Home » Russian “IT consultants” Scamming Ransomware Victims To Make Money
Cyber Attack

Russian “IT consultants” Scamming Ransomware Victims To Make Money

Russian _IT consultants_ Scamming Ransomware Victims To Make Money
Russian _IT consultants_ Scamming Ransomware Victims To Make Money

Russain IT consultants are acting more like a brokers.

Russian _IT consultants_ Scamming Ransomware Victims To Make MoneyAs the security researchers found that the Russian IT consultants are scamming victims of Ransomware. They made profit of more than thousands of dollars by falsely claiming to provide decryption code for encrypted files.

As reported by Check Point, Dr Shifro an ‘IT consultancy’ in Russia offering help to the victims of Dharma and Crisis like Ransomware to recover their files by providing the decryption key. But according to security researchers there is still not any decryption key found for these deadly Ransomware threats


Dr. Shifro- The IT Consulant offering decryptor tool is acting like a broker

It seems like the IT consultancy are acting more like a broker that are paying the ransomware authors an initial fee for the encryption. And they are adding 75%+ margin cost to the victims of the ransomware to recover their files. That is $1000 extra of what the ransomware authors are charging to provide the decryption key.

Dr Shifro the reported IT consultant had already managed to run this scheme for more than 2 years and has provided more than 300 decryptors to its clients. This is how the IT consultant has till now managed to gain a profit of around $300,000 within 2 and above years. The research obtained also believe that the Dr Shifro tries to negotiate to the Ransomware authors to offer a discount. This will further help the firm to increase their margin and earn more profit.

To the offerings made by IT consultant , the Check Point stated that:

The business model that Dr.Shifro has created is an attractive one that could easily be replicated by other entrepreneurial scam artists and serves as a new development of the ransomware industry that both individuals and organizations should be wary of.

They also found the contacts of some of it clients which helped the researchers to analyse that that alleged firm is just acting like a broker in middle of Ransomware authors and its victims. They manages to contact to the malware authors to negotiate their amount of decryption and present an attractive offer to the victims to help them recover their files. To which victims may agree as it is the matter of their crucial files and documents which are now just a waste as they are encrypted with an unbreakable code.

The is the sample of negotiation between the Consultant and the cyber criminals:

I’m an intermediary. We redeem keys for clients since 2015 on a regular basis. Send bitcoins tight, don’t ask dumb questions. Clients frequently addressed under recommendation. Could you give a discount to 0.15 btc?

The conclusion:

The services offered by “Dr. Shifro” is more concentrated to earn profit, while there are various legitimate IT consultants that help victims recover their file but using only using the ethical way. Either through cracking its code or other free decryption key released by security experts. This cannot be straight away said as scamming but still is not a legitimate way. Victims of ransomware are also warned that there could be similar other firms offering decryption tool by charging a lot of money.

To avoid Ransomware attacks one should be cautious to protect their devices with powerful security tool. And not to encourage any shady practices by paying them unworthy amounts. It will just help them to create new money making models by exploiting the victims situation. As the Ransomware business is becoming more and more strong like the recent incident which China faced WeChat Ransomware attack that almost infected 100,000 users. 

So, it high time for us to stand strong against these destructive attacks. Take a minute to read more about Ransomware Defender that will protect your device from future attacks. And it also works along with your existing anti-virus/malware program. 

About the author

UnboxHow Team

If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with us directly on Google Plus, Facebook or Twitter. We would love to hear your thoughts and opinions on our articles directly.

Add Comment

Click here to post a comment