#THE DECRYPTION OF MUTUAL FUNDS | Explore Tumblr Posts and Blogs

evien-stark · 4 years

Text

✧I Need You✧ Chapter 68

Before you could actually leave, you had about a million phone calls to get to. General inquiries from the press, thankfully, took up the bulk. Those were shelved. For now. You’d get back to the media, and the world at large, to explain what had happened only when you had this Melter guy in handcuffs. Couldn’t address your failures yet without a triumph to back them up. It was only fair. They would understand. ...or continue circulating ugly headlines until you came through with something. But that was fine. Let them talk and gossip for now. They’d be the ones who would apologize in the end.

The only other calls that mattered were the ones from your teammates. Asking what the hell had happened. Asking if you needed their help. And since this was a bit of a contained and potentially personal issue, you told Steve and Nat and Clint and, yes, even Fury, that you and Tony were handling this. They needn’t get involved. And that was the way it needed to stay.

Last order of business was making sure Dvahli was looked after. You and Tony didn’t plan on being gone for very long. Only long enough to fix Rhodey up and then go apprehend the man who’d banked his future on ruining yours, a poor mistake to make. So. It shouldn’t take too long. Pepper was too busy running around. So instead, you dropped her in the lab with Bruce.

“Oh- I don’t… know about this…” He held her at arm’s length, like she’d grow a second head or open her mouth up to swallow him whole. “I’m not so good with… little fuzzy things…”

You gave him a pat on the shoulder. “You’ll be fine. It’s only for a few days.” Essentially giving him no choice. “She’s great in the lab. Ask Tony.” And, then realizing you hadn’t given him an actual choice, you aimed a pair of big eyes his way, about as big as the round yellow ones Dvahli was sporting at him. “Please?” Not as much of a choice either, but at least it bore the illusion of asking.

He sighed. “Fine. I guess. But only for a couple of days.” You doubted that he’d truly dump her off after an arbitrary time limit, but you thanked him with a hug nonetheless.

Then… it was time to suit up. Suit up and leave. Easy. Right? You thought about asking Tony if you could take the jet to the base Rhodey was stationed on. It would take far too long. The suits were easier. And fixed, now. Fixed for sure. He’d promised and you believed him. That wasn’t really what was wrong. Even if your heart did hammer a little extra now at the thought of all the lights going off again and you just… plummeting to the earth below.

No. No, that wasn’t really what the problem was. You knew it for sure. That was only now an additional problem you were having. But you had to get through it. You couldn’t hold Tony up. Or Rhodey. Or let Melter get any further away than he already was. So you tap-tapped the Heart Reactor, holding your breath like you were being forced underwater as the suit crawled over your skin.

Noisy sounds of battle took over New York below you. And above you the sky turned grey and threatened to open…

“Ready to go?” Tony was already in the air.

Block it out. You just had to block it out and go. Go. Go. With a running start you took a leap off the tower, putting literally all your faith and honing all your attention on him. Because you had no other choice. Breathing felt like a chore, the more you panted. The more constricted the suit felt, the harder it was to focus- the sides of your vision were shaking. This should have been second nature.

“LUNA can you- can you please just lock on to Tony.” You needed a visual. Something to keep your eyes on. Something more. Bright. Flashy. Attention grabbing. So when she zeroed in on him with a bright blue target lock, you counted your blessings all the more. That would do it, for now.

“You alright?” His voice was comforting right next to your ear, even if he was already a mile ahead of you.

“I’ll manage.” About the best you could do. As truthful as you could be. Because you would manage.

You had no other choice.

-------------

It was lucky for the both of you (though more you as anxiety continued to drench you) that Rhodey was not stationed too far away. Mcguire Air Base was in New Jersey. And seemingly full of people who weren’t really your biggest fans. That wasn’t unusual, nor was it something to take personally. Ever since Tony had pulled out of arming the military, the people inside of it had looked at him with a sense of disdain- Rhodey included, at the time when Tony had just pulled out.

But now especially that the two of you seemingly were taking matters of justice and protection into your own hands… well… the looks you were getting as the two of you touched down weren’t the most welcoming. Although not everyone there hated you.

You’d always have Rhodey, at least.

