The internet is constantly evolving and the same is true with how ransomware makers operate. At present, cybercriminals thrive not only by producing malicious software, but also by making it seem as though they are legit businesses with customer service staff. 

Ransomware operators are starting to make their business “mainstream” by working like typical corporations complete with customer service departments and outsourced resources, CNET reported Wednesday citing what researchers presented at Black Hat 2017. Cited examples of this type of operators are those from Locky and Cerber, who apparently managed to make $25 million last year. 

This new structure has led criminals and ransomware attackers into believing that their victims are not merely casualties but customers of their trade. In so doing, their customer support staff are there to deal with their clients and to ultimately generate sales. Such business structure has compelled Google researchers to recognize the evolving ecosystem of ransomware and its professional side despite the fact that the operators’ activities are questionable under the law. 

ALSO READ: Ransomware victims have reportedly paid more than $25 million since 2014

“It’s become a well-oiled machine,” Google’s anti-abuse research team leader Elie Burzstein said. “It operates like a real company, that shows how mainstream it’s become and how much it’s here to stay.”Burzstein further stated that such development in the ransomware scene has turned the illicit activity into organized crime. 

Just how organized have ransomware operations become? Well, victims nowadays are being assisted by customer service reps when they are deciding on purchasing cryptocurrency, such as bitcoin, to settle the problem by paying the ransom to decrypt their files. Ransomeware customer service staff even offer victims immunity packages so that they won’t have trouble with the same type of malicious software ever again. Operators also go as far as hiring graphic designers to make their websites and malware more pleasing to their so-called “customers.”

What’s worse is ransomware makers have now allowed cybercriminals to rent out their resources. In return, the latter would get a cut for every victim that gets affected by the malware. “Ransomware as a service has become a dominant model,” Burzstein stated. “All you have to do is infect people, and then you get a cut.”

ALSO READ: How businesses can prepare against Petya ransomware, similar attacks 

The idea that ransomware operators have established customer service departments isn’t something new at all. In January of last year, Business Insider learned about hackers specializing on ransomware to have started offering customer support and additional services to their victims. The scheme was made to successfully extort more money from random people, especially from those who do not have the know-how in this field. 

“When you think about the people that ransomware’s targeting … they’re going after relatively unsavvy users who are using [outdated browsers],”Cisco’s Talos research group security outreach manager Craig Williams said at the time. Williams also noted back then that ransomware makers have come up with a way to easily lure more people into their trap using instructions that “are written in such a way that [the attackers] are able to get money from [their victims].”

For many years now, law enforcement agencies and security firms have advised victims to not pay the ransom or give in to the demands of the ransomware operators. With the more sophisticated structure of ransomware firms though, it’s not surprising hat more and more people end up paying the ransom just to retrieve their files. In effect, the illegal activity has become lucrative. 

ALSO READ: Android ransomware threatens to dox victims with stolen information, conversations 

“It’s profitable, and that’s really causing the increase in numbers,” Symantec Security Response director Kevin Haley told Digital Trends in April 2016. “More and more gangs are getting into it and they make more money and continue to try and expand and grow their business by attacking more and more people.”

Ransomware Here is a screenshot of a WannaCry ransomware demand provided by cyber security firm Symantec. Photo: Reuters/Handout