In a detailed report, ProPublica said the ransomware in question was known as SamSam and it had caused about US$30 million in damages across North America and the UK. Among the victims were the cities of Atlanta and Newark, New Jersey, the Port of San Diego and the Hollywood Presbyterian Medical Centre in Los Angeles.
It said one company, New York-based Proven Data, had regularly made payments to the attackers behind SamSam, and said a former employee, Jonathan Storfer.
Proven Data had claimed that it would unlock data encrypted by ransomware using the "latest technology".
The second company accused of similar activities was MonsterCloud which is based in Florida. This firm, is is alleged, "also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies".
But there were other firms, such Covewire, which is based in Connecticut, which openly told clients that it would recover the data by making the ransom payment. The help it offered covered dealing in bitcoin and also handling communications with the attackers.
Proven Data chief executive Victor Congionti admitted that paying attackers was part of his company's standard procedure. MonsterCloud chief executive Zohar Pinhasi said his company’s data recovery solutions changed from case to case.
iTWire has contacted Proven Data and MonsterCloud for their take on the issue.