A security researcher at Check Point has warned that ransomware attacks now provide communications between hijacker and victim.
Natalia Kolesova said that a new ransomware scam, which has been dubbed Troldesh, includes the bargaining feature along with other common ransomware threats like the full encryption of a victim's files.
Kolesova tested the feature by pretending to be a victim and corresponding with the attackers, and got an almost immediate response.
"After several minutes I received an answer with my next instructions. The extortionists said to send them one encrypted file to prove they could decrypt it. They demanded €250 to decrypt all of the files," she wrote.
"I decided to accept the hackers' 'generous' offer and send them an encrypted file for decryption. At the same time, I tried to start a conversation with them to see whether I could persuade them to give me the key for free, or at least get a decent discount."
Kolesova said that the exchange was with a real person, and that she was able to negotiate. After refusing to pay the €250 ransom she returned to the discussion and tried to get a discount.
The researcher was initially offered a 15 percent discount, but pleaded poverty and asked for a greater reduction. A lower ransom was offered and a decrypted file was returned.
Kolesova then asked for the free return of the files. This was denied by the attackers, who said that ₽7,000 (about £82) would be the lowest price that she could pay.
"[That] is a minimal cost for you. Decide for yourself. There is no way to get the key for free," they wrote.
More negotiations took place, and eventually the researcher talked her way into a 50 percent discount. She said that with some extra work she might have had a better result.
"By the end of our correspondence, I managed to get a discount of 50 percent," she said. "Perhaps if I had continued bargaining, I could have got an even bigger discount."
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally