Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Don't Be Scammed by Companies Claiming to Decrypt Ransomware

Ransomware is the criminal act of locking people or companies out of their data. Put literally, it’s holding their data at ransom. However, these criminals don’t physically hold your data. In fact, you could probably walk to and touch the server that holds your data. The problem is that they encrypt the data so that only those people with the decryption key can unlock it and access the data. As you might imagine, it’s these criminals that hold the key and they are supposedly willing to sell it to you in exchange for a large sum of money.

That “supposedly” is there because they have no obligation to give you the key if you pay. They are malicious people are groups and morals aren’t exactly at the top of their list. You could give them the money and then they could run off with that and your data.

It’s why backing up your data on secure and separate systems is so important. Even if you think you’re safe simply because you’re backing up, you’re wrong. If there’s a way to infect both your primary data and your backups at the same time, it renders the backups entirely useless.

Now, just because that data is encrypted, it doesn’t mean you can’t force your way in. Some encryptions are stronger than others and that means that they can be cracked by software. That’s not true for all encryptions though, at least not with existing computing power, and it’s certainly not true in the case of Dharma ransomware.

Dharma ransomware is one of the many strains of ransomware that exist. There is currently no known way to forcibly decrypt it. Curiously, Australian company Fast Data Recovery is claiming the opposite. They say that they can decrypt Dharma and get you access to your data. Amusingly, another data recovery company said if that was possible then “they have tools and computing power beyond that of the NSA” and that the technology would be worth millions – not something worth targeting small business with.

To see what was going on, infosec researcher Brett Callow decided to contact Fast Data Recovery to claim that he needed help after a Dharma ransomware attack. The company said they would carry out an initial security audit for 750 Australian dollars per server and 120 per computer.

Michael Gillespie is the creator of ID Ransomware, a website that helps you identify the ransomware that has encrypted your data. He says: “There is no way to 'reverse engineer the ransomware decryption key' for Dharma. The encryption is perfectly implemented, and it's simply not possible. The only way to recover files encrypted by Dharma is with the ransomware dev's key.”

As such, we can assume that Fast Data Recovery are paying the ransom fee to get the decryption key. In fact, they might even be the same group of people who created the ransomware in the first place, though that’s unknown.

A similar story comes from Dr Shifro, a Russian company that also claimed to have decryption abilities. They were simply negotiating with the ransomware criminals and netted over £300000 from companies in doing so.

At the end of the day, lots of ransomware simply isn’t crackable. Keep your backups in order or you’ll regret it.


No comments yet. Sign in to add the first!