Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks that pretend to be ransomware).
The boom in ransomware infections is also a boom for companies that provide services to the infected. A lot of these companies are in the business of taking your money, sending some Bitcoin to your attackers, then holding your hand as you use the codes the attackers provide to get your files back (assuming the malware performs according to spec and that the ransomware attackers don’t just run off with your dough).
But not everyone wants to pay ransom! There are ethical and political reasons to avoid paying ransom, and the more money ransomware attracts, the more clever programmers will throw themselves at the project of making ransomware even more virulent and widespread.
Some companies advertised that they could decrypt your locked-up files without paying the ransom, using proprietary methods they’d developed in house to undo the attackers’ encryption. This isn’t outside the realm of possibility (programmers make mistakes) but it’s still a bit of a stretch (well-implemented encryption is extremely robust).
Propublica’s Renee Dudley and Jeff Kao provide a deep investigative look at two of these “don’t pay ransom” companies, Proven Data and MonsterCloud, and reveal that these companies made false representations and had no ability to decrypt their customers’ files. Instead, they simply paid the ransoms and deceived their customers about their activities. The reps the customers dealt with turn out to be pseudonymous fake people, and the marketing endorsements on these companies’ sites are also almost certainly fabricated.
The companies not only paid ransoms, they effectively became confederates of the ransomware criminals, creating long-term, professional relationships with them that allowed them to negotiate for extra time on their customers’ behalf. What’s more the criminals began to refer their victims to the companies, advising the victims that if they couldn’t figure out how to pay ransom or needed to be convinced that the threat was real, that they should pay these companies for their professional services.
Propublica quotes on-the-record whistleblowers, the executives at the companies, and their customers, and paint a picture of companies that engaged in blatant misrepresentation to the detriment of their customers, peddling lies and snake-oil to people who’d already been victimized. Meanwhile, public records show that the founders of these companies got ridiculously rich, buying multiple luxury homes and luxury cars. These founders deny that they told customers that their data could be decrypted without paying, but their own websites make these claims in plain language.
The grift encompasses people like former FBI director and Mueller crony John Pistole, who produced a still-available promo for MonsterCloud in which he falsely states that “MonsterCloud’s proprietary technology and expertise protects their professional reputations and organizational integrity” and that this allows customers to recover their data without paying ransom — a claim Pistole admits he knows is false.
Meanwhile, Propublica traces some of the money that the anti-ransomeware companies quietly paid to criminals ended up violating US sanctions against Iran.
The firms eagerly agreed to help. “They all claimed to be able to decrypt ransomware families that definitely weren’t decryptable and didn’t mention that they paid the ransom,” Wosar said. “Quite the contrary actually. They all seemed very proud not to pay ransomers.”
Soon, the email accounts that he’d set up for the imaginary attacker began receiving emails from anonymous addresses offering to pay the ransom, he said. He traced the requests to the data recovery firms, including MonsterCloud and Proven Data.
“The victims are getting taken advantage of twice,” he said.
Proven Data’s Congionti and MonsterCloud’s Pinhasi both said they could not recall this particular case. “If someone is saying that we promised up front that we would be able to decrypt their files, I am certain that this is inaccurate,” Pinhasi said.
The Trade Secret [Renee Dudley and Jeff Kao/Propublica]
Gucci’s new $800 ‘Indy Full Turban’ was not a good idea.
Axon — formerly Taser International — makes police bodycams that they sell to towns on the cheap, betting that they’ll make it up by gouging the towns for cloud-based storage for footage from the cameras (what could possibly go wrong?!).
Marginalized Native American communities throughout the United States could have better access to high-speed internet if the Federal Communications Commission (FCC) decides to allow tribes to use the Educational Broadband Services (EBS) spectrum for services like telemedicine, transmitting medical records electronically, or an online high school.
Whether you’re writing company memos or meticulously crafting a novel, everybody needs an editor – and we’re not just talking about a spell checker. Writing software has gotten pretty intuitive, to the point where programs like ProWritingAid can guard against more than just silly mistakes. They can actually improve your style. Designed as the first […]
When you’re half-asleep, nighttime bathroom breaks can get messy or even painful without a light. But let’s face it: Nobody wants to think about their bathroom any more than they have to. That’s why the LooLoo Automatic Toilet Freshener & Night Light might be one of the most useful gadgets you never knew you needed. […]
Tired of bulging pockets? It seems crazy that we’re carrying around tiny AI computers in one pocket, while the other one is overstuffed with cash, cards and old receipts held together by a flimsy piece of cloth or leather. The bad news is, most of us still need those cards (and occasionally, even the cash). […]