Scottish service provider Red Mosquito – registered to Neil Rowney, Derek Smith, and Andrew Stark – was found to be running a side business in which they “decrypted” ransomware by contacting the ransomware author and negotiating a price for the scrambled files, then charging the customer an exorbitant amount for the “decryption.”
The scam was uncovered by researchers at Emisoft, who posed as both a ransomware victim and the ransomware author. Red Mosquito contacted the fictitious ransomware author and negotiated the price of decryption down to $900, then contacted the equally fictitious victim and cited a fee of $3950 for the decryption. Barrister Tim Forte, who practices criminal law, confirmed that the behavior is criminal conduct.
This is a good reminder that if you are utilizing the services of a technology company to decrypt files for you, make sure that they are willing to be transparent about the process that they use.