Researchers at Check Point discovered a new Russian ransomware strain that allows the victim to communicate with the cybercriminals who are open to providing discounts to decrypt the files that were taken hostage.
The strain is called Troldesh and uses phishing attacks to infect workstations and encrypt all files. A new wrinkle is that it also encrypts the file names as well as the file data. It's remarkable that the Troldesh malware asks the victim to contact the ransomware maker via email to decrypt the files.
Natalia Kolesova, a malware researcher at Check Point decided to try this out, and send them an email. Within a few minutes the received an answer with instructions how to pay. To get her files decrypted, she needed to send one encrypted file and 250 Euro.
Next, she asked for a discount, and got approved for a 15% discount. Ultimately, after continued negotiating, she was able to get a 50% discount, where at that point the ransomware maker commented that they could not give the decryption away for free. She remarked that if she had continued the negotiations it might even have been cheaper.
Next thing you know is ransomware coupons.... :-D
The best way to prevent ransomware infections is not to open infected email attachments, which is easy to achieve with effective security awareness training. Find out how affordable this is for your organization.
