Why ransomware? Let’s ask the bad guys

why ransomwareI am involved with ransomware because it is ‘fast, easy, and safe”. This was the feedback we got when we asked the bad guys about the motivations for being involved with this emerging criminal enterprise.

To be honest, this is not something that should come as a surprise. Many are involved with cybercrime because they feel that they are safe from arrest. It is also one of the few crimes that offer a helpdesk! Indeed within the majority of ransomware demands victims are given the option of communicating with those behind such malicious campaigns.

why ransomware

One of the questions we often ask is what do they criminals plan to do with the money they make? So let’s ask them!

The disguise

We figured that asking as malware researchers probably wouldn’t garner much of a response, so we spent a week eating pizza and playing video games to get into the character as students. Okay, that is very tongue in cheek and of course is a cheap stereotype.

What was the first interesting statistic was that about 1 in 3 of the email addresses were fake/non-existent. Think about that, it infers that almost one third of ransomware could potentially be pseudo since the promised ‘helpdesk’ does not even exist thus reinforcing the advice we give to NOT PAY ransoms.

Ransomware is risk-free

As time wore on we began to get responses from the bad guys. One of the questions we had was the motivation behind a career in ransomware. Of course, the overwhelming response was the financial benefit which is not unsurprising. Perhaps more of interest was that criminals felt it was risk free, indeed the word safe come up in the responses.

Ransomware is profitable

What do you buy the ransomware developer who has it all? Well according to the responses none of the responses were anything other than predictable, travel, cars and even the more mundane response of paying off debts. One of the responses had planned to use the money to buy a house, presumably not with Bitcoin though!

Ransomware price is negotiable

Any payment will do. Almost all of the respondents commented that they were willing to negotiate the price to release data held hostage. Often we consider the bad guys to be ruthless and unwilling to budge, however all were happy to adjust their prices.

The research conducted here was interesting that provided a unique insight into the mentality of those behind ransomware. Many of the respondents had developed their own code and were producing their own variants. Indeed some had an entrepreneurial spirit even trying to convince us into buying his code so we could pay off our college debts. However with one third of communication channels actually being fake you have to question the probability of getting your data back once payment has been made as very hit and miss.

The one thing that is more assured is that the No More Ransom project is available to help victims reclaim their data without funding the lifestyles of the rich and infamous. Remember #DontPay and #NoMoreRansom.

Many thanks to Christiaan Beek (Twitter @ChristiaanBeek) within the McAfee Advanced for the development and publication of this research.