Hackers Are Now Providing Customer Service Support to Help Victims Pay Ransoms

It's a good time to be in the ransomware game, a type of malware scam that basically kidnaps your data and then sells it back to you. The cyber-criminals behind these extortion schemes often demand ransom payments be made via the hard-to-trace bitcoin protocol, and are now cashing in on the virtual currency’s booming value—the price soared past $400 today.

Thing is, most people don't own any bitcoins, or have any idea how to go about getting them, and maybe haven't even heard of them. That makes it hard for victims to pay, which doesn’t do the cyber-criminals any good.

That’s why, in a rather smug move, the hackers behind CryptoLocker recently launched a customer service feature to help victims through the payment process. That's per Brian Krebs, who spoke with Lawrence Abrams of Bleeping Computer, a help forum that has been closely following the CryptoLocker mayhem.

You've probably heard of CryptoLocker. The virus has been wreaking havoc on internet users over the last month, earning it the distinction of being the nastiest ransomware ever. It works by sending you a spamming email enticing you to click and download a file. If you do, it installs malware on your computer that crawls through all your private files—music, photos, movies, documents—encrypts them, and charges you for the key to break the code.

A alert pops up warning you to pay up within 72 hours or lose your data forever, replete with a somewhat melodramatic countdown clock. The price is 2 BTC and shoots up to 10 BTC if you miss the deadline. Given today’s market, that can set victims back upwards of $4,000.

That is, if users can figure out how to pay it. The trouble with the cybercriminals' otherwise clever extortion scheme is that many of their victims couldn't figure out how to make the payment. And so the CryptoLocker Decryption Service was launched to make it easier. It guides you through the transaction (read: ransom payment), and gives you an "order number" for the private key that you can search for and track the status of like a UPS package.

Funny as the idea of criminals providing customer service is, I can't imagine that CryptoLocker's support feature is doing much to help the scammers' problem. For starters, the site is only accessible through the anonymous Tor network, so users have to download the Tor browser to access it.

Assuming the malware's target victims has a relatively low level of tech-savvy—they're all PC users who actually downloaded a file sent through a spam email—this is hurdle in itself. Then to make matters even more bizarre, the only way to unlock the encrypted data is through the original virus, so users who had deleted it from their machine have to reinstall the malware.

Security experts advise victims of online scams to never pay the money—it only funds and perpetuates the criminal behavior. In CryptoLocker's case, they suggest that people to wait and hope the authorities catch the culprits, seize the website, and deliver the encryption keys to all its victims. Nevertheless, Symantec estimated that around 3 percent of users who fell for the ransomware scam did choose to—and manage to—hand over the money. They must have something juicy in those files.