Negotiating with a Ransomware operator

In a recent post from Sonicwall, one security expert describes how he negotiated with Ransomware operator.

The SonicWall Capture Labs Threat Research Team has conducted an experimental dialog with a ransomware operator using the PayDay ransomware trojan. PayDay, is a recent variant of the BTCWare ransomware trojan and has been in the wild for a few weeks. PayDay follows the current ransomware operator trend of using email to communicate with their victims in order to demand payment for file decryption. Payment has increased to an astronomical 0.5 Bitcoins (roughly $8000 USD at today’s prices). In this case however, the price could be negotiated lower.

Further in the story the scammer got scammed-

The operator begins to show signs of impatience and offers additional help in my request to (obviously not) pay him via PayPal:

We make a brash attempt to obtain an IP address associated with the operator by causing him to visit a webserver under our control:

Moments later access logs reveal a visit from an IP address located in the Czech Republic. After perhaps realizing his mistake, there were subsequent visits from IP addresses located in multiple countries around the world.

Read the full story here


Our Services

Managed IT Support

Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.

Same Day On-Site Support

Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.

Security and Data Protection

Custom designed security and data backup systems protect your business from emerging threats and gives you peace of mind.

Hardware and Software

We supply, install and maintain hardware and software from all major vendors including Hewlett-Packard, Microsoft, IBM, Intel and Dell all with our 30 day reconfiguration guarantee.