Company's ransomware decryption service is a sham, researchers report

News by Bradley Barth

A Russian company that claims to specialise in decrypting ransomware is actually just secretly brokering deals with the malware distributors and charging victims for this middle-man service, researchers say.

A Russian company that claims to specialise in decrypting ransomware is actually just secretly brokering deals with the malware distributors and charging victims for this middle-man service, researchers say.

The so-called IT consulting firm, known as Dr. Shifro, advertises that it can fix systems affected by such malicious encryptors as Cryakl, Scarab, Bomber, and Dharma/Crisis. But in reality, the company simply asks the ransomware’s creators to hand over a decryption key for a discounted price, according to Bleeping Computer, citing findings from Check Point Software Technologies.

During its investigation, Check Point observed Dr. Shifro allegedly charging a minimum of US$ 1,000 (£788) for its imaginary IT services, plus the cost of paying for the decryptor. Check Point estimates that Dr. Shifro has earned at least US$ 300,000 (£236,539) in revenue from this operation since it began in 2015.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews