Grifty "information security" companies promised they could decrypt ransomware-locked computers, but they were just quietly paying the ransoms

Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks that pretend to be ransomware).

The boom in ransomware infections is also a boom for companies that provide services to the infected. A lot of these companies are in the business of taking your money, sending some Bitcoin to your attackers, then holding your hand as you use the codes the attackers provide to get your files back (assuming the malware performs according to spec and that the ransomware attackers don't just run off with your dough).

But not everyone wants to pay ransom! There are ethical and political reasons to avoid paying ransom, and the more money ransomware attracts, the more clever programmers will throw themselves at the project of making ransomware even more virulent and widespread.

Some companies advertised that they could decrypt your locked-up files without paying the ransom, using proprietary methods they'd developed in house to undo the attackers' encryption. This isn't outside the realm of possibility (programmers make mistakes) but it's still a bit of a stretch (well-implemented encryption is extremely robust).

Propublica's Renee Dudley and Jeff Kao provide a deep investigative look at two of these "don't pay ransom" companies, Proven Data and MonsterCloud, and reveal that these companies made false representations and had no ability to decrypt their customers' files. Read the rest