The Russian company instead of treating files encrypted with a virus pays attackers

Source: Naked Security - Sophos

There are a lot of companies working in the field of information security. Technologies are improving, which means that attackers are getting more and more tools to work. They are confronted by information security experts. True, not all of them are equally professional.

For example, recently the network has information about a company that positions itself as the last chance for victims of cryptographer programs. This company claims to be able to decrypt affected files, thus saving the business and reputation of the victim.

But in this case, everything is not so clear. As it turned out, a company called Dr. Shifro, does not decrypt files. Instead, it pays attackers, and provides decrypted files to customers, claiming that its experts were able to decrypt everything.
')
But this is not entirely true - the fact is that Dr. Shifro simply takes 2-3 times more money from customers than the attackers ask for, and works with the latter. Once the files of the affected party are decrypted, Dr. Shifro declares that it is her merit.

In one case, the company requested $ 2.5 thousand for the service of decrypting files blocked by ransomware. It turned out that the attackers themselves are asking for $ 1,500 for the same. Thus, the company took over $ 1000 for mediation services, paying the rest to cybercriminals.

Often, the owners of the affected business are willing to pay and more solution to the problem with encrypted files. Companies often do not want to mess with cybercriminals, so they are willing to pay a lot to those who are able to solve the problem.

But as it turned out, the company Dr. Shifro and does not think to engage in self-decoding. She prefers to negotiate with the attackers, getting for it a good profit from the cybercriminals.

According to calculations, the company during its operations received about $ 300,000 profit. On average, solving one incident costs the organization’s customers $ 3000 (bitcoin equivalent). But an exact calculation cannot be made, since it is unclear whether all customers receive the same price for services.

The general recommendation of information security specialists is to not pay to cybercriminals who distribute crypto software. It is justly believed that if an attacker is paid a ransom, they will work even more actively. Therefore, many victims of virus cryptographers turn to third-party companies that promise to decrypt files. In this case, some victims are willing to pay more to “white” hackers than to pay a ransom to intruders.

However, the chance of decrypting files that are encoded with serious technology is small. So we can assume that Dr. Shifro is far from the only company that just negotiates with the blackmailers.

Well, the latter are not going to stop their activities. Recently, a new type of cryptographer has hit more than 100 thousand computers in China. True, fraudsters demanded for a decryption key a small amount - only $ 16. Usually it is hundreds, if not thousands of US dollars. As far as one can understand, the new ransomware version is designed exclusively for Chinese users - in other countries there are no cases of infection with this virus yet.

The malware is distributed as a “nice” addition to topics for local forums and instant messengers. But most often, users from China are infected with this virus when installing the Software "Account Operation V3.1", this is an application that allows you to manage multiple accounts in QQ simultaneously. It is possible that the virus is hidden in the EasyLanguage module. Researchers say that the virus not only encrypts files, but also steals user access to various social networks and instant messengers, as well as digital wallets and hosting.

It is worth noting that the most common cryptographers were in China. In other countries, the activity of this type of virus has disappeared. According to experts, in particular, from the company Velvet Threat, ransomware of various types infected about 2 million computers in China.