Research firm Trend Micro has released a report finding that at least one ransomware group now offers a live chat option to help talk victims through the bitcoin purchasing process. Since bitcoins remain untraceable online, this online chat option offers a service to help ransomware victims pay for the decrypt key in bitcoins after being hit by a ransomware attack. To ensure an undetectable identity, the cybercriminals use a publicly available chat option through onWebChat, a live chat software for websites. To show just how it works, a Trend Micro staffer “posed as a Jigsaw ransomware victim and contacted the bad guy through a link provided.” The conversation can be found on Trend Micro’s report.
While not much can be discovered about the cybercriminals and the ransomware groups due to protect SSl/TLS protocols, Trend Micro was able to obtain some interesting details regarding how these gangs operate, specifically that the cybercriminals often trust that the victims will tell them the ransom amount. “Interestingly, the cybercriminal on the other end of the chat conversation doesn’t actually know when the user was infected. The “timer” is only based on a cookie set on the affected machine–if this cookie is deleted, the countdown resets to 24 hours. As a result, the cybercriminals are actually reliant on the user’s honesty when it comes to finding out how much ransom should be paid,” the company said. Experts in cybersecurity tend to agree that these ransomware gangs often operate as a business. By following through with their promise to unlock the files once a ransom is paid, organizations will increasingly pay the ransom knowing that they will soon have access to their files. Not to mention, an interaction through a direct human contact can help the criminal persuade the victim into paying the fee.