Jump to content
Sign in to follow this  

Russian hacker drives hard bargain with Troldash scam

Recommended Posts


A security software firm has warned about a new strain of "ransomware" - while finding that even Russian hackers can be haggled down.

Ransomware is software which locks you out of your files until a fee is paid to the criminals behind the attack.

Checkpoint researcher Natalia Kolesova detailed information about Troldash, a newly-discovered strain.

Once it infects a machine, Troldash provides an email address with which to contact the attackers.

"While the most ransom-trojan attackers try to hide themselves and avoid any direct contact," Ms Kolesova explained, "Troldesh's creators provide their victims with an e-mail address. The attackers use this email correspondence to demand a ransom and dictate a payment method."

Troldash was distributed via a spam email - and once downloaded, immediately set to work encrypting files before placing a text file of ransom instructions on the target's computer.

Posing as a victim named Olga, the researcher contacted the scam artist, and received a reply with instructions to pay 250 euros to get the files back.


Suspecting the reply was automated, Ms Kolesova pressed for a more human response, asking more details about how to transfer the money, and pleading with the hacker to not make them pay.


Responding in Russian, the scammer offered to accept 12,000 roubles, a discount of around 15%. After Ms Kolesova pleaded further, the email response read: "The best I can do is bargain."


Eventually the unknown man or woman was talked into accepting 7,000 roubles - 50% less than the first demand.

"Perhaps if I had continued bargaining, I could have gotten an even bigger discount," Ms Kolesova concluded.

Ransomware is a particularly vicious problem for many victims around the world. One strain, Cryptolocker, was said to have infected more than 250,000 computers worldwide.

Another variant locked users out of their favourite games unless they paid a fee.

The company did not pay the ransom - and recommended that up-to-date security software designed to protect against ransomware and other attacks was a better approach.


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...