Ransom with a flair for Customer Experience


Share on LinkedIn

Good experience means more money. Even for criminals.

WannaCrypt0r 2.0

The latest global cyber attack has already sparked hundreds of debates on topics from IT security to healthcare spending. Needless to say, we at Chattermill thought about what this says about Customer Experience. After checking our own computers are safe that is.

Attackers have hijacked thousands of computers with vulnerable versions of the Windows operating system. The Trojan virus spread quickly through phishing emails that tricked users into downloading an infected file. Once a computer is infected all personal files on the computer’s hard drive are encrypted and a modestly polite ransom note (image above) is displayed to the user.

This is old school ransom with a user interface – Ransom 2.0. It is not using the letters cut out of the newspapers and fortunately nobody is kidnapped but this kind of crime causes huge damage.

Old World Ransom Note

But what was fascinating about this 21st century ransom note is how the criminals have obviously learned from some of the best practices in modern software. Let’s break it down:

    Clear messaging: the note obviously skims over the fact that it is a crime, does not mention the word “ransom” but other than that it is clearly written with concise instructions and answers to common questions for and by real humans.

    Multiple languages: given that the attack targets some of the least sophisticated PC users, having it available in the native language is a nice touch.

    Free Trial: Apparently, you can decrypt some of your files for free. “Try now by clicking Decrypt”. Admittedly we have not tested this feature and don’t really want to have to do so…

    Contact Us link: I could not find how this works, potentially the attackers use some form of encrypted chat or email. Still, I can’t count how many times I’ve been on a website of an actual big company where contact information was conspicuously hidden.

    Helpful UI: Explanation links, color-coded timer, button to copy the bitcoin address etc. There isn’t much functionality, but what’s there is as easy as possible even if the design is not great.

Bitcoin is far from user-friendly in its current iteration and I doubt most people who were affected by the attack would be savvy enough to be able to work it out in only 3 days. Still, it’s a huge improvement (from a Customer Experience point of view) compared to having to drive to a remote location and leaving a bag of money, in small denominations.

Why are criminals, particularly ones as so inconsiderate they would attack the NHS and potentially endanger human lives care about their victims’ comfort? Obviously not because of their warm and fuzzy feelings or because they want a nice review. It is because they know, good customer experience means more money. Even in their twisted business.

Jack Miller
I work with organisations to visualise and design their customer journeys to ensure that they are both comprehensive and accurate. By applying a combination of cross sector best practice and an understanding of each business's unique relationship with their customer base, I focus on identifying what elements need to be put in place to take each organisation from their current level of customer understanding to a best in class understanding of all customers.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here