Russian Ransomware Brokers Scam Victims
December 04, 2018 / Phil Muncaster
Security researchers have discovered cybersecurity scammers in Russia are generating hundreds of thousands of dollars in profits by falsely claiming to be able to unlock encrypted files. Check Point explained that one ‘IT consultancy’ named Dr Shifro is promising customers it can help them recover from ransomware like Dharma/Crisis, for which there is no known decryption key. In reality, the firm pays the ransomware author a fee and then passes the cost on to the customer at a 75%+ margin, acting more as a broker than an IT consultancy. Dr Shifro has been around for over two-and-a-half years and has managed 300 ransomware ‘decryptions’ for its clients. Typically it adds an extra $1000 fee on top of whatever the cyber-criminal is charging for a decryption key, meaning the firm has been able to drive profits of at least $300,000 over the past couple of years.