is the same: to cripple critical systems in exchange for a ransom. It’s a cruel technique, and it works: In 2022—a year when the number of ransomware attacks reportedly spiraled down—71% of companies worldwide were affected by ransomware, according to a Statista survey. Data from global security leader Palo Alto Networks show average ransom payment reached $925,162 last year. The stats are worrisome: Even in a year when ransomware attacks supposedly tumbled, attackers still made a killing. And now ransomware attacks are rising again, with security company Black Kite reporting a ransomware resurgence in 2023.

Yet despite the frequency of ransomware attacks and the large sums organizations pay as bailouts, the exact negotiation tactics for ransom payments rarely make the news. That’s partly because law enforcement agencies like the FBI and Cybersecurity and Infrastructure Security Agency strongly advise against payouts. But that warning is often not heeded, with many organizations determining payouts to be the quickest route to recovery. How ransom payments work Like a thief at night, a ransomware attacker thrives on anonymity. After encrypting data from critical systems, they swiftly define the mode of communication and, later, payment channels through a ransom note. “The criminals will dictate the method of communication and payment, which is almost always Tor and cryptocurrency due to anonymity,” Greg Hatcher, founder and CEO of White Knight Labs, explains via email.