It didn’t help the atmosphere any better when you’d had to shoo everyone off from a cordoned off section of the mess hall. Thankfully it wasn’t during eating hours, but people weren’t taking too kindly to it. Rhodey’s suit had been dragged from the field as it had gone into complete shut down. Now it was laid across a table, Tony working on the inner circuitry to repair the damage first before he could work on the upgrade.

Not helping anything further was your pacing about. You knew it was starting to get on Tony’s nerves. He didn’t have to say anything. You could feel it. The stress of the situation was getting to everyone. Finally, he spoke up. “You got any leads or ideas about this guy yet?”

Of course you didn’t. You hadn’t been doing much of anything to help in that area. “I’ve got nothing- Rhodey did you see his face? Or did he say anything to you that stood out?”

“Yeah.” Rhodey stuck his hands in his jacket pockets. “He seemed pretty pissed at the military.” When you turned to him with an inquisitive look, he continued. “Talked a lot about wasting funds. And had a complete disregard for any sense of life. He went after a gas tanker on the ground just to make a point.”

Perching yourself on the corner of a table not in use, you took out your phone. So. What was currently known about Mr. Melter? He’d designed some sort of knock off Iron Man suit. Tried to use it to not only embarrass you and Tony, but he went after Rhodey- with specifically some nasty words about the armed forces.

It clicked. “Rhodey, do you have a list of all the contracts the military went through when they were hiring guys like Hammer? After Tony pulled?”

There was a bare silence in the room before Rhodey made a noise and Tony looked up, pausing his rewiring. “You had more guys on the bench?”

“Not me. Don’t take it so personally. You left a vacuum, remember? Top brass felt the need to fill it.” Both of them getting a little too defensive over something that didn’t really matter anymore. When you waved your hand he redirected his attention your way. “Uh- yeah- give me a minute on that.” He took a little too long for your liking before finally getting back to you. “Okay. Military intelligence just sent you an encrypted email. I’ll have to get you through security-”

Without looking up this time, Tony barked out, “JARVIS download and decrypt.”

It took literally two seconds for JARVIS to answer. “Done, sir.”

“What are we looking at?” He wasn’t looking, which meant he was talking to you.

Opening the email on your phone you went down the short list- seeing a repeat offended. With heat ray on his drafts. Bingo. “Bruno Horgan.” You read aloud for the class. “Owner of a robotics start-up. Got in line with everyone else knocking on the military’s door for contracts after you left- and after Hammer shit the bed. Couldn’t figure out the logistics of repulsor tech, so he went a different powering route. Except it failed during the demo and melted everything he was wearing. He tried to rework it but the military stopped being interested.”

Not a genius. Just trying to rise out of his own ashes. And doing what with it now? Selling to the biggest black market scum he could find. But only after he demonstrated on all three of you.

“So he put on a show and now he’s sitting back from where?” Rhodey had both hands up. You hoped not in defeat. “I imagine you can’t get a hit on this guy.”

And, since you’d already been searching, you shook your head. “Ghost.”

“Well we better find him.” Tony shut the chest piece of the War Machine armor hard. “Because if someone else with more drive buys this tech, it’s not just gonna be us suffering for it.”

“We will find him.” Trying to soothe his mounting anxiety.

Rhodey shook his head. “Leave it to me. It’s going to take patience to locate this guy. The hard detective work of a military intelligence officer.” At this obvious crowing you and Tony exchanged mutual looks of wry disbelief before aiming them his way. He rolled his eyes at the both of you. “No offense, but the two of you are more of a… fly-by-the-seat-of-your-pants kinda people. Patience is not your strong suit.”

Was that true? You had to wonder. And it was especially interesting, knowing that’s what Rhodey thought of you. But maybe he was more speaking to your and Tony’s efforts as at team. It might have been true… but given that life tended to throw things at you with little room for waiting to react, it wasn’t exactly a fair assessment.

Tony stepped over to him. “Well. Someone’s got a high opinion of themselves. I’m a genius, Rhodey. I can find Horgan before you can find your car keys.”

Getting off the bench, you put a hand on his arm. “Honey. Glass houses… and all that... “

He turned to you. “Look- there’s a time and a place for handbook reading. Rule following. And it might bother him that we don’t-”

Rhodey cut in. “Try never. You always think you know better.”

“Because I do!”

