IT firm caught faking recovery service for Ransomware

A subsidiary of the UK-based company was found negotiating with attackers for decrypting ransomware-inflicted systems. This subsidiary reportedly paid off attackers at a lower price and then offered recovery services at a much higher price.

With ransomware attacks on the rise, bogus remediation measures can worsen the situation. A typical example of this is the scandal by UK-based IT company Red Mosquito. A subsidiary of this company, Red Mosquito Data Recovery (RMDR), has reportedly faked ransomware recovery services as it was caught negotiating ransom with attackers. A sting operation by security researcher Fabian Wosar revealed that the subsidiary paid off attackers at a lower price and then sold decryption services to victims at a much higher price.

How was the scandal uncovered?

  • In the sting operation, Fabian Wosar setup two email accounts, one for posing as a hacker and other as a victim. Furthermore, he created a fake ransomware called “GOTCHA” and a ransom note that included a unique ID sequence for payment. This established the identity of the payer.
  • When Wosar contacted RMDR informing about his self-created ransomware incident through the victim account, he received an email on the hacker account to negotiate the ransom.
  • After closing the negotiation, RMDR offered recovery services at an exorbitant price to the victim, failing which they would lose their data.

Thus, RMDR paid the ransom and was selling the so-called ransomware recovery services at higher prices.

A word of caution

Wosar advises ransomware victims to be wary of companies offering data recovery services. “Ransomware victims need to be aware that there’s no silver bullet when it comes to restoring their data. There is also no shame for a data recovery company in paying the ransom, as long as they are open and transparent about it,” Wosar told ProPublica.

Upon contacting, Red Mosquito did not respond to emails or calls regarding this spurious incident.

source