Every 14 seconds, a new business is targeted by ransomware — a virus that holds its software systems or data hostage until a ransom is paid for their safe return.
Once businesses are hit, they have 2 options: Pay hackers to return the data, or pay ransom-busting startups to recover it.
But, according to a new ProPublica report, those 2 options are often the same: Most “high-tech” data recovery startups merely pay the hackers behind the scenes — and then pocket the extra fees.
The ransomware recovery industry is living a lie
The business model is simple: Ransomware recovery companies charge their clients fees that are far higher than the ransom amounts, so they make money no matter what.
Some firms are upfront about the fact that they negotiate with hackers — sharing data with law enforcement agencies and security researchers to prevent future thefts — but most intentionally obscure their payouts.
Financially, this system works. But morally…?
Since paying ransoms is acceptable by the letter of the law, there’s nothing illegal about negotiating with hackers.
But paying ransoms perpetuates the extortion industry: Cyberattackers who routinely collect $6m or more from secretive “data recovery” companies have every incentive to continue ransoming their way to riches.
Even more problematically, much of the ransom money ends up in the coffers of international terror groups and crime syndicates.
From ransoms to riches
Hackers and their handmaidens in the data recovery biz both benefit from ransomware, so it’s unlikely that shady solution-providers will disappear until regulators require more disclosure.
In many cases, hackers even treat data recovery firms like partners by offering discounts or deadline extensions to encourage continued cooperation (who says hackers aren’t professional?!).
Meanwhile, ransomware rates continue to rise for businesses: Ransomware attacks have increased 97% in the past 2 years, and ransomware now costs businesses $75B a year.