Ransomware authors are often willing to offer discounts as well as deadline extensions to their victims, according to new research from F-Secure.
The Finnish security company decided to find out more about this near-ubiquitous form of malware from a customer experience perspective, via a fake Hotmail account and victim persona.
It evaluated five ransomware families in the end: Jigsaw, Cerber, TorrentLocker, Shade, and Cryptomix.
They were appraised by the UI, how informative/helpful the customer service was, language support and whether it offers a free trial decryption feature to help boost user trust.
It found that on average the four service agents that replied to F-Secure persona “Christine Walters” were willing to drop their original asking price for the all-important decryption key by 29%.
In the case of Cryptomix, which was the most expensive variant with a starting demand of around $1900, the discount offered went up to a whopping 67%.
In addition, all of the agents that were contacted and replied were willing to extend the deadline for payment.
The report explains why:
“The paradox of ransomware is that the perpetrators are criminals…with a customer mindset. They’re disreputable, yet reputation is everything: Without establishing a reputation for providing reliable decryption, their victims won’t trust them enough to pay them.”
F-Secure recommended consumers and businesses mitigate the risk of ransomware attack by backing up their files regularly and testing said back-ups to ensure they’re reliable.
Ensuring key software is patched and up-to-date will also minimize the risk of infection, as will installing robust security tools which take a layered approach to protection from known and unknown threats, it said.
F-Secure urged users to watch out in particular for spam and phishing emails, especially ones requesting the user to open an attachment or click on a link, and warned that so-called legal docs asking the user to “enable content” are traps.
“Bottom line: always be suspicious,” the report concluded. “Businesses should also use a good email filtering system, disable macro scripts from Office files received via email, and educate employees on current spam and phishing schemes.”
Negotiating with the criminals should only be an option of last resort, F-Secure argued.