Jump to content
Aerosol

Russian hacker drives hard bargain with Troldash scam

Recommended Posts

_83407556_thinkstockphotos-509686353.jpg

A security software firm has warned about a new strain of "ransomware" - while finding that even Russian hackers can be haggled down.

Ransomware is software which locks you out of your files until a fee is paid to the criminals behind the attack.

Checkpoint researcher Natalia Kolesova detailed information about Troldash, a newly-discovered strain.

Once it infects a machine, Troldash provides an email address with which to contact the attackers.

"While the most ransom-trojan attackers try to hide themselves and avoid any direct contact," Ms Kolesova explained, "Troldesh's creators provide their victims with an e-mail address. The attackers use this email correspondence to demand a ransom and dictate a payment method."

Troldash was distributed via a spam email - and once downloaded, immediately set to work encrypting files before placing a text file of ransom instructions on the target's computer.

Posing as a victim named Olga, the researcher contacted the scam artist, and received a reply with instructions to pay 250 euros to get the files back.

_83402641_a2740dea-5fdb-4292-99ff-1238dc193e22.jpg

Suspecting the reply was automated, Ms Kolesova pressed for a more human response, asking more details about how to transfer the money, and pleading with the hacker to not make them pay.

_83402643_7f5e1902-5a4a-48de-8951-f6f11f02426f.jpg

Responding in Russian, the scammer offered to accept 12,000 roubles, a discount of around 15%. After Ms Kolesova pleaded further, the email response read: "The best I can do is bargain."

_83402645_acb7584f-b5ea-4200-b237-02e263ef7334.jpg

Eventually the unknown man or woman was talked into accepting 7,000 roubles - 50% less than the first demand.

"Perhaps if I had continued bargaining, I could have gotten an even bigger discount," Ms Kolesova concluded.

Ransomware is a particularly vicious problem for many victims around the world. One strain, Cryptolocker, was said to have infected more than 250,000 computers worldwide.

Another variant locked users out of their favourite games unless they paid a fee.

The company did not pay the ransom - and recommended that up-to-date security software designed to protect against ransomware and other attacks was a better approach.

Source

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...