It’s ironic that we have to look to the authors of ransomware for examples of some of the leading aspects of software engineering. And while what they are doing is reprehensible and criminal, they ply their trade with improvements in customer service, using the cloud to package their programs, and excel at understanding the psychology of their ultimate victims. With all this effort going towards developing malware, it isn’t that surprising that this category has become very adept at making money. Perhaps legit software vendors can learn from some of these experiences, while hopefully avoiding some of the darker forces. There are also some important lessons from these activities that IT folks can learn to help better defend their networks.
But coding prowess is just one side of the ransomware effort. Another is the ability to exploit human psychology and social engineering. One group researching the underlying operations of Cryptowall found that the ransomware was advertising different pricing at different geographical locations. For instance, for victims in the US, the fee was several hundred dollars higher than the fees for countries like Russia, Mexico and Israel. This demonstrates that the purveyors of malware understand median incomes and will change demands when their victim’s locale calls for it. If the ransom isn’t paid on time, it doubles. This shows prior criminal experience and understanding of how we all think: act now to pay less!
Another part of the underlying Cryptowall infrastructure is how it exploits the Bitcoin payment network, moving money from collector accounts until it’s ultimately out of the network and presumably into the criminal’s own bank for final payment.
Finally, there is the built-in live chat support. Many legit apps and SaaS-based services now come with live operators who will enter into text chats with end users to help them solve any problems and answer questions on how to pay their ransoms. A ransomware sample called Jigsaw now offers this chat “feature” to better collect their ransoms from their victims. “By providing a human voice to go to and by making the process of paying the ransom easier, the purveyors of the new Jigsaw variant appear to be trying to convince users into paying up,” according to Trend Micro researchers that first uncovered the chat routine. Jigsaw also exploits some social engineering of its own, starting off by locking just a few files and then adding more to its encrypted repository if the victim hesitates to pay the ransom.
The malware authors offer “better support than [users] get from their own Internet service providers,” says Angela Sasse, a psychologist and computer scientist at University College London who is quoted in this Nature magazine article. She says that many of the victims of ransomware rave about the customer service and support they got to pay their ransoms.
All of this shows that ransomware is attracting more professional developers, as the funds collected from their malware efforts are also attracting more ill-gotten gains. It’s too bad that all this coding couldn’t be used for good rather than evil.
Read about improving your defenses agains Ransomware and other evasive threats