A Russian company that claims to specialise in decrypting ransomware is actually just secretly brokering deals with the malware distributors and charging victims for this middle-man service, researchers say.
The so-called IT consulting firm, known as Dr. Shifro, advertises that it can fix systems affected by such malicious encryptors as Cryakl, Scarab, Bomber, and Dharma/Crisis. But in reality, the company simply asks the ransomware’s creators to hand over a decryption key for a discounted price, according to Bleeping Computer, citing findings from Check Point Software Technologies.
During its investigation, Check Point observed Dr. Shifro allegedly charging a minimum of US$ 1,000 (£788) for its imaginary IT services, plus the cost of paying for the decryptor. Check Point estimates that Dr. Shifro has earned at least US$ 300,000 (£236,539) in revenue from this operation since it began in 2015.
This article was originally published on SC Media US.