Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers?
What's not to love?
Finnish security vendor F-Secure yesterday released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. The back-and-forth not only put a spotlight on the gang's customer support chops, but, said a company security advisor, illustrated the intertwining of Bitcoin and extortion malware.
"We should be thankful that there are at least some practical barriers to purchase Bitcoins," wrote Sean Sullivan of F-Secure in a Wednesday post to the firm's blog. "If it were any easier to do so, very little else would check the growth of crypto-ransomware's business model."
Sullivan originally penned that conclusion last month, in a short section of the "State of Cyber Security" report that F-Secure published then. Yesterday, F-Secure posted the transcripts, 20,000 words or more, and dubbed the collection a "new supplemental appendix" to the original report.
"[A] fascinating read," Sullivan said.
He wasn't kidding.
In one exchange, a Spora victim said he or she had paid the extortion fee, but had gotten nothing in return. "I already sent you 98USD worth of bitcoin," the victim reported.
In response, the "customer support rep" blamed the victim for entering an incorrect Bitcoin destination address. "But do you agree, that it is you mistake, that you entered incorrect address?" asked the Spora rep.
"I literally copied the address that was given at the refill page. How could I be mistaken?" the victim replied.
In one of many similar threads -- the transcripts identified each victim by the first character of the ID created by the ransomware -- someone pleaded for mercy.
"Hello crooks. I agree to pay," said "0" in a lead-off message. "But 570 dollars for a lot of photos of my grandmother. Can I expect a discount if I leave good feedback on the forum about you?"
No go. "We do not provide any discount. Also, we cannot be sure, that you have only photos," retorted "support."
At times, the messages were pitiful. "Hello, I am 82 and my family pikture [sic] go away -- bad, very bad," reported another victim identified as "0."
"Is anyone there?" asked another during a stretch when Spora's support didn't respond to scores of messages, apparently borrowing another tactic from legitimate technical support desks.
Others played the anger card, the profanity card, the sympathy card. "Am I the one you should hack? No. I am just a salary man who tries to make ends meet and bring foods to his kids," said "E," who also identified himself as "Mustapha from Morocco."
Sign up for CIO Asia eNewsletters.