Accepting that your computer is infected with ransomware is hard.
Figuring out Bitcoin in order to pay the ransom? Even harder.
As more than 200,000 systems around the world were hit with the ransomware WannaCry, businesses, hospitals, and regular people were all presented with a troubling choice: Pay approximately $300 worth of Bitcoin to unknown attackers or lose access to their data forever.
But what happens when the victims don’t understand how to pay? Could the biggest thing holding ransomware hackers back be not updated computer systems but Bitcoin ignorance?
An unusual IT department
Cryptocurrency is confusing, and the typical computer owner would be hard pressed to explain what Bitcoin is let alone how to acquire it then make a payment with it. And so more and more, those behind ransomware are realizing that they’re going to have to help their victims figure things out if they ever expect to get paid.
Enter the ransomware hackers’ equivalent of customer support. After their software encrypts your computer, rendering your files inaccessible, some hackers have taken to providing step-by-step instructions to clear things up.
Take, for example, WannaCry. Once a computer is infected, the attack displays a page telling victims what happened to their system, how to recover their files, and the easiest way to pay the ransom (Bitcoin, naturally).
Here’s what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS
— Rory Cellan-Jones (@ruskin147) May 12, 2017
As UNC Associate Professor and technology-focused sociologist Zeynep Tufekci noted, WannaCry’s step-by-step instructions to victims rival the help pages of some major tech companies.
This &@!@ thing has better, clearer explanations and guidance than the "security" help pages of tech companies with billions in market cap. https://t.co/TNK6hjYEG7
— Zeynep Tufekci (@zeynep) May 12, 2017
WannaCry is not the first ransomware to offer "help" to its victims. The FBI noted back in 2016 that a staple of ransomware is that it "[includes] instructions on how to pay the ransom." Which, of course, makes sense. Why demand a ransom and not tell the victim how to pay?
However, it’s the length to which some ransomware hackers go to assist their victims that is really turning heads. In one such case, as Reuters previously reported, attackers actually had call centers to walk victims through the payment process.
That’s right. Call centers. Like we said, cryptocurrency is confusing.
Importantly, just because a victim follows the proscribed steps doesn’t mean he or she is going to get their files decrypted. The perpetrators behind WannaCry have been particularly bad at responding to payments with decryption keys.
A lot of reports that people have paid the ransom and not gotten decryption keys. The system looks manual which is impossible to scale.
— MalwareTech (@MalwareTechBlog) May 15, 2017
The fact remains, however, that ransomware hackers have in some cases been known to actually provide decryption keys once a victim has paid. This knowledge is often enough of a glimmer of hope for victims desperate to regain access to their data.
With a 2016 IBM report finding that ransomware shot up 300 percent over the preceding year, it’s clear that this type attack is here to stay. And as more and more people are faced with deciding whether or not to pay up, the hackers will be there — ready and waiting to patiently explain Bitcoin.