Security Market Segment LS
Tuesday, 12 November 2019 11:07

Aust firm promises data decryption after Dharma ransomware attack Featured

Aust firm promises data decryption after Dharma ransomware attack Pixabay

Australia data firm Fast Data Recovery reportedly offered to decrypt files that had been encrypted by the Dharma ransomware for a fee of $9650, a security professional claims.

Brett Callow, a researcher with security company Emsisoft, said his wife had posed as someone who had been hit by the Dharma ransomware and asked Fast Data Recovery to help recover the data. "We did it this way because we know from past experience that data recovery firms may not reply unless they can establish the victim is real. This is likely to minimise the chance of being caught by a sting operation. As my wife runs a small business, the query would appear to be legitimate were they to look her up," he explained.

Callow said he had sent the company a file encrypted by Dharma and made it clear that he did not wish to pay the ransom.

"The company claimed it would be able to 'reverse engineer the ransomware decryption key' for a fee of US$6879/A$9650," he said.

"Unless you have access to a quantum computer more advanced than any machine known to have been built, it’s simply not possible to 'reverse engineer the ransomware decryption key'.

"Dharma uses perfectly implemented RSA-1024 and the key needed to decrypt a victim’s files can only be created by the criminal or someone with access to the criminal’s private key."

The full response from Fast Data Recovery was:

"Thank you for contacting Fast Data Recovery - The Ransomware Recovery Experts

"Please note FREE evaluation can take up to 10 days and its dependable on our workload and its treated as a non-priority.

"If this is an Emergency/URGENT please contact us or reply back to this email to use our Priority Evaluation Service for fast turnaround (4-24 hours) OR 1 HOUR quote for Dharma / Crysis Ransomware

"Dharma ransomware will have the following extensions at the end of your files (COMBO, BIP, GAMMA, JAVA, BRRR, HEETS, ETC, BTC, 888, ADOBE, GAMMA, Phobos). Click here for a full list of Dharma Ransomware,.

"Our Priority Evaluation service cost $350AUD for most for most type of infections with the exception to Dharma and Gandcrab infections.

"Dharma / Gandcrab Priority evaluation cost $175 AUD Please note the cost of Priority evaluation will be deducted from the cost of recovery and in the unlikely chance we are unable to work with your encryption, a full refund will be issued.

"We have a proven track record of 100% ransomware data recovery and back our claim with No Data = No Charge.

"If you would like to add any additional information to your case, simply reply to the email you receive or log into the case management system."

Callow said Emsisoft did not wish to make any comment as to what exactly Fast Data Recovery was doing.

The chief technology officer of Emsisoft, Fabian Wosar, commented: "Since emerging in 2016, Dharma has been reverse engineered to death by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it would almost certainly have been discovered a long time ago.

"To break Dharma within any of our lifetimes without having discovered a flaw would require access to a quantum computer that is capable of running Shor’s algorithm.

"The highest number ever factorised using said algorithm and quantum computers is 21, which is just short of the 307 digits that would be required to break Dharma.

"So either they (Fast Data Recovery) have access to a quantum computer that is far beyond even our wildest dreams, have found a flaw that literally thousands of researchers and cryptographers missed, or have an arrangement with the ransomware author to pay ransoms, possibly with a discount or referral bonus in place.”

Callow sent iTWire a copy of the ransom note and said another copy had been sent to Fast Data Recovery along with the encrypted file. The note reads: "all your data has been locked us. You want to return? write email or".

"You’ll see that the note does not specify the amount of the ransom," Callow said. "To find that out, you need to contact the ransomware developer. Dharma demands we’ve previously seen range from to US$2500 to to more than US$100,000. This gives rise to an obvious question: how did Fast Data Recovery know how much to charge?"

Fast Data Recovery is based at 77 King Street, Sydney; Callow said the company was advertising its services in the US, Canada and Europe.

iTWire has contacted Fast Data Recovery for its side of the story. The company had no dedicated media contacts and only a generic email address is available for communication.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News