Two Ransomware Recovery Firms Typically Pay Hackers

  /     /     /  
Publicated : 23/11/2024   Category : security


Two Ransomware Recovery Firms Typically Pay Hackers


Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.



A new report sheds light on the practices of two US data recovery firms, Proven Data Recovery and MonsterCloud, both of which paid ransomware attackers and charged victims extra fees.
ProPublica researchers were able to trace four payments from a Bitcoin wallet controlled by Proven Data to a wallet controlled by the operators of SamSam ransomware, which
caused
millions of dollars in damages to cities and businesses across the US. Payments to this wallet, and another connected to the attackers, were banned by the US Treasury Department due to sanctions on Iran, explained former Proven Data employee Jonathan Storfer to researchers.
Proven Data claims to unlock ransomware victims data using its own technology. Storfer and an FBI affidavit say otherwise: The company instead paid ransom to obtain decryption tools. MonsterCloud, another data recovery firm that claims to employ its own recovery practices, also pays ransoms — without telling the victims, some of which are law enforcement offices.
Proven Data chief executive Victor Congionti did tell ProPublica paying ransom is standard procedure at the company, and oftentimes it pays attackers at the request of clients. But Storfer explains how the company developed a relationship with the attackers and, as a result, was able to receive extensions on payment dates and even get discounts on ransoms. SamSam operators would advise their victims to contact Proven Data for help with submitting payment.
The report draws attention to a dilemma that businesses face when hit with ransomware: Its easy to frown on paying the ransom in theory; its different when your data is held hostage.
Its neither illegal to hide strategies for decrypting data nor illegal to pay attackers, the report points out. But paying ransom while pretending otherwise to a client could fall under deceptive business practices banned by the Federal Trade Commission Act, former FTC acting chairman Maureen Ohlhausen said. The FTC has not cited MonsterCloud or Proven Data, they note.
Read the full report
here
.
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Two Ransomware Recovery Firms Typically Pay Hackers