A Russian firm makes money from ransomware victims’ desperation by selling fake decryptor solution.
The company called Dr. Shifro promises to unlock encrypted files for victims, so they can avoid paying the hackers the ransom money.
Their advertisement says Dr. Shifro solution will unlock the encrypted files without the need of a public key.
This shady company was discovered by cybersecurity researchers while investigating the Dharma/Crisis ransomware. After the discovery researchers concluded that Dr. Shifro is a Russian firm that falsely offers decryption services.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For those who don’t know Dharma ransomware, part of the Crisis family ransomware, was first seen in 2016. Back in Nov. 2016 and March 2017, there was available a master decryption tool for the Crisis family so victims were able to recover fast after a cyber attack. But this fall brought on the cyberspace new versions with no public key.
Dr. Shifro came to life back in 2016, as a legitimate company that is specialized in ransomware attacks. They offer solutions that can unlock files encrypted by any of the new versions of Crisis/Dharma, Scarab, No_More_Ransom, and Da Vinci ransomware. They falsely advertise themselves is such a way that the future client believes there is a tool that can exploit vulnerabilities in encryption algorithms of ransomware, which can generate the RSA private keys.
After a rigorous investigation was conducted, researchers found that Dr. Shifro functions as a broker between ransomware victims for ensuring a big profit for them.
For example, if anyone wants to unlock some encrypted files, they will have to pay Dr. Shifro, and the shady firm will pass the money to hackers. After the hacker sends the decrypted files to Dr. Shifro, who returns them to the victim. In one case the shady firm paid ransomware distributors around $950 for decrypting the files but charged the victim $2,300, making an estimated profit of $1,350 from just one single person.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.