Buyer Beware – Ransomware Recovery Firms are Charging You to Pay the Ransom!

In a story earlier this week ProPublica.com added a British firm, Red Mosquito Data Recovery, to its list of self-proclaimed ransomware data recovery experts whose premium priced “unlocking expertise” was nothing more than paying the ransom!

In a May 15, 2019 post ProPublica.com published an exhaustive investigative expose’ on two of the largest US based ransomware recovery firms Proven Data and Monstercloud. What investigative journalists Renee Dudley and Jeff Kao discovered was that the sophisticated “trade secret” approach to ransomware unlocking and recovery the firms advertised and promised to clients didn’t really exist.

Desperate People Looking for a Professional Solution

Ransomware is no joke. Just ask Atlanta, Baltimore or any of the thousands of other victims. But beyond the obvious operational shutdown ramifications, dealing with those holding your data ransom is not something that most people are particularly comfortable with or skilled at. And that is exactly what makes the “professional” and “ethical” solutions promised by firms such as Proven Data and Monstercloud so attractive to ransomware victims.

The Latest Technology = Charging You to Pay the Ransom

According to ProPublica.com both firms had a pretty simple and profitable business model. Offer to restore client files using the “latest technology” at a price substantially above what the ransomware criminals were asking and then unbeknownst to the victim, get the very same decryption key by paying the ransom (often at a lower negotiated price) and in the process pocketing the difference! Proven Data paid so many SamSam ransoms on behalf of unwitting clients that the authors of the SamSam ransomware would actually recommend that victims work with Proven Data!

The Honest Open Approach

For many people the service provided by Proven Data and Monstercloud is a valuable one and one worth paying for despite the hazy truth to their approach. Other firms such as Coveware realize this and openly help clients restore their operations by navigating the murky waters of ransom decryption including the bitcoin payment, interacting with the attackers and assisting with the decryption.

“Ransomware Payment Mills Prey on the Emotion of a Ransomware Attack.” “Although it might not be illegal to obfuscate how encrypted data is recovered, it is certainly dishonest and predatory.” — Bill Siegel, CEO Coveware

Real Security Solutions Not Smoke and Mirrors

At Konsultek we provide real, customized security solutions for organizations of all sizes and across all industries. We believe the best way to recover from ransomware is to avoid it in the first place by combining security technologies to prevent, detect and respond to threats. To learn more about our solutions please call us or hit our contact form.

© Copyright 2018 Konsultek