Security Market Segment LS
Tuesday, 12 November 2019 11:07

Aust firm promises data decryption after Dharma ransomware attack Featured

Aust firm promises data decryption after Dharma ransomware attack Pixabay

Australia data firm Fast Data Recovery reportedly offered to decrypt files that had been encrypted by the Dharma ransomware for a fee of $9650, a security professional claims.

Brett Callow, a researcher with security company Emsisoft, said his wife had posed as someone who had been hit by the Dharma ransomware and asked Fast Data Recovery to help recover the data. "We did it this way because we know from past experience that data recovery firms may not reply unless they can establish the victim is real. This is likely to minimise the chance of being caught by a sting operation. As my wife runs a small business, the query would appear to be legitimate were they to look her up," he explained.

Callow said he had sent the company a file encrypted by Dharma and made it clear that he did not wish to pay the ransom.

"The company claimed it would be able to 'reverse engineer the ransomware decryption key' for a fee of US$6879/A$9650," he said.

"Unless you have access to a quantum computer more advanced than any machine known to have been built, it’s simply not possible to 'reverse engineer the ransomware decryption key'.

"Dharma uses perfectly implemented RSA-1024 and the key needed to decrypt a victim’s files can only be created by the criminal or someone with access to the criminal’s private key."

The full response from Fast Data Recovery was:

"Thank you for contacting Fast Data Recovery - The Ransomware Recovery Experts

"Please note FREE evaluation can take up to 10 days and its dependable on our workload and its treated as a non-priority.

"If this is an Emergency/URGENT please contact us or reply back to this email to use our Priority Evaluation Service for fast turnaround (4-24 hours) OR 1 HOUR quote for Dharma / Crysis Ransomware

"Dharma ransomware will have the following extensions at the end of your files (COMBO, BIP, GAMMA, JAVA, BRRR, HEETS, ETC, BTC, 888, ADOBE, GAMMA, Phobos). Click here for a full list of Dharma Ransomware,.

"Our Priority Evaluation service cost $350AUD for most for most type of infections with the exception to Dharma and Gandcrab infections.

"Dharma / Gandcrab Priority evaluation cost $175 AUD Please note the cost of Priority evaluation will be deducted from the cost of recovery and in the unlikely chance we are unable to work with your encryption, a full refund will be issued.

"We have a proven track record of 100% ransomware data recovery and back our claim with No Data = No Charge.

"If you would like to add any additional information to your case, simply reply to the email you receive or log into the case management system."

Callow said Emsisoft did not wish to make any comment as to what exactly Fast Data Recovery was doing.

The chief technology officer of Emsisoft, Fabian Wosar, commented: "Since emerging in 2016, Dharma has been reverse engineered to death by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it would almost certainly have been discovered a long time ago.

"To break Dharma within any of our lifetimes without having discovered a flaw would require access to a quantum computer that is capable of running Shor’s algorithm.

"The highest number ever factorised using said algorithm and quantum computers is 21, which is just short of the 307 digits that would be required to break Dharma.

"So either they (Fast Data Recovery) have access to a quantum computer that is far beyond even our wildest dreams, have found a flaw that literally thousands of researchers and cryptographers missed, or have an arrangement with the ransomware author to pay ransoms, possibly with a discount or referral bonus in place.”

Callow sent iTWire a copy of the ransom note and said another copy had been sent to Fast Data Recovery along with the encrypted file. The note reads: "all your data has been locked us. You want to return? write email or".

"You’ll see that the note does not specify the amount of the ransom," Callow said. "To find that out, you need to contact the ransomware developer. Dharma demands we’ve previously seen range from to US$2500 to to more than US$100,000. This gives rise to an obvious question: how did Fast Data Recovery know how much to charge?"

Fast Data Recovery is based at 77 King Street, Sydney; Callow said the company was advertising its services in the US, Canada and Europe.

iTWire has contacted Fast Data Recovery for its side of the story. The company had no dedicated media contacts and only a generic email address is available for communication.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments