Ransomware Gangs ‘Willing To Bargain’

The gangs behind ransomware can usually be negotiated with on the price they will accept for decrypting files and will often extend deadlines for payment, researchers have found.

The groups function like any online commercial organisation and strive to deliver a satisfying customer experience, IT security firm F-Secure said in a study of five currently active ransomware types.

Customer service

The findings add weight to other recent research that found computer criminals are increasingly organised in a way similar to legal businesses, with human resources and customer services departments.

Ransomware, which typically encrypts a user’s files and demands payment to decode them, is a lucrative form of computer crime that has spread widely in recent months, but the income it generates depends, paradoxically, upon establishing a rapport with victims, F-Secure said.

“They’re disreputable, yet reputation is everything,” the study found. “Without establishing a reputation for providing reliable decryption, their victims won’t trust them enough to pay them.”

As a result ransomware gangs have developed complex customer-services operations similar to those of small businesses, the study found.

“Websites that support several languages. Helpful FAQs. Convenient customer support forms so the victim can ask questions. And responsive customer service agents that quickly get back with replies,” the firm said. “These are criminals who are making money off the backs of people and businesses they are hurting. But conversely, like any decent venture, they‘re also concerned about offering good customer service – including support channels and reliable decryption after payment.”

Negotiation

Three out of four of the ransomware groups evaluated were willing to negotiate, resulting in an average 29 percent reduction in price, F-Secure found.

None of the gangs were willing to accept payment in any form other than Bitcoin, but many quoted prices in dollars or euros due to most users’ unfamiliarity with Bitcoin and the virtual currency’s wide fluctuations in value.

All of the groups were willing to grant extensions of the deadlines built into the attack code, F-Secure found.

The findings do not apply to all ransomware – researchers recently reported a variant called Ranscam that asks for payment and pretends to encrypt files, but in fact just deletes them.

IT security firms recommend users protect themselves from such attacks by making regular backups, keeping software up to date and using security software such as email filters, since ransomware and other exploits often arrive in the form of email attachments.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

12 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

13 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

14 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

16 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

18 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

19 hours ago