Free report: breaking down ransomware negotiations

Discover the exact tactics threat actors use to extort businesses, negotiate payouts, and upsell stolen data – as revealed in the chat logs between attackers and victims.

What the data shows

25.6%

of negotiations resulted in payment

96.2%

was the largest discount negotiated on a ransom demand

is the average message count per negotiation

57%

is the median discount across successful settlements

Read chat exchanges between attackers and victims

This report includes transcripts of ransomware negotiations, which give you an unfiltered look at how threat actors apply pressure and manipulate their targets.

You'll find the language attackers use to create urgency, the sales tactics they deploy to close deals, and the moments where victims gain leverage – or lose it entirely.

Simulated ransomware chat showing threat actors pressuring victims for file decryption decisions

Get the experts’ perspective

“It’s recommended to not turn off the systems – isolate them from the network instead, because pulling the plug destroys forensic evidence. Inspect the ransomware note, document its contents, immediately call an incident response firm, and contact a cybersecurity insurance provider – many policies cover incident response, but they require early notification.”

Vakaris Noreika, Cybersecurity Expert at NordStellar

Here’s what you’ll learn

What the attack timeline looks like from the initial breach to the ransom demand.

What pricing frameworks attackers use to determine their initial demands.

What your company can do to prevent ransomware attacks effectively.