Troldesh Ransomware Hacker Agrees To Halve Fee After Negotiations

A security researchers was successfully able to barter with a hacker responsible for the ‘Troldesh’ ransomware, halving the initial fee demanded for the decryption of her computer

Natalia Kolesova, an anti-bot analyst at Check Point, was able to initiate contact with the Russian hacker responsible for Troldesh, aka Encoder.858 or Shade through an email address.

Negotiating Ransom

Essentially, once Troldesh infects a machine via spam email, it gives out an email address for the user to contact, as it encrypts all the user’s data and demands a ransom in exchange for decryption.

This direct communication between the hacker and the victim is very rare, as most hackers try to hide themselves and avoid any direct contact with the victim. But the Troldesh hacker gives out an email address so they can dictate a payment method.

“I was very interested to learn more about the ransom and tried to start a correspondence with the attackers,” blogged Check Point’s Kolesova. “After several minutes I received an answer with my next instructions.”

The hacker demanded a payment of €250 (£183) to decrypt all of the files on her computer. But Kolesova pleaded with the hackers to get a discount, saying she was Russian and that €250 was a month’s salary for her.

“To my great surprise, after a minute I got an answer from a real person who was open to discussion!” she blogged. The hacker then offered to accept 12,000 roubles, a discount of around 15 percent.

After Kolesova pleaded further, the hacker responded: “The best I can do is bargain.”

Kolesova took a break and began pleading the next day. “I ask you: please, return my data – this is almost all of my life for the last several years! I really don’t have much money to pay you! Be humane!!!”

In the end, the hacker agreed to a payment of 7,000 roubles, a 50 percent discount from the initial asking price.

“By the end of our correspondence, I managed to get a discount of 50 percent,” blogged Kolesova. “Perhaps if I had continued bargaining, I could have gotten an even bigger discount.”

Ongoing Problem

Ransomware is an ongoing problem for the security industry and end users around the world.

Last year for example, researchers discovered Android ransomware that encrypted the user’s content on their mobile device before demanding a ransom payment so the victim can regain access to their files.

Last month, Symantec revealed ransomware themed around the TV show ‘Breaking Bad’. That malware affected computers across Australia, and encrypted images, videos, documents, and more on the compromised computer. It demanded up to AU$1,000 ((£510 / $791) to decrypt those files.

What do you know about Internet security? Find out with our quiz!