The heat of this moment wasn’t necessarily a product of what was happening. It was many, many things. Compounding. Building to break. Now could not be the moment this team fell apart. You raised both your hands, touching at both their shoulders. “Let’s split up. Rhodey you follow your contacts in the military, and Tony and I will take the more seat of our pants approach and meet somewhere in the middle.”

Both men looked at you, but it was Tony who offered his hand out for a shake to Rhodey first. “Okay. Friendly wager.”

And Rhodey, grinning, shook it. “Whichever one of us doesn’t find Horgan has to polish the other’s suit. By hand.”

“Limber up your polishing arm, pal.” The two of them staring each other down.

With a hard roll of your eyes, this time, you turned away from the both of them with a more than dramatic sigh. And even even more dramatic, world-weary sound as you exclaimed your distaste. “Ugh. Men.”

------

You weren’t sure you were expecting a lot to come out of Rhodey’s more nuanced approach of rule following and climbing the chain of command until someone decided to grace him with answers. Not that you didn’t love him, or respect his approach to things but… sometimes one needed to get their hands dirty. And do things they weren’t really supposed to. Or things that were legal.

Which JARVIS reminded the two of you of, as you were back in the Tower penthouse, trying to chase leads that needed a little more finessing. “Is it illegal to hack into the email accounts of suspected organized crime figures?” The best place to start, right? Clearly Melter was going for a more local clientele.

You could practically hear JARVIS sighing. “Under the laws of-”

Tony was poised over you as you sat on the couch, leaning on from the back, arms around your sides, fingertips on your laptop keys. Working. Breaking things. It took him a single moment to give you what needed. “Don’t worry about it, I just did it.” Pressing a kiss to the top of your head, leaving you after to go through your newly found data.

It took you more than a little while to try and pick through what leads you could. Horgan had been in contact with some of the people on this list, though not all of them. But he was impossible to trace. Giving phone numbers out to burner phones he was dumping immediately after. Hours of work ended up in very little leads. Which was more than frustrating.

Something Tony appreciated, as he’d left and come back. “Menacing the local menaces?” You had an idea that he may have been up to something like that. Which was why you hadn’t said anything when he’d left. You might have talked him out of it.

“No one wanted to talk for money. Strange. Considering. And I’m not about to draw fire over this. Aliens attacking the city is one thing. Dozens of thugs showing up on my property for the next ten years is another.” He was mostly joking. ...you were pretty sure, at least. But it was nice to know he wasn’t firing on unsuspecting people- criminals although they may have been.

The elevator doors opened, greeting you to a very annoyed looking Rhodey. Guessing why, you announced, “So we have nothing.”

“Glad to hear it.” He sounded anything but.

Tony opened up a few holographic air panels, scattering light and information everywhere. Wherever he could put his hands on it. He didn’t even look up at Rhodey, though he did address him. “I assume you’re here because your careful detective work got you nowhere?”

“One dead end after another. How’s flying by the seat of your pants going?”

“It’s giving me a pain in the seat of my pants.” Pointedly looking at him, finally.

You let out a deep breath. “Horgan’s communicating with potential buyers through disposable cell phones. He might be stupid, but he’s smart.”

Tony huffed out an amused sound. “Yeah. Well. One of the buyers told me he heard a sound in the background during their call. Like industrial machinery. But. It could be anything.”

“You get anything? Even something small?” Resting your head on the arm of the couch as you looked up at Rhodey.

“I traced the supplies he ordered. But they all went to a rented office where temp workers put them in cars provided by Horgan. After which those cars conveniently seem to disappear off the face of the earth. It’s not that I have nothing, I’ve got too much. He’s hiding in the busiest city in the world. It’s like looking for a needle in a haystack.” Letting his frustrations get to him, uptick in anger not hard to notice.

Getting up from your spot, you went over to the both of them, side stepping Tony to pull the city map. “Not completely. We can pull hot spots- based off his flight trajectory. Off um…” Getting shy very suddenly. There was only one way to get information like that.

And Mr. Rules was in the room. So… Tony grinned. “Based on security cameras. She means. Sure. We can rule some areas out.” He waved his hand, bringing up some feeds. It seemed like he’d already done some digging in this area.

Rhodey tilted his head. “How’d you get access to all those-” Then, realizing what he was asking, he shook both hands. “Forget it. I don’t wanna implicate myself.” Pulling up his phone, he started typing. “Here. I’m gonna email you something to cross reference. It’s all the industrial facilities that registered a spike in power usage.”

