{"id":27469,"date":"2019-06-24T21:44:51","date_gmt":"2019-06-24T21:44:51","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/"},"modified":"2019-06-24T21:44:51","modified_gmt":"2019-06-24T21:44:51","slug":"biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/","title":{"rendered":"Biz tells ransomware victims it can decrypt their files&#8230; by secretly paying off the crooks and banking a fat margin"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/05\/04\/blackmail.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A Scottish managed services provider is running a lucrative sideline in ransomware decryption \u2013 however, a sting operation by a security firm appears to show that \u201cdecryption\u201d merely means paying off the malware&#8217;s masterminds.<\/p>\n<p>The services provider, Red Mosquito (tagline: \u201cYour IT Department\u201d), advertises itself as doing \u201call the technical stuff, properly, allowing you to concentrate on your business.\u201d<\/p>\n<p>Some probing by researchers at infosec outfit Emsisoft, however, cast Red Mosquito\u2019s activities in a different light. By setting up two email accounts and using them to pose as both a ransomware author and a victim of ransomware, Emsisoft said it discovered that Red Mosquito\u2019s RM Data Recovery (<a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.rm-ransomwarerecovery.com\/about-us\">RMDR<\/a>) offshoot appears to be negotiating discounts with ransomware-slinging crooks to unlock scrambled files before charging the victims thousands in decryption fees.<\/p>\n<p>Barrister Tim Forte opined to <em>The Register<\/em> that entering a payoff agreement with a ransomware author could be seen as facilitating blackmail, explaining that it would be \u201cnothing more than an agreement that between them, the author and RMDR, they would continue to seek monies from the victim, with the threat that, absent payment, the data would not be disinfected, released, or decrypted.\u201d<\/p>\n<p>\u201cBy their apparent agreement with the author, RMDR are, at least arguably, agreeing on that criminal course of conduct, with a view to obtaining a share of the illicit profits,\u201d Forte, who practises criminal law at 3 Temple Garden chambers in London, added. He also said that as well as blackmail, ransomware authors would be committing criminal offences under the UK&#8217;s Computer Misuse Act 1990.<\/p>\n<p>Emsisoft CTO Fabian Wosar told <em>El Reg<\/em>: &#8220;Ransomware incident response companies can provide a very valuable service and help minimize downtime and costs, but you should choose carefully and ensure the company is entirely transparent upfront as to how they restore your files and provide a complete breakdown of the costs involved.&#8221;<\/p>\n<p>Red Mosquito did not respond to multiple emailed and telephoned requests for comment. A phone operative told <em>El Reg<\/em> that if senior management weren\u2019t responding, they probably weren\u2019t interested.<\/p>\n<h3 class=\"crosshead\"><span>Baiting the trap<\/span><\/h3>\n<p>Emsisoft set up two throwaway email inboxes. One posed as the ransomware author. The firm created some junk files that, they explained, would pass superficial inspection by a human as encrypted data even though they were not encrypted and contained nothing but random bytes.<\/p>\n<p>\u201cTo be 100% clear here,\u201d Wosar told us, \u201cit is impossible to decrypt the files I provided to the data recovery company at all, because they contain nothing that could be decrypted to begin with. Reason for that is so they don\u2019t try to weasel their way out of it by saying they did find a flaw or that they have a magic decryption tool that only they have that could decrypt it.\u201d<\/p>\n<p>Emsisoft then dressed up these files to appear as though they were scrambled by ransomware made by a fictitious gang called Team Gotcha!, and did some light social media and Google astroturfing to make the fake Gotcha! ransomware outfit look real. Emsisoft also put contact details for their fake ransomware developer persona in the ransom note. Having emailed the files and the note to RMDR as a victim seeking help, they then sat back and waited.<\/p>\n<h3 class=\"crosshead\"><span>Ping<\/span><\/h3>\n<p>Sure enough, their fake victim email address got a reply from RMDR promising action. Very shortly afterwards, someone using a Protonmail account \u2013 tony7877@protonmail.com \u2013 contacted the ransomware author.<\/p>\n<p>\u201cHow much for decrypt?\u201d asked the one-line email.<\/p>\n<p>\u201c$1200 in Bitcoin. You pay, we provide key and decriptor <em>[sic]<\/em> to recover data\u201d replied Emsisoft. After some negotiation, to keep it looking real, Emsisoft dropped the price of their fake ransomware decryption to $900.<\/p>\n<p>Meanwhile, RMDR had contacted the victim again. Someone using the name Conor Lairg replied by email, seen by <em>The Register<\/em>:<\/p>\n<p>Red Mosquito\u2019s email also asked the victim to install Teamviewer, a IT support tool that allows a remote user to take full control of a target machine with the user\u2019s consent.