The latest findings from NordStellar, a threat exposure management platform, reveal that the number of ransomware attacks in Q1 2026 remained high, with 2,283 recorded incidents. An analysis of leaked ransomware negotiation conversations uncovers tactics and tendencies used by ransomware actors. Key findings include:
- In 76.8% of the conversations ransomware groups threatened to publish or leak the data.
- They often use upselling practices, including special price offers (45.5%) and offers to purchase other services, like “security audits.“
- The median discount in ransomware payments is 57%, with the highest recorded discount reaching as high as 96.2%.
The full report for the analysis of leaked ransomware negotiation conversations can be found here: Ransomware negotiations report
Related
This entry was posted on May 14, 2026 at 9:23 am and is filed under Commentary with tags NordStellar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ransomware playbook: “Special price” offers included in 45% of negotiations
The latest findings from NordStellar, a threat exposure management platform, reveal that the number of ransomware attacks in Q1 2026 remained high, with 2,283 recorded incidents. An analysis of leaked ransomware negotiation conversations uncovers tactics and tendencies used by ransomware actors. Key findings include:
The full report for the analysis of leaked ransomware negotiation conversations can be found here: Ransomware negotiations report
Share this:
Like this:
Related
This entry was posted on May 14, 2026 at 9:23 am and is filed under Commentary with tags NordStellar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.