Malware

Ransomware is now a business, with great customer service

When you hear about things like brand reputation, customer satisfaction and stellar customer service, you may not think these things would play on a cyber-criminals mind. You’d be wrong.

Ransomware. Arguably the most destructive type of malware on the Internet right now. Get an infection, and you can expect all of your personal files to be heavily encrypted. Everything from videos to images. Documents to spreadsheets. Imagine everything you’ve stored on your computer, inaccessible.

And to get it back? Pay the criminals who did this to you, and in return maybe get the decryption key to unlock everything.

Read our article on everything you need to know about ransomware here.

The point of this quick article is to highlight the fact that ransomware has become so prolific, both in popularity and sophistication, that it now endures many of the issues, quirks and problems that many, above-board large scale business operations have to tackle on a daily basis.

Ransomware distributors need “good” reputations and customer satisfaction

It is important for nearly every company to have a good reputation, and stellar customer satisfaction. It’s simple. Without it, paying customers don’t come back, right?

It perhaps may sound ridiculous to many, given the nature of what ransomware is and does – but this key principle is applied by those who create and distribute ransomware. Ransomware nets its creators so much money because it relies on those who get infected by it choosing to pay the criminals the ransom in return for the decryption key to unlock their files. If those who distribute ransomware were thinking short-term only, there would be little priority to actually honouring this agreement, and would simply net the money and run.

But many (not all) ransomware distributors do honour this agreement, and will allow paying “customers” to unlock their files. On the face of it, this may sound absurd, that ransomware distributors are ensuring their customers get the “products” (i.e. decryption keys) they paid for. But in reality it is both clever and worrying at the same time. It’s evidence that those who distribute ransomware are thinking long-term growth, and that they, like legitimate businesses, need good reputations, so that those infected with ransomware will pay up. If all ransomware distributors refused to hand over the decryption key, then that revenue will soon dry up as victims will inevitably soon refuse to pay.

(With that said, we still don’t recommend paying up. The Internet is littered with stories where criminals both did and did not unlock the files, and paying up gives the criminals an incentive to continue.)


Sponsored Content. Continued below...




Ransomware distributors and customer service

If your computer goes wrong, you can ring up the technical support line to get help. The same applies to many versions of ransomware out there as well, albeit the support doesn’t come over the phone.

Again, it just sounds bizarre, that those responsible for ransomware would put any thought into providing good customer service, but again it’s a smart move. After all, paying the ransom anonymously through Bitcoin (so it can’t be traced) isn’t something your technophobic auntie is likely to be able to do without some help.

This is why many versions of ransomware, including Cerber and recent permutations of the Petya ransomware, will come supplied with a chat window where you can have a live chat with a “technical support advisor” on how to make that payment as smoothly as possible. If there is no one to talk to through chat, there’s always a support email you can use instead, or even just venture to the support forums. It’s enough to put the customer service departments of legitimate companies to shame.

After all, ransomware authors don’t want you to run into any bother paying up, or (as per our previous point) unlocking your files.

Special offers and price negotiations

As we illustrate above, ransomware authors want to keep their “customers” (cough, victims) happy. A study by F-Secure found that most ransomware distributors would happily negotiate a lower price for certain, non-technically inclined victims. So if you’re going to get infected by ransomware, it may be better to do it during the January sales.

Second, third, fourth generation ransomware

The number of different versions of ransomware out there is extensive, yet many versions of it are just “next generation” variants of earlier versions. This phenomenon is actually not just exclusive to ransomware, but other types of malware too. But it is demonstrated perfectly by ransomware, where fourth or fifth generation “products” are “hitting the shelves”, each ironing out bugs and quirks found in previous versions.

Perhaps it’s only a matter of time before one variant comes bundled with Siri.

It’s all about the bottom line

Ransomware is shaping up very much like an actual business, and after all is said and done, it’s the bottom line that matters most. The amount of money netted by ransomware is a mystery, simply because most are unwilling to admit they were a victim to it. But even conservative estimates suggest its hundreds of millions of dollars profit each year.

A bottom line that almost all software companies could get on board with.

Remember

This whole article demonstrates that ransomware is big, and it’s not going anywhere any time soon, so read our article on how to avoid ransomware and remember – back up your files!

Share
Published by
Craig Haley