Once it blipped across Tony’s network, he pulled the information out of the thin air it came in on, lighting up his map. You leaned in, flicking away parts of the city until it got narrower and narrower.

Rhodey pointed to one of the red spots on the map. Remote corner. “What’s this?”

Tony brought his hands up to zoom in. “An automobile scrapyard. Perfect place to melt things without being noticed.”

The bulb went off. “And make suspicious cars with suspicious supplies in them disappear.”

Taking just all the credit, Tony turned to Rhodey with one of his usual know-it-all-grins. “See? Told you we’d figure it out.”

The eye-roll Rhodey served him back could only be described as intensely fond. You shared the feeling. Locking your arms around both of theirs, “Yes. We did.”

------

While it didn’t do your mind any good to suit up alongside Tony and Rhodey, it was best if all three of you went. The sooner you closed this out, the better. Although, really, with the both of them, and now knowing what they were up against, did you really need to be here? Sure, you’d gotten humiliated, too. But you’d probably just be in the way. ...although you couldn’t tell if you really thought that, or it was just your troubled mind trying to find excuses not to go.

“So. We’re really gonna wrap this up and not get our asses kicked? Because I’d love to be able to schedule a press conference by the end of today.” Asking the men flanking both your sides through the air.

Rhodey’s voice came in first. “Hey. I’m not planning on getting my ass kicked twice, thank you. But if you are, let me know. I’ll stay out of your way.”

Tony was the first to touch down in the scrapyard. “Maybe we won’t even get a fight. I’m sure there’s a perfectly legitimate reason they’re using more power.”

You were a very close second at his side, right as a beam shot your way, into a pile of cars that then wobbled into collapse. “Right. Or. Mr. Melty is here.”

Still impressed with your ability to make jokes as ten cars fell right on top of your little trio. The three of you put your hands up, not much to worry about in the suits. But at least your mind was staying fresh and not going elsewhere. It might have been easy to slip. Mr. Melty was saying something, as he had the penchant for doing. Speaking in moments where the people who were supposed to be hearing him really couldn’t hear him. In response, somehow in sync, the three of you bent at the knees and then lifted up, shoving the crushed cars off of you, and aiming a triple beam Melter’s way.

“Hey.” Tony looked your way. “Did we ever decide who’s polishing whose suit?” As if that were of the utmost importance.

Rhodey took off. “Why don’t we make him do it. Since he’s the one who got ‘em dirty.”

Bracing down, you held both hands out to fire off a shot. “Sounds good to me!”

Overwhelmed in the line of fire, Melter launched himself into the air. “Idiots!” Shooting a couple of quick rays your way. “What makes you think I can’t stop you the same way I did before?”

Jumping in your line of fire, directing it away, Tony closed in on him. “Actually. I don’t know if you’ve heard. I’m actually the opposite. What’s the word? Oh. Right. Genius. I modified our systems to work independently.” You came around the back, just in time to aid his speech. With a well placed kick to Melter’s spine, you launched him directly into the swing of Tony’s arm. “Damage a leg? The fist works just fine!”

Right in his trajectory, Rhodey put his hands out to grab him and then circled around twice to throw him into a pile of junk. “We’re ready for you now. Shouldn’t have let us get the team together.”

The three of you eased off the fire of your jets, landing on the ground. Waiting for his next move as he pulled himself up to the ground. Now would be a good time for cuffs. Even more so, you realized, as he started laughing. “You only think you’re ready. But you made a severe mistake!”

He thrust his arm up, firing off a more concentrated ray, just above your head. In the line of that wide arc, he burned the cars behind you into a literal molten lava which spewed forward, capturing you whole.

“You let me choose the battlefield!”

He was a little hard to hear, what with the bubbling of metallic fire encasing you and alarms blaring in both your ears. “LUNA we’re okay-! Right?!” Probably asking more for yourself.

“Heat temperature is rising! You’ll be fine but not forever!”

Right. Don’t stay in the burning pile of liquid metal. Got it. Easy. Easy peasy. You took a deep breath. The sounds of fighting- metal on metal- were going on around you. What you could hear of it anyway. “Give me the back panel- I want a hard boost! On three!”

