You are using an older browser version. Please use a supported version for the best MSN experience.

Customer service matters when it comes to ransomware

Engadget logo Engadget 9/09/2016 Violet Blue
Ransomware concept with hand wearing black © Provided by Engadget Ransomware concept with hand wearing black

This week we're finding out that Cerber is 2016's biggest name in ransomware.

Cerber didn't get to the top just by being good at infecting computers, locking up people's files, and blackmailing its victims for Bitcoin. The plucky ransomware is on the fast track to fame and fortune thanks to a hard-won reputation for top-notch customer service that wows its victims at every turn. At least, that was the conclusion in security company F-Secure's summer report, Evaluating the Customer Journey of Crypto-Ransomware.

Cerber is infecting people through infected Word documents and malvertising, among other attack vectors. Unwitting victims are downloading it via ads that appear in popup windows, so make sure your ad- and popup-blockers are up to date. In August, Cerber was launching eight new campaigns every day, and successfully infected 150,000 users worldwide in that month alone.

Sounds pretty lucrative, right? Well, if you think raking in the dough as a ransomware writer sounds like the life for you, "being a people person" probably isn't the skill you plan to develop. But, if you're going to succeed in the hectic business of ransomware, great customer service skills are a must to avoid lost revenue and disappointed victims.

F-Secure was so intrigued by this phenomenon, that it decided "to see which crypto-ransomware family offers the best (or, more appropriately, least worst) customer journey from start to finish." To find out who "wowed" their victims and which crypto-blackmailers were just embarrasing customer service train-wrecks, the researchers set up their own secret shopper experiment.

Ransomware spreads like wildfire from offices to homes, usually arriving in email attachments (or over infected networks) to aggressively encrypt all your files (including drives, Dropbox files, and all locally connected, network-attached, or cloud-based storage) while an ominous onscreen timer demands payment within 72 hours.

Mess with the files or decline to pay and forget about ever opening them again.

This would be a golden ticket for ransomware gangs if everyone paid up -- not everyone does. Security company Bitdefender found in its recent white paper "Ransomware, a Victim's Perspective" that only 50% of its victims pay up. Plus, because the malicious software typically goes after people who aren't tech-savvy, the extortioners need to establish communication and trust in order to collect payment in the end.

Image credit: Getty Images/iStockphoto

Enter ransomware's bizarre legacy for customer support. Out of necessity, many different exploit kits (or flavors of ransomware) and the authors behind them have turned their focus to improving the customer experience.

In 2013, ransomware strain CryptoLocker became famous for both its 'bastard and fiendish' pervasiveness, and its superb, patient, and attentive customer support. The malware's authors frequently appeared on forums to help their victims work through technical issues. They'd also help them out with things like troubleshooting MoneyPak transaction codes. A year later, a strain called OphionLocker was noted for identifying each new infected computer so that the extortionists could avoid ransoming the same victim twice.

F-Secure found this intersection of malicious criminal activity and helpful customer service so intriguing, they created "Christine" to evaluate ransomware user support and service quality, including things like 'hand-holding' and try-before-you-buy options.

Christine wasn't a real person, but boy did she get owned by ransomware. "Christine Walters is married, in her 40's, with a full time job and children," the study said. "She's not into tech and knows next to nothing about ransomware, Bitcoin, or security issues in general. She's inquisitive though, and now that she's encountered ransomware for the first time she wants to know more about it."

Under the cover of F-Secure's study, our sympathetic and extremely unlucky heroine Christine got her computers infected by five different ransomware groups. "We then attempted to contact, as Christine, the gangs behind each of the malware samples using their support channels, the report said. What's more, "a non-technically oriented person carried out the actual interactions."

Christine made a lot of interesting discoveries in her customer journey. In 100% of the ransomware predicaments she found herself in, the deadline to pay for file decryption could be extended. And the gangs were willing to negotiate the price: "Three out of four variants were willing to negotiate, averaging a 29 percent discount from the original ransom fee."

In the end, the hands-down winner for outstanding customer experience was Cerber. The ransomware ranked high in every category. F-Secure rated it highly for professionalism, noting that its web pages were clean and organized.

According to Christine's experience with Cerber, its convenient support form got quick responses to her queries -- "always the same day and sometimes within minutes." Direct engagement being key to every forward-facing product's success, it's no wonder Cerber is coming out on top.

Critiques included the design of its ransom screen which needs improvement, and they fell slightly short with Christine's handholding needs. At least in comparison to the Jigsaw ransomware support agent, who told Christine at the end of their conversations that they were glad her files were safe and advised her to get a good antivirus.

Erka Koivunen, Cyber Security Advisor for F-Secure nailed it when she concluded, "The customer care that the criminals provide appears to be effective and something that many legal web shops and more traditional businesses could take lessons from."

More from Engadget

image beaconimage beaconimage beacon