In 2018, an investigation by specialists at the Checkpoint Cybersecurity Firm exposed the fraudulent activities of a company that is supposed to act in the field of computer security.
As we know, attacks on companies with ransomware-type malware allow cybercriminals to encrypt the content of company-owned data and then demand payment of a ransom for a decryption key. And since it is generally recommended not to pay the ransom demanded by hackers, for fear of encouraging them in their criminal activities, companies will call on companies specialized in data decryption. However, these data decryption companies are not always what they claim to be. And that was the case with a company called Dr. Shifro.
This article will also interest you: Bouygues constructions is a victim of more than one computer attack with ransomware
Dr. Shifro and a computer security company that claimed to be able to decrypt encrypted data without even The decryption key. However, in the opinion of the experts, if this is not impossible, it should be known that such a feat is really difficult to realize.That it will take years or even even several years to be able to achieve such a goal with the technology of the moment. Checkpoint researchers were able to interview the security and certain its customers that it had managed to satisfy in 2 hours only. The question posed by the researchers of the security firm Checkpoint computer, it was to know, if in some event, Dr. Shifro was not cooperating not in a way with the cybercriminals behind the terrorist attacks ransomware, to be able to make the most of it: "A time so fast can't mean that Dr. Shifro has keys private RSA for this case of infection or that it instantly interacts with ransomware software operator to receive them." They explained.
In this context, they decide then to tender a trap this decryption company. To do so, they created a situation similar to a ransomware-type computer attack with encrypted files via a dharma encryption. They even created a fake email address that was supposed to belong to the pseudo-hackers, through which these would have demanded payment of a certain ransom. Subsequently, they asked for the intervention of Dr. Shifro as the victim of a ransomware attack. For 2 days decryption company does not respond to their request. however pseudo hackers will receive a request from Dr. Shifro to decipher the in exchange for payment of a bitcoin sum.
And so Dr. Shifro's business model was discovered: "I am an intermediary. We have been exchanging keys regularly for clients since 2015. Sending bitcoins, no silly questions. Customers are frequently forwarded by recommendation." To make sure it was still Dr. Shifro, Checkpoint researchers sent a message again. This time, they received this message: "We managed to decipher your files. The cost of the decryption tool is 150,000 rubles – a visit from a specialist of 5,000 rubles (the cost is for the Moscow region)' We then realize that the firm "added about $1,000 to the initial ransom price demanded by our fake ransomware operator," Check Point noted. In other words, Dr. Shifro allowed himself to get in touch with hackers who entered into an agreement to decrypt encrypt encrypted encrypted files. Then he demanded more money from the victim than he paid the hackers.
Now access an unlimited number of passwords: