top of page
  • OpaCyber

What happens if you pay a ransom?

If you get infected with ransomware and pay to recover your data, what happens? It depends..


Generally:

  1. You fund a criminal eco-system

  2. The decryption key works and you recover your data. That is usually only true in 25% of cases

  3. You don't get a decryption key or if you do, it doesn't work

  4. The decryption key works on small files but not on larger files

  5. The decryption is so slow that you could have restored 5 times if you had a backup

  6. You get double-extorted because before your files were encrypted the Bad Actor took a copy of your data and now, if you don't pay, they will sell your data or publish it on the dark web


AND THEN THERE'S ANOTHER OPTION:

⦿ In the case of Change Healthcare, a $22 million dollar equivalent amount was paid to a cryptocurrency address that security researchers had already mapped to the ransomware gang

⦿ The gang, known as AlphV (alf vee), formerly BlackCat (yes, it is hard to keep track) then displayed a poor quality FAKE splash page on its website that the site had been seized by the FBI and promptly DISAPPEARED WITH THE MONEY

⦿ The problem is that AlphV is a ransomware-as-a-service operation which uses affiliates to deploy the ransomware and then receive a commission on the ransom paid

⦿ The AlphV gang ran off, the affiliate didn't get their commission, but allegedly has 4TB of victim data which was exfiltrated before the ransomware was deployed


You couldn't make it up


There's no such thing as Honour Amongst Thieves



Comments


Commenting has been turned off.
bottom of page