Counting it up for her, making sure to hold your breath as she launched you hard upwards, ejecting you out of that goo pile. You just barely caught your footing on solid ground. See? Fine. Everything was fine. Except that Tony and Rhodey were still going at it.

“We need to disable that ray!”

“Good luck getting close to him!”

Rushing forward, drawing his fire, “I’ll keep him busy!” You’d sat out for far too long anyway. It was time to play your part. He fired that ray on you almost immediately as soon as you were in view, and even more warnings starting going off. You lost the left arm first, going into immediate reboot. The right was about to be next, watching him charge up again-

But Tony got close enough behind him to reach up, grabbing a handful of cables and twisting them in a snap. “That oughta do it-”

Melter swung back on his heel, delivering a plated elbow to Tony’s chest, sending him flying back. “You might have disabled my ray, but my suit is still fully charged! While yours is useless!” The manic laughing started.

LUNA spoke over him, “Iron Man is going into reboot!”

It may have explained why he wasn’t getting up. He must have gotten too much of that ray. You felt like the same, pieces of your suit were flashing red in the display window on the right side of your HUD. Your repulsors were no longer working. What to do?

Melter bent down to pick up a heavy piece of machinery, lifting it with ease. The only reason he didn’t throw it immediately was he seemed to be debating which one of you to take out first. “By the time either of you have rebooted I’ll have crushed you both-!”

Taking his momentary hesitation as the gift that it was, Rhodey had gotten behind him, and gave him a tap on the shoulder. “Correction.” And when Melter turned to him, he leaned forward, bashing his iron head right into Melter’s- the one with only half a helmet on. You heard the crunch of his goggles. “My greatest weapon is myself.”

Rhodey delivered a one-two punch. Sending him flying right in Tony’s path as he stood up. “Mind if I cut in?” Aiming a punch downward to put him deep into the ground. Then he looked up towards you. “Want a piece of this?”

“No- I’m fine. Thank you.” Crisis averted. No need to beat on him any further. Sure he’d humiliated all three of you and had tried to sell his tech to the next highest evil bidder, but… he’d had enough. Surely. Stumbling over, headache starting up, you tried to make light of the situation. “Hey. Who won the contest?”

Their laughter was probably the best balm. And over too soon. Melter interrupted it with a groan and a move to sit up. Something Rhodey squashed with a well placed boot on his chest. “Sit down.” Commanding very suddenly. “I’m handing you over to the military police.”

Tony held a hand out. “You know, we make a pretty good team.”

Rhodey shook it. “Don’t have to tell me twice.”

And, just to get in it for fun, you put a hand over both theirs, zipping your line of sight up to deactivate the helmet with the quick command. Breathing a gulp of fresh air in, you smiled his way. “Ever heard of the Avengers initiative?”

“Why?” His helmet slid down and he grinned back. “You in charge of recruiting?”

Tony’s helmet came off last, and it was a relief to see the quirk of his lips. “I don’t know if you’ve heard, but she’s more or less in charge of everything.”

“Thank god for that.” Tony's smirk softened into a loving flash of a smile. "I agree."

A lot to put on a person to be sure but… with the way they were saying it…? Hard to say no to that.

#Tony Stark #Tony Stark x Reader #INY Chapter Sixty Eight

7 notes · View notes

ariadnelives · 5 years

Text

Chapter 17 -- The Pros and Cons

[Missed earlier chapters? Go catch up here! Otherwise, welcome back! Oh, and make sure to join our discord server! Chapter can also be found @ ao3”]

“Your objections have been noted, Sweettalk,” Ariadne addressed the crew about 25 minutes later, give or take, in front of the whiteboard once again, “and none of us likes having to work with this slimeball—”

“—Can I raise an objection?” Prescott cut in.

“All objections have been noted,” Ariadne spat back, “but the information Prescott’s carrying is too valuable to our cause to pass up.”

“And what is our cause, exactly?” Sweettalk asked, “because, I mean, I get that this cult is bad news, but, why is that still our business?”

“Would your conscience allow you to let Vi’s sisters stay locked up?” Ariadne replied casually.

Sweettalk considered this. “It… ugh, it would not…”

“Besides,” Ariadne continued, “and this is a totally selfish reason, but as long as they’ve got one of the impostors, they can keep posing as me and ruining my good name.”

“Your good name as… a wanted criminal…?” Prescott interjected.

