Imagine your company gets hit with a ransomware attack. Critical files become inaccessible, work productivity is lost, sensitive data could be at risk of either being compromised and leaked or even deleted, all while being extorted by a cyber assailant for funds your firm may or may not be able to shell out.
Companies often call in firms that offer “high-tech” ransomware solutions in these situations, but a recent report from Pro Publica found some of these companies simply pay off the attackers.
In one instance, the publication was able to trace four payments sent in 2018 and 2017 from an online wallet belonging to Proven Data Recovery, an American firm that claims to help companies regain access to their computers, to a wallet maintained by Iranians believed to be responsible for spreading SamSam ransomware.
“I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime,” Jonathan Storfer, a former employee with the company told the publication. “So the question is, is every time that we get hit by SamSam, and every time we facilitate a payment — and here’s where it gets really dicey — does that mean we are technically funding terrorism?”
Another company, MonsterCloud, was mentioned in a case of paying attackers after the firm requested $2,500 for an analysis of the problem and costing up to $25,000 to recover from an attack where the ransom was only $7,000 worth of bitcoin.
In addition when the company handling the ransomware attack asked for specifics on how the data would be recovered MonsterCloud was evasive, said Tim Anderson, an IT consultant based in Houston, handling the problem for a client.
“I immediately smelled a rat,” Anderson told ProPublica. “How do I know they’re not taking the $25,000 and paying the ransom guy $7,000 of it? The consumer doesn’t know what’s going on.”