Ransomware Gangs ‘Willing To Bargain’

The gangs behind ransomware can usually be negotiated with on the price they will accept for decrypting files and will often extend deadlines for payment, researchers have found.

The groups function like any online commercial organisation and strive to deliver a satisfying customer experience, IT security firm F-Secure said in a study of five currently active ransomware types.

Customer service

The findings add weight to other recent research that found computer criminals are increasingly organised in a way similar to legal businesses, with human resources and customer services departments.

Ransomware, which typically encrypts a user’s files and demands payment to decode them, is a lucrative form of computer crime that has spread widely in recent months, but the income it generates depends, paradoxically, upon establishing a rapport with victims, F-Secure said.

“They’re disreputable, yet reputation is everything,” the study found. “Without establishing a reputation for providing reliable decryption, their victims won’t trust them enough to pay them.”

As a result ransomware gangs have developed complex customer-services operations similar to those of small businesses, the study found.

“Websites that support several languages. Helpful FAQs. Convenient customer support forms so the victim can ask questions. And responsive customer service agents that quickly get back with replies,” the firm said. “These are criminals who are making money off the backs of people and businesses they are hurting. But conversely, like any decent venture, they‘re also concerned about offering good customer service – including support channels and reliable decryption after payment.”


Three out of four of the ransomware groups evaluated were willing to negotiate, resulting in an average 29 percent reduction in price, F-Secure found.

None of the gangs were willing to accept payment in any form other than Bitcoin, but many quoted prices in dollars or euros due to most users’ unfamiliarity with Bitcoin and the virtual currency’s wide fluctuations in value.

All of the groups were willing to grant extensions of the deadlines built into the attack code, F-Secure found.

The findings do not apply to all ransomware – researchers recently reported a variant called Ranscam that asks for payment and pretends to encrypt files, but in fact just deletes them.

IT security firms recommend users protect themselves from such attacks by making regular backups, keeping software up to date and using security software such as email filters, since ransomware and other exploits often arrive in the form of email attachments.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

14 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

17 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

19 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

2 days ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

2 days ago