A Russian company that claims to specialize in decrypting ransomware is actually just secretly brokering deals with the malware distributors and charging victims for this middle-man service, researchers say.
The so-called IT consulting firm, known as Dr. Shifro, advertises that it can fix systems affected by such malicious encryptors as Cryakl, Scarab, Bomber, and Dharma/Crisis. But in reality, the company simply asks the ransomware's creators to hand over a decryption key for a discounted price, according to Bleeping Computer, citing findings from Check Point Software Technologies.
During its investigation, Check Point observed Dr. Shifro allegedly charging a minimum of $1,000 for its imaginary IT services, plus the cost of paying for the decryptor. Check Point estimates that Dr. Shifro has earned at least $300,000 in revenue from this operation since it began in 2015.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.