Ransomware Attackers Presently Negotiating for Making Deal with Victims

According to a security investigator working with Check Point the security company, ransomware attackers are presently allowing victims to interact with them so some kind of beneficiary deal may be attained, reported v3.co.uk dated June 4, 2015.

Anti-bot assessor with Check Point namely Natalia Kolesova managed towards establishing communication with a Russia-based hacker, who leveraged the Troldesh ransomware also called Shade alternatively Encoder.858, via an e-mail id. Techweekeurope.co.uk reported this, June 4, 2015.

To work, when Troldesh infiltrates a system through a junk e-mail, the malware supplies one e-mail id to which the end-user must write while it'd encrypt all data-files of that end-user followed with asking him to pay heavily to get the decryption key.

Actually it's extremely rare to find a hacker directly communicating with his victim since normally hackers conceal their identity from their victims. However, Troldesh's owner supplies the e-mail id so he can instruct his choice-of-payment method.

Kolesova blogs that she wanted to know something extra regarding ransomware scams so she began communicating with such attackers. After many minutes passed by, she got a reply which had the future instructions, she tells.

At first Kolesova was demanded EUR250 (approximately 15,700 Rubles, alternatively USD278) for decrypting her files. For triggering the process, the ransomware owners said they would decrypt just a single file she should select, for proving the bargain was level-played. But Kolesova said she should be given some extra assurances since she earned only EUR250/month from her job within Russia. Surprisingly she was replied back with an offer of 15 percent rebate.

After spending some idle time-period, she replied with a plea to allow a costless decryption of her files. Now the answer surprised her still more as the attackers said they'd forgo the utility if she paid merely 7,000 Rubles, meaning approximately EUR111 (else USD123) which isn't even half of what they initially demanded.

Hence, besides maintaining a data back-up, the Troldesh infection can still be eliminated with system folders decoded devoid of fulfilling ransom payments via just using trustworthy anti-virus software for an entire system scan that would spot the contaminant as also eradicate it.

» SPAMfighter News - 6/16/2015