Why ransomware criminals need great customer service

Yes, even bad-guy malware developers have to keep their "customers" happy. Read what happens when F-Secure tests the "help desks" of four crypto-locking malware makers.

Ransomware developers have customers, however unwilling they may be. Thus, these criminals also have customer service. But is it effective? F-Secure, a company that specializes in security and anti-malware products for consumers and corporations, decided to evaluate the “help desks,” if you will, of ransomware malware, which covertly encrypts files on victims’ machines, and then demands fees paid in Bitcoin to unlock the unwanted encryption.

As with piracy and hostage-taking on the high seas, ransomware developers depend on providing honest, effective service after committing their crimes. As F-Secure notes in a breezy, darkly amusing white paper released Monday, “Without establishing a reputation for providing reliable decryption, their victims won’t trust them enough to pay them.” Indeed, killing the “hostages”—a user’s files—after accepting payment and not decrypting documents would quickly make this kind of attack unprofitable, as people would stop paying. (Though that doesn’t stop some malware makers from peeing in the pool.)

F-Secure approached the exercise as if reviewing common, legitimate software and services. It created a fake identity, “Christina Walters,” and then allowed “her” system to be infected by the major families of ransomware. F-Secure then examined the quality of the ransomware interface, the clarity of an associated website, and the willingness of customer support to educate the target about payment, and to engage in negotiation over price and deadline.

“Ransomware has always been technologically possible. It’s the customer service that didn’t scale,” said Sean Sullivan, F-Secure Labs’ security adviser, in an interview. He noted that the TOR network, used for identity-obscuring browsing, together with Bitcoin provided the missing piece. “The only thing that kept it from scaling was the getting paid part,” Sullivan said.

While one ransomware attacker’s organization didn’t respond, F-Secure’s “Christina” corresponded with the other four. F-Secure was able to obtain one or more extensions to its payment deadline in those four cases, and negotiated a lower fee in three out of the four infections.

But, again, please read the F-Secure white paper. It provides eye-opening illustrations of how the bad guys actually operate in the wild.

The impact on you: Because crypto-ransomware can use any vector for infection, the best defenses are simple ones. First, keep your computer’s operating system up to date and fully patched, without Flash or Java installed and active. Microsoft Office macros should be disabled. Second, do continuous, up-to-date backups that retain multiple older versions of files. This way, if you do become a victim of ransomware, you’ll have backups of all the files under the encryption attack. Third, avoid visiting dubious websites, and never open unexpected, unsolicited ZIP files and email attachments. You should also train those around you, whether they be friends, family or co-workers, to exercise the same caution.

F-Secure, like other security software vendors, also suggests you install anti-malware software that shuts down malware vectors and provides alerts about unexpected system behavior.

Join the CSO newsletter!

Error: Please check your email address.

Tags ransomeware attackersmalware

More about F-SecureMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Glenn Fleishman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place