You just got infected with SamSam crypto-ransomware. What if I told you I had a secret process that guarantees I can recover your files that have been encrypted by a ransomware attack. Would you pay me to get your files back?
Brian Krebs tweeted on May 16 about ProPublica’s investigative article about how two cybersecurity firms have successfully “restored” files that have been encrypted by crypto-ransomware attacks. I suppose this was inevitable, since the “solution” seems so obvious.
Florida-based MonsterCloud and Proven Data Recovery of Elmsford, New York have become quite successful at restoring files of companies who have suffered a ransomware attack. They claim to be using “advanced technologies,” but all they are really doing is paying the ransom asked for by the cyber-criminals and charging their customers enough extra to provide a generous profit margin.
I don’t really have a problem with this solution, or the additional money the firms charge. Handling bit-coin transactions, getting the encryption key from the bad guys, and performing the subsequent decryption tasks is worth the money being charged. And evidently the customers are delighted with the results.
There are a couple of ethical problems, though. First, how about you just disclose your “secret process” to your customers up front. Something simple like “we pay the ransom, get the encryption key, and restore your files.”
The second issue has to due with just who is getting paid. Some of the more recent crypto-ransomware attacks such as the SamSam exploit are being attributed to Iran, and could be funding terrorism or other actions that the client may not want to be funding. The U.S. government has indicted a pair of Iranian cyber army members for developing and releasing SamSam.
It has been my experience when dealing with ransomware attacks, my clients have definitely NOT wanted to pay the bad guys, for reasons such as “they’re bad guys’ and “if we pay them, it just encourages them to do it again.”
What’s my take-away? If you are working with a company that “fixes” ransomware problems, just be sure you know how they get their results.Share