Not all ransomware distributors have an unscrupulous intent, it seems.
Earlier this month, a small business owner with the alias “SwervinErvin” was granted a free decryption key to a ransomware infection his company’s computers were affected by.
On a forum, SwervinErvin revealed that a ransomware distributor who goes by the email [email protected] provided free decryption key and decoder to him and his businesses after the distributor found out that the firm of SwervinErvin is dedicated in helping children in need.
The action of the ransomware distributor came as a surprise to the members of the forum as the ransomware itself was based on a sophisticated cryptography built on top of public RSA-2048 key generated for a specific type of computer. In other words, a solution except receiving a decryption key and a decoder from the distributor is non-existent.
Normally, individuals or organizations that are infected by ransomware are required to pay a ransom online to ensure that their files stay safe. Many ransomware developers integrate time limits or timeouts to pressure individuals to pay for the decryption key. Some of the timeout methods include self destruction of decryption key, deletion of crucial user data or permanent disallowance of access to a device after a certain period of time passes.
One primary reason behind the integration of these timeout methods is to force individuals in complying with the ransomware distributor without providing anyone with other solutions apart from paying the full ransom. There exists other types of ransomware which grant people decryption keys if they successfully encrypt others with the ransomware but the end goal is identical to other timeout method-based ransomware.
However, there also are several developers who distribute ransomware to make earnings in order to help people in need. Out of empathy, these developers also provide decryption to those that are helping individuals or organizations in urgent necessity of assistance, such as SwervinErvin’s business of taking care of children.
“I was infected by these guys. I reached out to them to retrieve my files and for the first time ever, they looked up my company and found out I help kids. They gave me the decrypt key and decoder for free,” said SwervinErvin.
Previously, in December of 2016, DeepDotWeb covered a similar story about a ransomware developer behind a revolutionary software called Popcorn time, which is designed to infect more people by encouraging individuals to encrypt two other individuals to receive a free decryption key.
While the Syrian hackers behind Popcorn TIme also used a timeout method which permanently lock user computers in exactly 7 days, the group told individuals that funds obtained from the ransomware attack will be used in helping Syrian residents by supplying food, medicine and shelter.
“We know that we forced you to pay, but be sure that the payment was for a good cause. The money you gave will be used for medicine, food and shelter to those in need,” the group noted.