Security Market Segment LS
  2. Home
  3. Business IT
  4. Security
  5. Aust firm promises data decryption after Dharma ransomware attack
Tuesday, 12 November 2019 11:07

Aust firm promises data decryption after Dharma ransomware attack Featured

By
Aust firm promises data decryption after Dharma ransomware attack Pixabay

Australia data firm Fast Data Recovery reportedly offered to decrypt files that had been encrypted by the Dharma ransomware for a fee of $9650, a security professional claims.

Brett Callow, a researcher with security company Emsisoft, said his wife had posed as someone who had been hit by the Dharma ransomware and asked Fast Data Recovery to help recover the data. "We did it this way because we know from past experience that data recovery firms may not reply unless they can establish the victim is real. This is likely to minimise the chance of being caught by a sting operation. As my wife runs a small business, the query would appear to be legitimate were they to look her up," he explained.

Callow said he had sent the company a file encrypted by Dharma and made it clear that he did not wish to pay the ransom.

"The company claimed it would be able to 'reverse engineer the ransomware decryption key' for a fee of US$6879/A$9650," he said.
"Unless you have access to a quantum computer more advanced than any machine known to have been built, it’s simply not possible to 'reverse engineer the ransomware decryption key'.

"Dharma uses perfectly implemented RSA-1024 and the key needed to decrypt a victim’s files can only be created by the criminal or someone with access to the criminal’s private key."

The full response from Fast Data Recovery was:

"Thank you for contacting Fast Data Recovery - The Ransomware Recovery Experts

"Please note FREE evaluation can take up to 10 days and its dependable on our workload and its treated as a non-priority.

"If this is an Emergency/URGENT please contact us or reply back to this email to use our Priority Evaluation Service for fast turnaround (4-24 hours) OR 1 HOUR quote for Dharma / Crysis Ransomware

"Dharma ransomware will have the following extensions at the end of your files (COMBO, BIP, GAMMA, JAVA, BRRR, HEETS, ETC, BTC, 888, ADOBE, GAMMA, Phobos). Click here for a full list of Dharma Ransomware,.

"Our Priority Evaluation service cost $350AUD for most for most type of infections with the exception to Dharma and Gandcrab infections.

"Dharma / Gandcrab Priority evaluation cost $175 AUD Please note the cost of Priority evaluation will be deducted from the cost of recovery and in the unlikely chance we are unable to work with your encryption, a full refund will be issued.

"We have a proven track record of 100% ransomware data recovery and back our claim with No Data = No Charge.

"If you would like to add any additional information to your case, simply reply to the email you receive or log into the case management system."

Callow said Emsisoft did not wish to make any comment as to what exactly Fast Data Recovery was doing.

The chief technology officer of Emsisoft, Fabian Wosar, commented: "Since emerging in 2016, Dharma has been reverse engineered to death by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it would almost certainly have been discovered a long time ago.

"To break Dharma within any of our lifetimes without having discovered a flaw would require access to a quantum computer that is capable of running Shor’s algorithm.

"The highest number ever factorised using said algorithm and quantum computers is 21, which is just short of the 307 digits that would be required to break Dharma.

"So either they (Fast Data Recovery) have access to a quantum computer that is far beyond even our wildest dreams, have found a flaw that literally thousands of researchers and cryptographers missed, or have an arrangement with the ransomware author to pay ransoms, possibly with a discount or referral bonus in place.”

Callow sent iTWire a copy of the ransom note and said another copy had been sent to Fast Data Recovery along with the encrypted file. The note reads: "all your data has been locked us. You want to return? write email admin@stex777.com or admin@stex777.xyz".

"You’ll see that the note does not specify the amount of the ransom," Callow said. "To find that out, you need to contact the ransomware developer. Dharma demands we’ve previously seen range from to US$2500 to to more than US$100,000. This gives rise to an obvious question: how did Fast Data Recovery know how much to charge?"

Fast Data Recovery is based at 77 King Street, Sydney; Callow said the company was advertising its services in the US, Canada and Europe.

iTWire has contacted Fast Data Recovery for its side of the story. The company had no dedicated media contacts and only a generic email address is available for communication.

Read 2886 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Latest from Sam Varghese

Related items

More in this category: « Bootcamps to focus on challenges posed by regional cyber security Payment security compliance in decline, says Verizon »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments