Ransomware Gangs Practice Customer Relationship ManagementVictims Are Prospects to Be Converted to Customers, Says Coveware's Bill Siegel
A recent news report suggests that ransomware attackers single out cyber insurance policyholders because they are more likely to pay a ransom.
But Bill Siegel, CEO of ransomware incident response firm Coveware, says that thesis doesn't map with the attacker priorities he's been seeing. Rather, he says attackers typically put customer relationship management principles to work, and don't overly segment their potential list of targets.
"These guys go after the low-hanging fruit because it's cheap and the conversion rate is high," Siegel says in an interview with Information Security Media Group (see: Ransomware: As GandCrab Retires, Sodinokibi Rises).
"It costs them money to stage an attack, there's a conversion rate on whether or not the attack is successful and then they monetize the attack to varying degrees of size," he says. "Just like any company that has to sell a product, that has to pay salespeople to try and sell the product, some percentage of their prospects convert to customers, and those customers pay them different amounts of money. It is ostensibly no different." (See:Ransomware Victims Who Pay Cough Up $6,733 - on Average.)
In this interview (see audio link below photo), Siegel discusses:
- The business of ransomware, and how it parallels conventional customer relationship management practices;
- Why small businesses - especially organizations with fewer than 50 employees - remain ransomware gangs' favorite target;
- How ransomware affiliates, many wielding Sodinokibi, are hacking into managed service providers, sometimes via remote management tools, to amplify their pool of victims.
Siegel is CEO and co-founder of Coveware. Previously, he served as CFO of SecurityScorecard, head of NASDAQ Private Market and CEO of SecondMarket.