Threat Management, Malware, Ransomware, Security Strategy, Plan, Budget

Report finds ransomware recovery firms simply paying attackers

Imagine your company gets hit with a ransomware attack. Critical files become inaccessible, work productivity is lost, sensitive data could be at risk of either being compromised and leaked or even deleted, all while being extorted by a cyber assailant for funds your firm may or may not be able to shell out.

Companies often call in firms that offer “high-tech” ransomware solutions in these situations, but a recent report from Pro Publica found some of these companies simply pay off the attackers.

In one instance, the publication was able to trace four payments sent in 2018 and 2017 from an online wallet belonging to Proven Data Recovery, an American firm that claims to help companies regain access to their computers, to a wallet maintained by Iranians believed to be responsible for spreading SamSam ransomware.

“I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime,” Jonathan Storfer, a former employee with the company told the publication. “So the question is, is every time that we get hit by SamSam, and every time we facilitate a payment — and here’s where it gets really dicey — does that mean we are technically funding terrorism?”

Another company, MonsterCloud, was mentioned in a case of paying attackers after the firm requested $2,500 for an analysis of the problem and costing up to $25,000 to recover from an attack where the ransom was only $7,000 worth of bitcoin.

In addition when the company handling the ransomware attack asked for specifics on how the data would be recovered MonsterCloud was evasive, said Tim Anderson, an IT consultant based in Houston, handling the problem for a client.

“I immediately smelled a rat,” Anderson told ProPublica. “How do I know they’re not taking the $25,000 and paying the ransom guy $7,000 of it? The consumer doesn’t know what’s going on.”


An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds