Skip to content

Trending tags

Why These Online Criminals Actually Care About Your Convenience

Melissa Michael

18.07.16 2 min. read


Evaluating the Customer Journey of Crypto-Ransomware


Get an inside view of ransomware in our new report:

Evaluating the Customer Journey of Crypto-Ransomware



Customer service is not normally something associated with the perpetrators of crime. But crypto-ransomware, the digital demon that has been crippling businesses and plaguing consumers, is different.

Crypto-ransomware criminals’ business model is, of course, encrypting your files and then making you pay to have them decrypted so you can access them again. To help victims understand what has happened and then navigate the unfamliar process of paying in Bitcoin, some families offer a “customer journey” that could rival that of a legitimate small business. Websites that support several languages. Helpful FAQs. Convenient customer support forms so the victim can ask questions. And responsive customer service agents that quickly get back with replies.

We think this is a pretty interesting paradox. Criminal nastiness, but on the other hand willingness to help “for your convenience,” as one family put it. We decided to dig a little deeper.

We evaluated the customer journeys of five current ransomware families (Cerber, Cryptomix, TorrentLocker, Shade, and a Jigsaw variant), and got an inside look we’re sharing in a new report, Evaluating the Customer Journey of Crypto-Ransomware. From the first ransom message to communicating with the criminals via their support channels, we wanted to see just how these criminals are doing with their customer journey – and whose is the best (or rather, least loathsome).

Among our findings:

  • The families with the most professional user interfaces don’t necessarily have the best customer service.
  • Criminals are usually willing to negotiate the price. Three out of four variants we contacted were willing to negotiate, averaging a 29% discount from the original ransom fee.
  • Ransomware deadlines are not necessarily “set in stone.” All the groups we contacted granted extensions on the deadlines.
  • One of the groups claimed to be hired by a corporation to hack another corporation – a kid playing a prank, or a sinister new threat actor?


Here’s an example of our “victim” (a fake persona invented named Christine Walters) negotiating with the crooks via email.

ransomware negotiation

And the “ransomware agents” behind the malware – what about them? As this infographic explains, they don’t need to be whiz programmers these days. Here are 5 of their secrets for “success,” plus 5 ways you can protect yourself:


5 Habits of Successful Ransomware Cybercriminals


5 Habits of Successful Ransomware Cybercriminals






Melissa Michael

18.07.16 2 min. read


Highlighted article

Related posts


Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.