Security Market Segment LS
Tuesday, 12 November 2019 11:07

Aust firm promises data decryption after Dharma ransomware attack Featured

By
Aust firm promises data decryption after Dharma ransomware attack Pixabay

Australia data firm Fast Data Recovery reportedly offered to decrypt files that had been encrypted by the Dharma ransomware for a fee of $9650, a security professional claims.

Brett Callow, a researcher with security company Emsisoft, said his wife had posed as someone who had been hit by the Dharma ransomware and asked Fast Data Recovery to help recover the data. "We did it this way because we know from past experience that data recovery firms may not reply unless they can establish the victim is real. This is likely to minimise the chance of being caught by a sting operation. As my wife runs a small business, the query would appear to be legitimate were they to look her up," he explained.

Callow said he had sent the company a file encrypted by Dharma and made it clear that he did not wish to pay the ransom.

"The company claimed it would be able to 'reverse engineer the ransomware decryption key' for a fee of US$6879/A$9650," he said.

"Unless you have access to a quantum computer more advanced than any machine known to have been built, it’s simply not possible to 'reverse engineer the ransomware decryption key'.

"Dharma uses perfectly implemented RSA-1024 and the key needed to decrypt a victim’s files can only be created by the criminal or someone with access to the criminal’s private key."

The full response from Fast Data Recovery was:

"Thank you for contacting Fast Data Recovery - The Ransomware Recovery Experts

"Please note FREE evaluation can take up to 10 days and its dependable on our workload and its treated as a non-priority.

"If this is an Emergency/URGENT please contact us or reply back to this email to use our Priority Evaluation Service for fast turnaround (4-24 hours) OR 1 HOUR quote for Dharma / Crysis Ransomware

"Dharma ransomware will have the following extensions at the end of your files (COMBO, BIP, GAMMA, JAVA, BRRR, HEETS, ETC, BTC, 888, ADOBE, GAMMA, Phobos). Click here for a full list of Dharma Ransomware,.

"Our Priority Evaluation service cost $350AUD for most for most type of infections with the exception to Dharma and Gandcrab infections.

"Dharma / Gandcrab Priority evaluation cost $175 AUD Please note the cost of Priority evaluation will be deducted from the cost of recovery and in the unlikely chance we are unable to work with your encryption, a full refund will be issued.

"We have a proven track record of 100% ransomware data recovery and back our claim with No Data = No Charge.

"If you would like to add any additional information to your case, simply reply to the email you receive or log into the case management system."

Callow said Emsisoft did not wish to make any comment as to what exactly Fast Data Recovery was doing.

The chief technology officer of Emsisoft, Fabian Wosar, commented: "Since emerging in 2016, Dharma has been reverse engineered to death by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it would almost certainly have been discovered a long time ago.

"To break Dharma within any of our lifetimes without having discovered a flaw would require access to a quantum computer that is capable of running Shor’s algorithm.

"The highest number ever factorised using said algorithm and quantum computers is 21, which is just short of the 307 digits that would be required to break Dharma.

"So either they (Fast Data Recovery) have access to a quantum computer that is far beyond even our wildest dreams, have found a flaw that literally thousands of researchers and cryptographers missed, or have an arrangement with the ransomware author to pay ransoms, possibly with a discount or referral bonus in place.”

Callow sent iTWire a copy of the ransom note and said another copy had been sent to Fast Data Recovery along with the encrypted file. The note reads: "all your data has been locked us. You want to return? write email [email protected] or [email protected]".

"You’ll see that the note does not specify the amount of the ransom," Callow said. "To find that out, you need to contact the ransomware developer. Dharma demands we’ve previously seen range from to US$2500 to to more than US$100,000. This gives rise to an obvious question: how did Fast Data Recovery know how much to charge?"

Fast Data Recovery is based at 77 King Street, Sydney; Callow said the company was advertising its services in the US, Canada and Europe.

iTWire has contacted Fast Data Recovery for its side of the story. The company had no dedicated media contacts and only a generic email address is available for communication.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments