A damning new study has revealed the trick up the sleeve of some so-called ransomware solution providers—just pay the hackers their ransom in crypto.
Investigative journalists at ProPublica found that companies were increasingly choosing to simply pay hackers and move on, against a backdrop of a steep rise in the prevalence of these types of attack. According to figures published by ransomware analysts Coveware, the first quarter of this year saw both the frequency and scale of these attacks increase.
“In Q1 of 2019, the average ransom increased by 89% to $12,762, as compared to $6,733 in Q4 of 2018. The ransom increase reflects increased infections of more expensive types of ransomware such as Ryuk, Bitpaymer, and Iencrypt. These types of ransomware are predominantly used in bespoke targeted attacks on larger enterprise targets,” the report noted.
ProPublica found at least two firms that had been paying off SegWit scammers on behalf of their clients:
“Proven Data promised to help ransomware victims by unlocking their data with the ‘latest technology,’ according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.”
Even Florida-based company MonsterCloud, which professed to use its own data recovery, was revealed to have also been paying ransoms, “sometimes without informing victims such as local law enforcement agencies,” according to the ProPublica report, noting, “The firms are alike in other ways. Both charge victims substantial fees on top of the ransom amounts…Both firms have used aliases for their workers, rather than real names, in communicating with victims.”
Zohar Pinhasi of MasterCloud confirmed the firm did indeed pay ransoms on some occasions,