<\/p>\n<p>At the time that <em>El Reg<\/em> began investigating this, the RM Data Recovery website said, on its <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.rm-ransomwarerecovery.com\/faq\">FAQ<\/a> page, that customers could \u201cschedule a secure remote session onto a computer with access to the data\u201d in order to carry out the decryption process. RMDR&#8217;s FAQ also noted:<\/p>\n<blockquote class=\"centredquote\" readability=\"8\">\n<p>We do not recommend dealing with the &#8216;hacker&#8217; directly&nbsp;(see advice on our&nbsp;home&nbsp;page). In many cases, paying the ransom may be&nbsp;the only&nbsp;option to get your data recovered and it is best to get an experienced consultant to assist with this process.<\/p>\n<\/blockquote>\n<p>That same page even provides a link to an <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.reviews.co.uk\/company-reviews\/store\/red-mosquito-ltd\">online reviews website<\/a> full of comments from RMDR customers apparently unaware that RM Data Recovery Ltd was charging whopping great markups on the prices it paid blackmailers to unlock encrypted files.<\/p>\n<p>One reviewer was not so convinced, though. &#8220;Chisel&#8221; wondered: \u201cBut I have to say in all fairness that the cost of about $5000 for approx two hours work (remotely) left me wondering if we were taken advantage of. That&#8217;s $2500 an hour. I&#8217;m grateful that the files are back but at a huge cost.\u201d<\/p>\n<h3 class=\"crosshead\"><span>Cha-ching!<\/span><\/h3>\n<p>Red Mosquito\u2019s \u201cdata recovery\u201d business appears to be lucrative. In accounts for fiscal year 2017, RM Data Recovery Ltd had more than \u00a3300,000 in the bank, according to Companies House records \u2013 several orders of magnitude higher than the \u00a3300 in the previous year.<\/p>\n<p>In contrast Red Mosquito Ltd had a relatively measly \u00a3100,000 in its coffers for FY2017. Both limited companies are small enough to benefit from accounting exemptions, meaning details of their revenues and profits are not required to be reported, though RM Data Recovery\u2019s reported net assets of \u00a3283k compared very favourably with the MSP business\u2019 net worth of just \u00a315k.<\/p>\n<p>Red Mosquito Ltd and RM Data Recovery Ltd share the same directors: Neil Rowney, Derek Smith, and Andrew Stark. Both firms are registered to the same business address in Panorama Business Village, Glasgow.<\/p>\n<p>Next time you consider engaging a third-party decryption service, it&#8217;s worth bearing this yarn in mind. Emsisoft&#8217;s Wosar mused: \u201cUsing a data recovery service to recover from ransomware is a bit like buying a car. It can help to bring someone experienced along to help with the negotiation, but you want that person to be a trustworthy relative, not a <span class=\"strike\">twat waffle<\/span> shyster who\u2019ll get you to pay more than necessary and split the difference with the salesman.\u201d \u00ae<\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2019\/06\/24\/red_mosquito_rm_data_recovery_ransomware\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s all in a lucrative day&#8217;s work for Red Mosquito A Scottish managed services provider is running a lucrative sideline in ransomware decryption \u2013 however, a sting operation by a security firm appears to show that \u201cdecryption\u201d merely means paying off the malware&#8217;s masterminds.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27470,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-27469","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-24T21:44:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"648\" \/>\n\t<meta property=\"og:image:height\" content=\"429\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Biz tells ransomware victims it can decrypt their files&#8230; by secretly paying off the crooks and banking a fat margin\",\"datePublished\":\"2019-06-24T21:44:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/\"},\"wordCount\":1092,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/\",\"name\":\"Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg\",\"datePublished\":\"2019-06-24T21:44:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg\",\"width\":648,\"height\":429},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Biz tells ransomware victims it can decrypt their files&#8230; by secretly paying off the crooks and banking a fat margin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/","og_locale":"en_US","og_type":"article","og_title":"Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-06-24T21:44:51+00:00","og_image":[{"width":648,"height":429,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Biz tells ransomware victims it can decrypt their files&#8230; by secretly paying off the crooks and banking a fat margin","datePublished":"2019-06-24T21:44:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/"},"wordCount":1092,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/","url":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/","name":"Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg","datePublished":"2019-06-24T21:44:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin.jpg","width":648,"height":429},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/biz-tells-ransomware-victims-it-can-decrypt-their-files-by-secretly-paying-off-the-crooks-and-banking-a-fat-margin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Biz tells ransomware victims it can decrypt their files&#8230; by secretly paying off the crooks and banking a fat margin"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27469"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27469\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27470"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}