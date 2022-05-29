Five years ago, when the rise of ransomware attacks began, researchers from Google and the universities of New York and San Diego decided to follow the trail of ransom money paid by some of the affected companies.

The objective of their study was to take a look at the ecosystem created around this form of cybercrime. The result was shocking: they discovered that the groups of crackers that had been using malware like Locky and Cerber in their attacks had started to take note of the operation of the big technology companies.

And among the changes introduced stood out the treatment of its victims as ‘clients’, for which it even provided itself with personal attention to the ditto, to provide support in case of problems with the start-up of your ‘product’. Of course, the operation of this kind of ‘technical support’, when necessary, is something that tends to remain far from public knowledge…

…until now, because a few days ago, Felipe Cañizares, CEO of the network administration company DMNTR Network Solutions, used his corporate account to show step by step how a Spanish client had to resort to this kind of service.

I wish all customer support services were like this

The thread you posted it on (with great repercussion) is titled “ransomware, a ransom paid, and the most effective technical support you’ll see in years” and is the story of a client of a cybersecurity professional who contacted him after suffering an attack ransomware and that, faced with the prospect of lack backups less than 10 years oldhad decided to pay the ‘ransom’ of his hard drive.

Up to this point, nothing—unfortunately—was out of the ordinary. Until something goes wrong: after paying the mentioned ransom, receiving two files (the virus remover and the decryptor) and following the indicated steps, the professional in question discovers that after the PC restarts, the data is re-encrypted.



This is where Cañizares decides to give his friend some advice, half joking and half serious:

“Use the technical assistance of the [autores] from the ransom[ware]it’s no joke, write to the artists who have been paid and tell them what happens to you to see if they give you a solution, sometimes years ago I had to do it too “.





Given the lack of options, his friend decides to listen to him, and… the crackers respond with a Telegram link. And there they ask you for access through Anydesk to fix the problem! Later (with a two-hour break due to connection problems) they also ask for access to the mouse and keyboard.

after 6 hours remotely connected to the computer, the problem persists, and the ‘technician’ decides to transfer the support task ‘to the boss’. Several hours (and reboots) later, They seem to find the key to the matter, never better said: there were files that responded to the aforementioned decryption key, and others linked to a second key.

Finally, after 14 hours and 58 minutes, they close the connection via Anydesk… having managed to recover all the files. ‘Issue closed’. In the words of the friend of the author of the thread, “they provide better service than many companies.”