For about three years, some hackers were carrying out ransomware attacks (SamSam) and had managed to shut down computer networks all over North America and the United Kingdom. The hackers had targeted many companies in different locations (Atlanta, Newark, San Diego, Los Angeles) and caused damage over 30 million dollars. Among other things, they caused problems in the Atlanta water service and delayed medical appointments and treatments for patients, stealing their electronic records. In return they asked for money. The hackers managed to get about 6 million dollars from these attacks.
In the attack on Newark, hackers had given 7 days to give them ransom to BitCoin. They even threatened that if the 7 days passed, they would remove private keys, and city companies would never regain their records.
Last November, then Deputy Attorney General Rod Rosenstein had said there were two defendants for the attacks, of Iranian origin. The hackers had attacked public health organizations and caused problems in medical appointments and patient therapies. "They knew that shutting down these systems could cause significant harm to innocent victims," Rosenstein said.
Then, the FBI had stated that US law enforcement agencies had not detected hackers. However, it seems like a company, the Proven Data Recovery of Elmsford, in New York, paid ransom to SamSam hackers for about a year to help the victims regain control of their systems.
ProPublica has been able to detect four of the payments made by Proven Data. The company (Proven Data) transferred the amounts to the addresses that were managed by the companies Iranians hackers. Later, the US Treasury banned the possibility of trading so that no money was re-paid.
Proven Data told its customers that they could help them regain control of their systems using the "latest technology". In reality, however, he paid the ransom to the attackers and they gave her the tools to unlock the stolen records.
Of course, to help customers, the company was asking for large sums of money. Also, her employees use nicknames when communicating with the victims.
Many individuals and businesses resort to such companies because they think they have no choice. On the one hand, the authorities can not control the attacks, and on the other they do not want to pay the ransom, believing that they can reinforce the hackers. They do not know, of course, that the companies they trust just use this method.
However, there are other companies, such as Coveware, who say openly that they can help the victims by paying ransom. In fact, they help people who want to pay hackers but they do not know exactly how to do it or do not want to get in direct contact with the attackers. Coveware is trying to prevent them attacks collecting information and informing law enforcement agencies.
Companies like Proven Data do not do anything illegal. But the fact that they do not inform customers about the tactics they follow but instead tells them that they are recovering the files with pioneering methods without having to give the money to the attacker is certainly immoral.
Proven Data says it does not agree with obedience to attackers' demands, as this could reinforce criminal activities. "Paying the ransom is the last choice when there is no other solution."
However, Proven Data CEO Victor Congionti admitted that ransom payment is a common process in Proven Data. "Our mission is to ensure customer protection and file recovery and hackers are not paid more than the minimum required to serve our customers," he said.
Congionti said the company paid hackers to help customers, since in some cases the cases were very serious. The records had to be recovered immediately because the lives of many people were at risk. However, he said the company did not know that the hackers were Iranians, and that once he learned it, he stopped making payments.
Congionti said the company had told customers that they would use all the necessary means to recover data. This could include the ransom payment, although it was not always clear to some customers. However, he later informed all customers of the tactics he followed and from now on he informed them from the beginning if he wanted to do so.
"It's easy to say no one has to pay ransom to a ransomware attack, because such payments encourage future attacks," he said. "But it's much harder to say this when your data is stolen and your company's future and all your employees are at risk. It's a classic moral dilemma, "he said.