Russian hacker drives hard bargain with Troldash scam By Dave Lee

Technology reporter, BBC News Published duration 3 June 2015

image copyright Thinkstock image caption The Russian hacker did not get what he or she was hoping for from the scam

A security software firm has warned about a new strain of "ransomware" - while finding that even Russian hackers can be haggled down.

Ransomware is software which locks you out of your files until a fee is paid to the criminals behind the attack.

Checkpoint researcher Natalia Kolesova detailed information about Troldash, a newly-discovered strain.

Once it infects a machine, Troldash provides an email address with which to contact the attackers.

"While the most ransom-trojan attackers try to hide themselves and avoid any direct contact," Ms Kolesova explained, "Troldesh's creators provide their victims with an e-mail address. The attackers use this email correspondence to demand a ransom and dictate a payment method."

Troldash was distributed via a spam email - and once downloaded, immediately set to work encrypting files before placing a text file of ransom instructions on the target's computer.

Posing as a victim named Olga, the researcher contacted the scam artist, and received a reply with instructions to pay 250 euros to get the files back.

image copyright Checkpoint

Suspecting the reply was automated, Ms Kolesova pressed for a more human response, asking more details about how to transfer the money, and pleading with the hacker to not make them pay.

image copyright Checkpoint

Responding in Russian, the scammer offered to accept 12,000 roubles, a discount of around 15%. After Ms Kolesova pleaded further, the email response read: "The best I can do is bargain."

image copyright checkpoint

Eventually the unknown man or woman was talked into accepting 7,000 roubles - 50% less than the first demand.

"Perhaps if I had continued bargaining, I could have gotten an even bigger discount," Ms Kolesova concluded.

Ransomware is a particularly vicious problem for many victims around the world. One strain, Cryptolocker, was said to have infected more than 250,000 computers worldwide.

The company did not pay the ransom - and recommended that up-to-date security software designed to protect against ransomware and other attacks was a better approach.