Assesses security ransomware to “customer satisfaction”

Jul

19

2016

F-Secure has examined the ‘friendliness’ of different ransomware variants. The report seems written with a wink, but nonetheless provides an interesting insight into the processes behind ransomware operations.

The study was set up to go out in search of variants of ransomware which were equipped with a functioning command-and-control server, which offered the possibility to get support through various channels. In addition, the researchers came up with five types: The famous Cerber with next variants Cryptomix, Jigsaw, Shade and Torrent Locker.

There was lacking only one victim. That was quickly found with the fictional character ‘Christine’, a forty-year woman with a job and children, without any knowledge of ransomware. Christine would then also allow encrypt files fictitious her through the different types of malware and venturing into the ‘customer journey’ of a ransomware victim. When assessing a distinction was made between the product, i.e., the interface of the malware, and the provision of services in the form of support.

f-secure ransomware product The big losers in the category “product” are Jigsaw and Torrent Locker, followed on the heels by Shade and Cryptomix. They scored no higher than three or four of nine possible points. So Jigsaw gave a neon green text above a pair of bare breasts and a timer. The Torre Locker interface appeared stolen nephew Crypto Locker, so it could not earn a lot of points. The web pages also proved only to be available in Dutch, something the researchers have no explanation. Other variants include, for example only a few HTML pages, where there is no honor to be gained.

The clear “winner” in the area of ​​interface with 8.5 points Cerber. This malware has a professional appearance and supports a dozen languages. In addition, a victim can free decrypt a single file as a form of trial. Also this ransomware offers clear explanations in the form of a text file on the desktop. The rogue software claims, moreover, “designed to be to provide education in the field of information and serve as a useful certification for antivirus software. It concludes with the message: “Together we make the Internet a better and safer place.”

f-secure ransomware service There also appeared to be a kind of inverse relationship between the quality of interface and service. So Jigsaw scored nine of eleven points as possible in terms of service, despite the lousy interface. Also Cryptomix and Shade score it higher than Cerber that received only six points. Torrent Locker scored only one point, because whole no answer was given to a completed support form.

The representative of Cerber appeared to want to offer a discount on the requested sum of $ 530. The highest discount offered by Cryptomix sacks in 1900 to $ 635. Jigsaw and Shade also offered to 30 percent “discount”. In all cases only payment accepted via bitcoin, other options were excluded. Often support staff responded within minutes to emails and did this several times a day. From this result, the researchers from this that reputation is an important factor in the world of ransomware, without trust would victim does not pay.

At the end of the study included an extensive interview with a log Jigsaw’medewerker. This is extremely helpful in giving explanations about payment via bitcoin and obtain it. The conversation extends over several days. The researchers did not ultimately paid for decrypting files. Some victims is sometimes, however, have to pay anything else than the ransom, even if this means these practices alive. Therefore it is important to perform backups regularly install updates and suspicious emails very critical to handle.

f-secure ransomware interface The interface of Jigsaw and Torrent Locker

Viewing:-71

In: Technology & Gadgets Asked By: [15187 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »