• Follow us

Gadgets

These firms promise high-tech ransomware solutions—but typically just pay hackers

Cryptolocker was one of the ransomware pioneers, bringing together file encryption and bitcoin payment.Enlarge / Cryptolocker was one of the ransomware pioneers, bringing together file encryption and bitcoin payment.Christiaan Colen / FlickrThis story was originally published by ProPublica. It appears here under a Creative Commons license.

From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the UK It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlanta’s online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom.

“You just have 7 days to send us the BitCoin,” read the ransom demand to Newark. “After 7 days we will remove your private keys and it’s impossible to recover your files.”

At a press conference last November, then-Deputy Attorney General Rod Rosenstein announced that the US Department of Justice had indicted two Iranian men on fraud charges for allegedly developing the strain and orchestrating the extortion. Many SamSam targets were “public agencies with missions that involve saving lives,” and the attackers impaired their ability to “provide health care to sick and injured people,” Rosenstein said. The hackers “knew that shutting down those computer systems could cause significant harm to innocent victims.”

In a statement that day, the FBI said the “criminal actors” were “out of the reach of US law enforcement.” But they weren’t beyond the reach of an American company that says it helps victims regain access to their computers. Proven Data Recovery of Elmsford, New York, regularly made ransom payments to SamSam hackers over more than a year, according to Jonathan Storfer, a former employee who dealt with them.

Although bitcoin transactions are intended to be anonymous and difficult to track, ProPublica was able to trace four of the payments. Sent in 2017 and 2018, from an online wallet controlled by Proven Data to ones specified by the hackers, the money was then laundered through as many as 12 bitcoin addresses before reaching a wallet maintained by the Iranians, according to an analysis by bitcoin tracing firm Chainalysis at our request. Payments to that digital currency destination and another linked to the attackers were later banned by the US Treasury Department, which cited sanctions targeting the Iranian regime.

“I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime,” Storfer said. “So the question is, is every time that we get hit by SamSam, and every time we facilitate a payment—and here’s where it gets really dicey—does that mean we are technically funding terrorism?”

Proven Data promised to help ransomware victims by unlocking their data with the “latest technology,” according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.

Another US company, Florida-based MonsterCloud, also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies, ProPublica has found. The firms are alike in other ways. Both charge victims substantial fees on top of the ransom amounts. They also offer other services, such as sealing breaches to protect against future attacks. Both firms have used aliases for their workers, rather than real names, in communicating with victims.

The payments underscore the lack of other options for individuals and businesses devastated by ransomware, the failure of law enforcement to catch or deter the hackers, and the moral quandary of whether paying ransoms encourages extortion. Since some victims are public agencies or receive government funding, taxpayer money may end up in the hands of cybercriminals in countries hostile to the US such as Russia and Iran.

Tracing Ransom Payments From Proven Data to IranAlthough bitcoin transactions are intended to be anonymous and difficult to track, ProPublica was able to trace four payments from New York-based Proven Data Recovery to the SamSam ransomware attackers in Iran. One payment was sent on Nov. 15, 2017, from an online wallet controlled by Proven Data to one specified by the attackers. It was then laundered through 12 bitcoin addresses before reaching a wallet maintained by the Iranians, according to an analysis by bitcoin tracing firm Chainalysis at our request. Payments to that digital currency destination and another linked to the attackers were later banned by the US Treasury Department, which cited sanctions against funding the Iranian regime. Proven Data said it stopped dealing with the SamSam hackers after the US government took action against them, and that until then, it did not know they were affiliated with Iran.

In contrast to Proven Data and MonsterCloud, several other firms, such as Connecticut-based Coveware, openly help clients regain computer access by paying attackers. They assist victims who are willing to pay ransoms but don’t know how to deal in bitcoin or don’t want to contact hackers directly. At the same time, Coveware seeks to deter cybercrime by collecting and sharing data with law enforcement and security researchers, CEO Bill Siegel said.

Siegel refers to a handful of firms globally, including Proven Data and MonsterCloud, as “ransomware payment mills.” They “demonstrate how easily intermediaries can prey on the emotions of a ransomware victim” by advertising “guaranteed decryption without having to pay the hacker,” he said in a blog post. “Although it might not be illegal to obfuscate how encrypted data is recovered, it is certainly dishonest and predatory.”

MonsterCloud chief executive Zohar Pinhasi said that the company’s data recovery solutions vary from case to case. He declined to discuss them, saying they are a trade secret. MonsterCloud does not mislead clients and never promises them that their data will be recovered by any particular method, he said.

“The reason we have such a high recovery rate is that we know who these attackers are and their typical methods of operation,” he said. “Those victims of attacks should never make contact themselves and pay the ransom because they don’t know who they are dealing with.”

On its website, Proven Data says it “does not condone or support paying the perpetrator’s demands as they may be used to support other nefarious criminal activity, and there is never any guarantee to obtain the keys, or if obtained, they may not work.” Paying the ransom, it says, is “a last resort option.”

However, chief executive Victor Congionti told ProPublica in an email that paying attackers is standard procedure at Proven Data. “Our mission is to ensure that the client is protected, their files are restored, and the hackers are not paid more than the minimum required to serve our clients,” he said. Unless the hackers used an outdated variant for which a decryption key is publicly available, “most ransomware strains have encryptions that are too strong to break,” he said.

Congionti said that Proven Data paid the SamSam attackers “at the direction of our clients, some of which were hospitals where lives can be on the line.” It stopped dealing with the SamSam hackers after the US government identified them as Iranian and took action against them, he said. Until then, he said, the company did not know they were affiliated with Iran. “Under no circumstances would we have knowingly dealt with a sanctioned person or entity,” he said.

Proven Data’s policy on disclosing ransom payments to clients has “evolved over time,” Congionti said. In the past, the company told them it would use any means necessary to recover data, “which we viewed as encompassing the possibility of paying the ransom,” he said. “That was not always clear to some customers.” The company informed all SamSam victims that it paid the ransoms and currently is “completely transparent as to whether a ransom will be paid,” he said.

“It is easy to take the position that no one should pay a ransom in a ransomware attack because such payments encourage future ransomware attacks,” he said. “It is much harder, however, to take that position when it is your data that has been encrypted and the future of your company and all of the jobs of your employees are in peril. It is a classic moral dilemma.”

Read More



Leave A Comment

More News

Digital Trends

The best smart speakers for 2019 2019-06-10 19:23:51Stuck talking to yourself? Get an A.I. assistant to keep you company! Whether you put your stock in Alexa, Google Assistant, or Siri, we've picked ou

Gears 5 Escape Hands-on: If the entire game 2019-06-10 19:05:50Gears 5's new cooperative Escape mode combines the features of hero shooters with excellent cover shooting gunplay, which has evolved in a few welcom

Walmart deal drops this 50-inch Vizio 4K smart 2019-06-10 18:58:36When 4K first came out back in 2016, there was no real reason to upgrade to a 4K TV. Why? Because: a) content was sparse; and b) the few 4K television

The best E3 2019 trailers 2019-06-10 18:56:23E3 2019 is packed full of game trailers showing off upcoming titles' stories and worlds, as well as full gameplay demonstrations. These are the best

Here are the games and announcements from the 2019-06-10 18:41:08Ubisoft held its annual E3 press conference on June 10. During the Ubisoft E3 2019 press conference, the company announced Watch Dogs Legion, Roller C

E3 2019: Microsoft’s hasty, brave Project xCloud demo 2019-06-10 18:33:17Microsoft brought Project xCloud, its cloud gaming service, to E3 2019. I played Halo 5 and Hellblade: Senua's Sacrafice on a smartphone powered by a

Watch Dogs Legion allows players to control any 2019-06-10 18:14:36Watch Dogs Legion launches in 2020 and we got to see what the game brings to the open-world action series. Building a roster of characters is key to t

How to watch AMD’s E3 Next Horizon Gaming 2019-06-10 18:12:52AMD is scheduled to deliver a press conference to kick off E3 on Monday, June 10. The presentation is set to focus on gaming, and we expect to hear mo

Before buying an Apple Watch, check out this 2019-06-10 18:12:12Not looking to spend hundreds of dollars on a smartwatch? You might want to consider this little-known but well-reviewed cheap smartwatch from Amazfit

Did Apple just accidentally reveal the Mac Pro 2019-06-10 17:46:48The long-awaited Mac Pro was only recently announced at Worldwide Developer Conference (WWDC), but it already appears that Apple has let the cat out o

10 great sci-fi books to read before they 2019-06-10 17:38:48You can get ahead of the next crop of science-fiction television series by picking up the books that inspired them. We've compiled a list of books yo

Digital Trends Live: Project Scarlett, E3 preview, Google 2019-06-10 17:32:38On this episode of DT Live, we take a look at the day’s trending tech news, including Microsoft’s new console announcement, the Google Pix

Engadget RSS Feed

NASA spacecraft will use fuel that's safer for 2019-06-11 04:35:00Many spacecraft depend on hydrazine in their fuel, but it's extremely hazardous -- and that means very careful fueling processes that slow things dow

Streaming 'Dune' TV series will accompany the new 2019-06-11 03:25:00Dune fans have more to look forward to than a new movie and games. WarnerMedia has ordered a Dune: The Sisterhood series for its upcoming streaming s

Facebook will launch new Portal models this fall 2019-06-11 01:27:00Facebook has apparently been busy designing new variants of its Portal video chatting devices. According to the company's Vice President of AR/VR, An

FCC authorizes second wave of rural broadband funding 2019-06-10 23:53:00The FCC will authorize $166.8 million to carriers in 22 states to expand broadband access beginning this month. It's the second round of funding this

'Love, Death and Robots' gets a second season 2019-06-10 22:57:00Netflix announced today that its out-there, adult-oriented animated anthology series Love, Death and Robots will be coming back for another season. Th

Throwback action-RPG 'Oninaki' releases August 22nd 2019-06-10 22:18:00Oninaki is an upcoming throwback action RPG from the makers of I Am Setsuna and Lost Sphear -- and it now has a release date of August 22nd. With Tak

The Marvel's Avengers game arrives May 15th, 2020 2019-06-10 22:17:00Back in 2017, Square Enix signed a multi-year development deal with Marvel. The first item on their list was a secretive title dubbed, Project Avenger

'Final Fantasy VIII' is getting its own, less-involved 2019-06-10 22:16:00Final Fantasy VIII, which curiously missed out on the journey to the Nintendo Switch when the rest of the series was ported over, is back. The reason

'Outriders' is a co-op shooter from the makers 2019-06-10 22:10:00Outriders is a new "dark, modern shooter" as described by People Can Fly, the developers behind Gears of War: Judgment and Bulletstorm. It will be a

'Circuit Superstars' is the 'Forza' of Micro Machines 2019-06-10 22:03:00Back in 2014, Square Enix Collective was created to help indie developers with getting their game out there, and it has helped introduce titles like F

Mercedes’ new GLB is a small SUV that’ll 2019-06-10 22:00:00At an event in Utah, Mercedes took the wraps off its latest SUV, the 2020 GLB. The automaker is positioning it between the GLA and GLC. With the SUV a

'Final Fantasy VII Remake' will take up two 2019-06-10 21:11:00Want more Final Fantasy VII Remake details? We've got them. Following up on a new trailer last night, which teased some core game changes to the 20-y

WIRED

Review: Garmin Forerunner 245 Gives You a Run 2019-06-09 09:00:00After testing two of Garmin's new Forerunners, the 245 Music offers the best value for your money.

15 Best Nintendo Switch Games for Every Player 2019-06-09 08:00:00From Hyrule to Hallownest, these are our absolute favorite games for Switch. Multiplayer, co-op, and single player games.

Apple's 'Noise' App Is Designed to Save You 2019-06-09 08:00:00The new app for Apple Watch buzzes your wrist whenever you’re in a loud environment—yet another app to protect you from the tech that surr

iPadOS Isn't Just a Name. It's a New 2019-06-09 07:00:00Let's take a three-finger flick at the future.

16 Killer Tech Deals on iPad, Galaxy S10E, 2019-06-08 08:00:00These are our favorite tech deals for the weekend, including deep discounts on the latest iPads.

19 Best PS4 Games Every Player Should Try 2019-06-08 08:00:00Crawl dungeons, hunt dinosaurs, and learn to be a dad with our favorite PlayStation 4 games.

Dark Mode Was the Star of WWDC. Do 2019-06-08 07:00:00The latest trend in app design—with black and gray backgrounds that mimic nighttime—has negligible benefits. But dark mode just looks cool

Gadget Lab Podcast: Everything You Need to Know 2019-06-07 16:13:05The Gadget Lab team breaks down Apple’s annual software shindig, and tells you all you need to know about forthcoming updates for iPhones, iPads

Father's Day Gifts: 25 Gift Ideas for the 2019-06-07 07:00:00If you have an amazing father in your life, show your appreciation with one of these hand-picked Father’s Day gifts.

Google's Stadia Gaming Service, Election Security, and More 2019-06-06 17:19:15Catch up on the most important news from today in two minutes or less.

How to Stream the 2019 Women's World Cup 2019-06-06 12:42:19The US Women's National Team starts defending their World Cup title, and you're going to want to watch.

