Threat Management, Malware, Ransomware

Company’s ransomware decryption service is a sham, researchers report

A Russian company that claims to specialize in decrypting ransomware is actually just secretly brokering deals with the malware distributors and charging victims for this middle-man service, researchers say.

The so-called IT consulting firm, known as Dr. Shifro, advertises that it can fix systems affected by such malicious encryptors as Cryakl, Scarab, Bomber, and Dharma/Crisis. But in reality, the company simply asks the ransomware's creators to hand over a decryption key for a discounted price, according to Bleeping Computer, citing findings from Check Point Software Technologies.

During its investigation, Check Point observed Dr. Shifro allegedly charging a minimum of $1,000 for its imaginary IT services, plus the cost of paying for the decryptor. Check Point estimates that Dr. Shifro has earned at least $300,000 in revenue from this operation since it began in 2015.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds