It has been found recently that the ransomware removal consultancy firm – Dr. Shifro has been promising its clients to try and decrypt files, but is scamming them instead. They have been actively offering this scam of a ransomware removal service to those victims who were affected by the Dharma Crisis. These people have been in desperate search for decryption keys in order to get their files recovered.
According to researchers for cybersecurity at Check Point, this ransomware removal consultancy firm has been generating their profits by simply tricking their clients. They do this by paying the ransom to the developers of the ransomware and then simultaneously increase their price to about 75% of the original quote. This means that they claim to be a ransomware removal service but are instead more of a broker service.
This, unfortunately, is the case with a lot of scammers that have been offering their services through the web. They simply add a thousand dollars to the original ransom. The Russian consultancy firm has allegedly managed to make up to $300,000 in the few years since they have been active. According to the IT experts at Check Point, they have now ‘helped’ somewhere close to 300 victims of ransomware!
The business model that was created by Dr. Shifro is quite attractive and simple. This means that it can be easily duplicated by those who fall into the category of ‘entrepreneurial con artists’. What’s more? There have also been accounts where such services actually asked the ransomware developers for a discount while charging the victims in full.
Check Point found an example of the communication of such services with hackers, and it looked something like this:
“I’m an intermediary. We redeem keys for clients since 2015 on a regular basis. Send bitcoins tight, don’t ask dumb questions. Clients frequently addressed under recommendation. Could you give a discount to 0.15 BTC?”
These services are no better than the original hackers, wouldn’t you say? Stay cautious people!
