Brett Callow, an Emsisoft researcher, has discovered that the Australian data recovery firm Fast Data Recovery is wrongly claiming to be able to decrypt the Dharma ransomware. Dharma is notorious because it is more or less impossible to recover data after an infection has occurred.
There is no known method for unlocking data affected by the Dharma ransomware. Bill Siegel, executive at data recovery firm Coveware, states that Fast Data Recovery actually implies that “…they have tools and computing power beyond that of the NSA. If this was the case, they would sell their technology for millions, if not billions, rather than using it to help small businesses.”
Brett Callow used his wife’s business email for the discovery. He contacted Fast Data Recovery, and asked if it was possible to break Dharma encryption. The answer was an auto-reply, after which Callow sent another mail. Callow received the answer that there was a very high probability that Fast Data Recovery would be able to reverse-engineer the encryption. However, this is widely seen as impossible in the case of the Dharma-ransomware.
Emsisoft CTO Fabian Wosar says: “Since emerging in 2016, Dharma has been reverse engineered to death by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it would almost certainly have been discovered a long time ago.”
According to The Register, these types of claims by data recovery companies is a symptom of a bigger problem, where companies pretend to be able to recover files that have been encrypted by ransomware. However, what actually happens is that these companies secretly just pay the ransom money to cyber criminals, but make a profit by then receiving payment from their customers. So, the only thing that actually happens is that more money is lost, both to the cyber criminals in question and to the false data recovery company.