Best Electric Toothbrush Subscriptions (2019): Quip, Shyn, Goby, 2019-06-06 09:00:00If your toothbrush head—electric or otherwise—is ragged and splayed out, you’re a candidate for a toothbrush subscription service. W

Ars Technica » Gear

Report: Google argues the Huawei ban would hurt 2019-06-07 16:15:16Export ban would create a competitor to US operating systems, argues Google.

Get an early look at the very rectangular 2019-06-07 12:36:56We've got giant screens, no headphone jacks, and a centered front camera hole.

Dealmaster: Sony and Microsoft launch a bunch of 2019-06-07 10:58:53We sort out which PS4 and Xbox One deals are actually worth it.

The clever cryptography behind Apple’s “Find My” feature 2019-06-06 15:16:01You can track down your stolen MacBook, but no one else can—not even Apple.

This week’s dead Google product is Google Trips, 2019-06-06 07:12:39Frequent travelers will need to look elsewhere for a trip info app.

Android Q Beta 4 is out, brings finalized 2019-06-05 15:05:25With final APIs, the Play Store is now accepting Android Q apps.

Our first-look photos of Apple’s new Mac Pro 2019-06-03 21:30:05We took photos and asked a few questions about Apple's new hardware.

Answers to some of your iTunes questions: Old 2019-06-03 19:11:55Plus, 4K, HDR, and Dolby Atmos over HDMI.

iPadOS, coming “this fall”: Thumb drives, more gestures, 2019-06-03 15:39:37Report has been updated with supported iPad models—and, praise be, mouse support.

Apple will soon kill off iTunes and, with 2019-06-03 15:10:09Apple will finally kill off the aging iTunes app in favor of new services.

Apple shares its vision for macOS 10.15 Catalina: 2019-06-03 15:07:43The future of macOS is in iOS—but there's other new stuff to be excited about, too.

Apple unveils the Pro Display XDR, a display 2019-06-03 14:50:10Geared towards pro users, it sports impressive specs and a steep price tag—$4,999.

TechCrunch » Gadgets

Maker Faire halts operations and lays off all 2019-06-07 21:06:27Financial troubles have forced Maker Media, the company behind crafting publication MAKE: magazine as well as the science and art festival Maker Faire

Audi proves two little screens are better than 2019-06-07 13:58:53I’m spending some time in the new Audi Q8, and the car company equipped the crossover with its latest infotainment system. I love it, fingerprin

Weighing Peloton’s opportunity and risks ahead of IPO 2019-06-07 12:05:50Exercise tech company Peloton filed confidentially for IPO this week, and already the big question is whether their last private valuation at $4 billi

Sennheiser debuts its first wireless gaming headset, the 2019-06-06 23:51:25During Computex last week, Sennheiser gave media a sneak peek at its first wireless gaming headset, the GSP 670, slated to ship starting at the beginn

Here’s how Google Stadia performs depending on your 2019-06-06 12:16:40Google is introducing more about the launch of its Stadia streaming gaming service today, and VP Phil Harrison gave us performance specifics today so

This year’s Computex was a wild ride with 2019-06-05 13:05:08After a relatively quiet show last year, Computex picked up the pace this year, with dueling chip launches by rivals AMD and Intel and a slew of lapto

Pokémon Sword and Shield arrive worldwide on November 2019-06-05 09:21:44Nintendo Switch has Pokémon games, but it doesn’t really have its own Pokémon games, not in the true sense. Pokémon Sword a

KickSat-2 project launches 105 cracker-sized satellites 2019-06-04 17:27:35Move over, Starlink. SpaceX's global internet play might have caught the world's attention with its 60-satellite launch last month, but little did w

Apple’s Voice Control improves accessibility OS-wide on all 2019-06-03 19:26:56Apple is known for fluid, intuitive user interfaces, but none of that matters if you can't click, tap, or drag because you don't have a finger to do

Photos on iPhone is about to look completely 2019-06-03 14:58:36When you need to find a photo on your iPhone, what do you do? There are tons of ways, but let's be honest. You probably just go to the camera roll an

Goodbye trash can, hello cheese grater: Apple’s reinvented 2019-06-03 14:44:13Say goodbye to the trash can. Apple's new Mac Pro is a more traditional machine that takes into account the specific needs of creative professionals,

Apple releases the $5,000 Pro Display XDR, a 2019-06-03 14:43:15Apple is finally back in the monitor game. Today, at WWDC 2019, the company took the wraps off the Pro Display XDR to go along with a new Mac Pro. Thi


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.