It’s a sad fact that when people are at the most vulnerable is the time when they are most open to being conned. DSA was dismayed to find out this week that a small group of Malaysian Systems Integrators have come up with an ingenious but totally unethical scam, built on exploiting people that have already been unfortunate enough to have been struck with ransomware such as the WannaCry variant.
Here’s how the scam works.
Unfortunate User gets hit with Ransomware. Their systems and data are locked.
User is not sure what to do, as the advice given is NOT to pay the ransom but with no backup available they are desperate.
Along comes friendly local reseller/SI to save the day.
SI tells the user, you know me and you can trust me. We are very skilled in this area and very confident we can break the ransomware and unlock your system.
SI asks the user “How much is the Ransom” then tell the user, OK its quite a lot of work to break the ransomware encryption, so I will need to charge about double the ransom, but it’s OK you can trust me, and if I don’t unlock your system I will give you your money back.
Relieved to be in the hands of an expert the user pays the SI/Reseller
Now here’s the nasty part.
The reseller/SI simply takes the system away and then pays the ransom and hopes to get the unlock key. If they do so they just earned their own ransom.
The unanswered question – we have not been able to find out what happens if the unscrupulous reseller doesn’t manage to get the unlock key back from the cyber-criminal. However, our best guess is that you are in danger of losing at least some of that money.
It’s shameful but not surprising that this is happening. Our source who preferred to remain nameless explained to us that there are always people looking to cheat and make a fast buck. This is particularly cruel as it takes advantage of what is a desperate situation for those affected.
We spoke to James Forbes May, Vice President at Barracuda Networks who told us “If the major companies like Barracuda have are not offering to break the encryption for the strain of ransomware you have been hit with then it is very unlikely that a local SI or reseller would have managed to find a solution. If in doubt call an expert. Anyone in my team would be happy to give you impartial best advice on what to do.” James continues “Best advice is clear and simple. The risk is very real so put a robust security solution in place and make sure you backup regularly”
|James Forbes May, Vice President at Barracuda Networks|
Wise words indeed. For anyone that has been hit by ransomware we suggest you approach known and established experts for advice. Barracuda is one of many expert vendors willing to help. In addition, if you are in Malaysia – where we found out this scam operating you can reach out to government agency Cyber Security Malaysia for advice. They even have an online service where you can seek help immediately called Cyber999 you can access it here - https://www.mycert.org.my/online_form/index.html