Ransomware Negotiation Saves Professional Services Firm £2.1M

Situation: An SRA-regulated professional services firm was hit by ALPHV/BlackCat with a £2.4M ransom demand. The firm held highly sensitive client data across multiple active matters, and the threat actor had exfiltrated a significant volume before deploying ransomware. Regulatory obligations were complex and time-sensitive.

Response: Binary Response conducted detailed threat actor profiling on the ALPHV/BlackCat group, including analysis of their negotiation patterns and decryptor reliability. Full OFAC/OFSI sanctions screening was completed before any engagement. Over four weeks of structured negotiation, the demand was reduced from £2.4M to £310k. The decryptor was validated on sample data before payment. A delayed payment window was negotiated to give the firm time to arrange cryptocurrency acquisition.

Outcome: £2.09M saved against original demand — an 87% reduction. The decryptor worked on first run with no data loss. SRA and ICO were notified within 72 hours. The firm’s professional indemnity insurer was fully briefed throughout.

Discuss Your Situation

Every engagement is different. Contact us to discuss your specific situation — whether you're dealing with an active incident or planning ahead.

Get In Touch