Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness

Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers?

Finnish security vendor F-Secure recently released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. 

The back-and-forth not only put a spotlight on the gang's customer support chops, but, said a company security advisor, illustrated the intertwining of Bitcoin and extortion malware.

"We should be thankful that there are at least some practical barriers to purchase Bitcoins," wrote Sean Sullivan of F-Secure in a post to the firm's blog. "If it were any easier to do so, very little else would check the growth of crypto-ransomware's business model."

Sullivan originally penned that conclusion last month, in a short section of the "State of Cyber Security" report that F-Secure published then. Yesterday, F-Secure posted the transcripts, 20,000 words or more, and dubbed the collection a "new supplemental appendix" to the original report.

In one exchange, a Spora victim said he or she had paid the extortion fee, but had gotten nothing in return. "I already sent you 98USD worth of bitcoin," the victim reported.

In response, the "customer support rep" blamed the victim for entering an incorrect Bitcoin destination address. "But do you agree, that it is you mistake, that you entered incorrect address?" asked the Spora rep.

"I literally copied the address that was given at the refill page. How could I be mistaken?" the victim replied.

In one of many similar threads, the transcripts identified each victim by the first character of the ID created by the ransomware, someone pleaded for mercy.

"Hello crooks. I agree to pay," said "0" in a lead-off message. "But 570 dollars for a lot of photos of my grandmother. Can I expect a discount if I leave good feedback on the forum about you?"

No go. "We do not provide any discount. Also, we cannot be sure, that you have only photos," retorted "support."

At times, the messages were pitiful. "Hello, I am 82 and my family pikture  go away -- bad, very bad," reported another victim identified as "0."

"Is anyone there?" asked another during a stretch when Spora's support didn't respond to scores of messages, apparently borrowing another tactic from legitimate technical support desks.

Others played the anger card, the profanity card, the sympathy card. "Am I the one you should hack? No. I am just a salary man who tries to make ends meet and bring foods to his kids," said "E," who also identified himself as "Mustapha from Morocco.

But as F-Secure's Sullivan noted, many the questions posed to the hackers involved Bitcoin. "Hello, I am from Greece and we have capital  controls, is there any chance of a discount? Am having trouble buy bitcoins from here," remarked one.

"I'm going to pay for bitcoin. But I'm not sure that it works in weekend. Can you remove deadline please? If not works I will pay it on Monday," pleaded another.

The answer from Spora was always the same: No discount. The "rep" often extended deadlines, however, sometimes in response to victims pleading poverty, telling them that when they had the full amount, come back and pay.

"The malware technology to encrypt data has been possible for many, many years; the bigger challenge has always been getting paid," Sullivan pointed out. "In the past, cyber-crime schemes (such as scareware) have been killed off by disrupting the money supply.

The same may well be true of cyber extortion; to kill the business model, it may be necessary to ban Bitcoin."

Computerworld

You Might Also Read:

Would Killing Bitcoin End Ransomware?:

Digital Forensics, Incident Response & Attribution:

Both Police & Business Must Deal With Cyber Extortion:

How To Deal With The Rising Tide Of Ransomware:

 

 

« Russian Cyber Warfare:'Victory in Syria'
TeamSpy Malware Returns to Steal Data »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.