Ransomware Gangs ‘Willing To Bargain’

The gangs behind ransomware can usually be negotiated with on the price they will accept for decrypting files and will often extend deadlines for payment, researchers have found.

The groups function like any online commercial organisation and strive to deliver a satisfying customer experience, IT security firm F-Secure said in a study of five currently active ransomware types.

Customer service

The findings add weight to other recent research that found computer criminals are increasingly organised in a way similar to legal businesses, with human resources and customer services departments.

Ransomware, which typically encrypts a user’s files and demands payment to decode them, is a lucrative form of computer crime that has spread widely in recent months, but the income it generates depends, paradoxically, upon establishing a rapport with victims, F-Secure said.

“They’re disreputable, yet reputation is everything,” the study found. “Without establishing a reputation for providing reliable decryption, their victims won’t trust them enough to pay them.”

As a result ransomware gangs have developed complex customer-services operations similar to those of small businesses, the study found.

“Websites that support several languages. Helpful FAQs. Convenient customer support forms so the victim can ask questions. And responsive customer service agents that quickly get back with replies,” the firm said. “These are criminals who are making money off the backs of people and businesses they are hurting. But conversely, like any decent venture, they‘re also concerned about offering good customer service – including support channels and reliable decryption after payment.”

Negotiation

Three out of four of the ransomware groups evaluated were willing to negotiate, resulting in an average 29 percent reduction in price, F-Secure found.

None of the gangs were willing to accept payment in any form other than Bitcoin, but many quoted prices in dollars or euros due to most users’ unfamiliarity with Bitcoin and the virtual currency’s wide fluctuations in value.

All of the groups were willing to grant extensions of the deadlines built into the attack code, F-Secure found.

The findings do not apply to all ransomware – researchers recently reported a variant called Ranscam that asks for payment and pretends to encrypt files, but in fact just deletes them.

IT security firms recommend users protect themselves from such attacks by making regular backups, keeping software up to date and using security software such as email filters, since ransomware and other exploits often arrive in the form of email attachments.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Intel To Invest More Than $28 Billion In Ohio Chip Factories – Report

Troubled chip giant Intel will invest more than $28 billion to construct two new chip…

2 days ago

Apple Returns To Top 5 Smartphone Ranks In China, Amid Tim Cook Visit

In Q3 Apple rejoins ranks of top five smartphone makers in China, as government welcomes…

2 days ago

Apple Cuts Orders iPhone 16, Says Analyst

Industry supply chain analyst says Apple cut orders for the iPhone 16 for Q4 2024…

2 days ago

LinkedIn Fined €310m By Irish Data Protection Commission

Heavy fine for LinkedIn, after Irish data protection watchdog cites GDPR violations with people's personal…

3 days ago

CMA Begins Probe Into Alphabet Partnership With Anthropic

UK competition regulator begins phase one investigation into Alphabet's partnership with AI startup Anthropic

3 days ago