Cryptolocker Revisited

customer_extortionAs an update to my October 29 comments on the Cryptolocker hold-your-files-for-ransom malware, you may have a hard time believing this next phase in the evolution of extortion: They now have a customer service and support site for those that wanted to pay the ransom but had technical issues, and couldn’t figure out how to do it!

The Cryptolocker Decryption Service—I did not make this up! It is not April Fools’s Day yet!—permits victims to view their “order status” (the ransom payment) and complete the transaction. If someone makes the payment, but the decryption code fails, they can get quality customer service from these thieves.

Also, in the past, if a user failed to pay up within 72 hours, the key was destroyed resulting in their files being lost forever. Our good-hearted criminals realized, however, that they were leaving money on the table, so will now allow latecomers to buy a key. In this case, the fee jumps from $300 to $4,000!

It also turns out that victims wishing to pay the ransom, who had already removed the malware, would need to reinstall the malware for the decryption key to work. The customer service site can provide a key that works without the annoyance of having to re-infect and then disinfect your machine again.

Customer service is incredibly important to us here at Phone.com, and I must admit that the ingenuity combined with the complete absence of ethics demonstrated by those at Cryptolocker has astounded me—and it takes a lot for that to happen!