“This is now the fifth time someone has told you to cram it,” Sasha pointed out. “I’ve been counting.”

“Do you want our help or not?” Ariadne offered in assent.

“I’m getting your help regardless,” Prescott smirked, “remember, my information is ‘too valuable to pass up.’”

“What information do you have?” Pilar snapped, “God, sorry, it’s hard to keep this group focused sometimes.”

“Thank you, Ms. Pilar,” Prescott smiled at her.

“Don’t get friendly. I still hate you. Keep talking.”

“Must have been raised in a barn, I swear,” Prescott muttered. “No matter. I have extensive information on the cult leader known as The Zealot. I’ve already told your captain enough independently verifiable information to prove that I’m not full of shit, but given our track record thus far, I understand if you still don’t exactly trust me, and believe me, the feeling’s mutual.”

“Prescott and I have worked out a deal,” Ariadne explained. “He needs our help retrieving some valuable artifacts from a casino in Lohnausfall where he believes his girlfriend—”

“—ex-girlfriend,” Prescott snapped.

“Shock,” Ariadne replied sarcastically, then continued, “a casino where he believes his ex-girlfriend fled to with the bag of church artifacts he stole from the Red God compound.”

“Church artifacts are valuable?” Alicia chimed in from the crowd.

“These ones are,” Prescott explained, “The Zealot, see, he’s bartered, stolen, and even killed to get just about every ancient text, every holy artifact, basically anything the Catholic Church wanted to keep under wraps. He learned how to establish a religion using primary sources on some of the most powerful churches of all time. I’ve got nothing against people of faith, but, he took something good and twisted it to his own ends, which obviously I appreciate. One of the reasons my security company never sold those compounds out is because we knew they were sitting on a fortune bigger than any sticker price we could’ve given a buyer, and we could just quietly slip in any time, take one document, sell it to fund our operation for a year, and if they ever noticed it was gone, they’d just chalk it up to an archaic and confusing filing system. In that duffel bag alone, among other things, there was an original manuscript of the Gospel of Judas, one of the nails purportedly used to hang Jesus on the cross, the true shroud used to cover his body, and enough documentation to prove the authenticity of every bit. In the right hands, each artifact is worth millions, maybe more.”

“Okay, so, it’s obvious Prescott is a slimeball who’s attempting to exploit humanity’s cultural heritage for his own profit,” Ariadne began, “I think we can all agree on that—”

“I can’t!” Prescott scoffed.

“Everyone whose opinion matters can agree on that, but, given his history, I wasn’t exactly comfortable helping him out with no guarantee that he won’t throw us under the bus and make a mad dash to save himself. So, we came up with a little arrangement. Prescott wrote everything he knows about the Zealot on a tablet which will be entrusted to Sweettalk, the least likely person in the universe to ever help Prescott—”

“Yo,” Sweettalk said, making a thumbs-up to indicate that she was absolutely game to be unhelpful where Prescott is concerned.

“—and, to ensure that we don’t just take the information and drop him out the airlock on the way to Lohnausfall,” Ariadne continued, holding up two small memory drives, “these are the two decryption keys. I coded them myself. Even I can’t hack my way into that tablet without both of these, so if either of them are missing, the tablet is useless. One will be on Prescott’s person, the other in Pilar’s. Both of them need to return for this to work.”

Sweettalk raised her hand.

“We’ve established that this is not a classroom, Sweettalk, ask your question.” Pilar sighed.

“What’s to stop him from taking his key and booking it once he has what he wants?” Sweettalk asked.

“I hate that she makes such a good point,” Pilar asked.

“Oh, you’re gonna like this,” Ariadne grinned, and, without warning, quickly tackled Prescott to the ground.

There was a quick scuffle, the sort you might expect when one person abruptly throws their entire weight onto another person and knocks them to the floor, but after a few seconds it resolved itself into Ariadne twisting Prescott’s arm behind his back and attaching a heavy-looking black manacle to his wrist.

“THERE.” Ariadne said, slotting one of the drives into a small notch in the manacle, which closed behind it.

“WHAT THE HELL?!” Prescott bellowed.

“I like it already,” Sweettalk laughed. “What is it?”

