Wade BakerWhat’s the riskiest #ransomware family? Let’s take a moment to look at what portion of overall events and payments are represented by the most common families. Via this risk-like view, REvil clearly occupies the upper right corner—signaling high frequency among cases along with a large share of all payments. When we look at where the families land in respect to the dotted line, we can start to see if there are any unusually high or low frequency-to-cost instances. For example, darkside—along with others in fuchsia—are on the far-left side of the chart, representing relatively few cases but outlandish payments.
However, when victims receive extremely large demands, it raises a whole array of concerns, including whether or not they should even try to negotiate or pay—consistent with our findings in volume 1. This strategy doesn’t typically last very long; after all, criminals want your money and if exceedingly high demands do not produce results, they tend to quickly pivot their strategy.
Source: https://areteir.com/report/reining-in-ransomware-investigative-cybercrime-series-vol-2/
However, when victims receive extremely large demands, it raises a whole array of concerns, including whether or not they should even try to negotiate or pay—consistent with our findings in volume 1. This strategy doesn’t typically last very long; after all, criminals want your money and if exceedingly high demands do not produce results, they tend to quickly pivot their strategy.
Source: https://areteir.com/report/reining-in-ransomware-investigative-cybercrime-series-vol-2/
Valère
AlexSa 
