Nice to meet you! That will be 20 million please
David Décary-Hétu
NorthSec 2025 · Day 1 · Salle de bal
David Décary-Hétu, criminologist at the University of Montreal, presents the first large-scale qualitative analysis of ransomware negotiation transcripts: 195 conversations comprising roughly 6,300 messages exchanged between 23 ransomware groups and their victims, sourced from the RansomwareLive dataset. His analysis maps the rhetorical strategies, psychological pressure tactics, and pricing mechanics that ransomware operators deploy — and pairs this with a logistic regression identifying the variables that predict whether a ransom is ultimately paid. The findings have direct implications for incident response planning and negotiation strategy. ---
AI review
Criminologist David Décary-Hétu (University of Montreal) presents the first large-scale empirical analysis of ransomware negotiation dynamics: 195 transcripts, ~6,300 messages, 23 groups. Core findings: initial demands average ~3x final settlements (50%+ discount is structural, not exceptional), operators conduct financial/insurance reconnaissance before first contact, conversation length predicts eventual payment, and the post-payment 'vulnerability assessment' add-on is boilerplate worthless.