Ransomware criminals are chatting with their victims offering them the decryption keys they need and also putting deadlines. They often chat about how the user can obtain Bitcoin.
F-Secure, a Finnish security vendor released 34 pages of transcripts from the group chat used by the hackers from the Spora ransomware family. The conversation not only puts a spotlight on the batch’s customer support, said a company security advisor, illustrated intertwining of the Bitcoin and the extortion malware.
“We should also be thankful that there are some practical barriers to the purchase of Bitcoins,” wrote the Sean Sullivan from F-Secure in a post to the blog of firm. “If it was any easier to do so, it would be very hard to check the growth crypto- ransomware’s business model.”
Sullivan originally wrote that conclusion on last month, in a short section from the “State of Cyber Security” report which F-Secure published then. A few days back, F-Secure posted these transcripts, 20,000 words or more, and dubbed them as the collection a “new supplemental appendix” to the original report they made.
“This is [A] fascinating read,” Sullivan said.
He was not kidding.
In one exchange, a Spora victim said he or she had paid the extortion fee, but had gotten nothing in return. “I already sent you 98USD worth of bitcoin,” the victim reported.
In response, the “customer support rep” cursing the victim for entering an invalid Bitcoin destination address. “But do you agree, that it is your mistake, that you entered an incorrect address?” asked the Spora rep.
“I just copied the address that was given at the refill page. How can I be mistaken?” the victim replied.
In a few of these many similar threads—the transcripts have identified each victim by their first character of the ID created by that ransomware—some of them pleaded for mercy.
“ Hello crooks. I agree to pay,” said “0” in a lead-off message. “But 570 dollars for a lot of photos of my grandmother. Can I expect a discount if I leave good feedback on the forum about you?”
No, go. “We do not provide any discount. Also, we cannot be sure, that you have only photos,” reported the “support.”
At times, the messages are pitiful. “Hello, I am 82 and my family picture [sic] go away—bad, very bad,” reported another victim identified as “0.”
Others have played the anger card, the sympathy card, the profanity card. “Am I the one you should hack? No! I am just a small salary man who tries to make ends meet and bring food to his kids,” said “E,” who identified himself as the “Mustapha from Morocco.”
You can find the complete Spora transcripts here.
The story, “Ransomware ‘customer support’ chat reveals criminals’ ruthlessness” was first published by the Computerworld.