“I call it The Jumper,” Ariadne said, “I invented it a few months back and I’ve always wanted a chance to use it. It’s got a small, long-range teleporter inside it, hardwired to our receiving pad. Only I can unlock it, although I have no manual control over it. It activates automatically if it leaves a 1-kilometer range of my person, or if any of our crew’s vitals go critical for more than 30 seconds. If he attempts to flee, or harms any of us, the Jumper will automatically return to our station.”

“And what’s stopping him from leaving Spacebreather in the back of some cop car, so having his key back doesn’t do us any good?” Sweettalk asked, “Sorry, Spacebreather, I’m not doubting you, but we can’t afford to underestimate how much of a snake in the grass this guy is.”

Ariadne released her hold on him. “I’m right here, you know,” Prescott said, sounding somewhat offended.

“OH, ARE YOU?” Sweettalk asked, “I WASN’T SURE, I WOULD’VE SAID SOMETHING MORE INSULTING.”

Ariadne jumped in at this point, hoping to keep the crew focused, “the Jumper is programmed to return to our station. It is also designed to take the wrist it’s attached to with it, and do so in such a way that ensures the wearer will bleed out within minutes.”

“So, we know he can’t screw us over again,” Sasha started.

“Don’t count on that,” Sweettalk interjected.

“But, do we have a plan to actually extract the target?” Sasha finished.

“The security at the casino is lax,” Ariadne explained. “Big Top Casino is owned by the Rizzo crime family. Now, I’m told they used to be a big deal, and the head honcho Harry ‘Big Top’ Rizzo is a force to contend with, but their wealth has waned in recent years, which I’d bet is why they wanted these artifacts in the first place. They’ll have a lot of goons on the ground, but the main threat they’re there to guard against is hit jobs by rival families. They don’t think anyone would be stupid enough to try to steal something out of the safe in Big Top’s office, which is where the target will undoubtedly be.”

“Can you crack the safe?” Pilar asked.

“I’ve never met a safe I couldn’t,” Ariadne said, “all I need is to make sure I don’t get caught cracking it. So, we’re going to need to divide into two teams. Diamond Team, that’s Spacebreather, Deathsbane, Sweettalk, and any available Whiptals, your job will be to stage a robbery on the casino floor. Make a big show of it. You don’t actually need to get anything out of the robbery, just make it believable enough that security thinks you’re the threat and comes running, and most importantly, don’t get killed.”

“Do we really think that Deathsbane—” Pilar began.

“I don’t want to hear any arguments on this,” Ariadne cut in, “we need a field medic on site for any dangerous missions from here on out. If you’d like Deathsbane to take on an apprentice, we can talk about that when we get back, but in the meantime, we’ve only got one medic and we can’t afford to be away from her.”

Pilar let out a somewhat angry-sounding sigh. “Fine, whatever.” Sasha smiled and Sweettalk smiled wider.

“Easy enough,” Sasha shrugged, “I’ll prep a few auto-capsules for the regen serum that’ll monitor our vitals and inject us in the event of any sort of trauma. They’re one-use only, though, so try not to get hit, and if you do, go down and play dead so they don’t shoot you again.”

“So, we’re the diversion,” Sweettalk mused, “but what happens when you’ve got the safe? Do we have an exit strategy?”

“Fastwing will keep the shuttle cloaked nearby with a receiving pad idling. As soon as I give her the signal, we flee as quickly as we can and she flies us the hell out of there.”

“What will I be doing during all of this?” Prescott asked.

“Other than cramming it?” Sasha proposed, and Sweettalk quietly high-fived her.

“You’ll be with me,” Ariadne said flatly. “If you’re seen on the casino floor this ex-girlfriend of yours will know what we’re there for and the diversion will be blown. For all your faults, you’re a pretty good liar, and that’s going to work to our advantage. You’ll be our lookout, wearing your security guard getup. If anyone catches us red-handed, your job is to get us out of trouble.”

“You’d trust him to do that?” Sweettalk asked incredulously.

“I’d trust him as far as I could throw his grubby little severed hand and a bag full of blasphemous goodies,” Ariadne replied casually.

“Fair,” Sweettalk nodded.

“So, anything else we need to know?”

“One thing,” Prescott interjected, “Don’t underestimate my ex, Nicks. She may look harmless, but she might be the most dangerous person I’ve ever met.”

Pilar looked moderately offended.

“Ego still a little bruised from the breakup?” Sweettalk offered.

“I’m not kidding,” Prescott insisted, “maybe it’s from growing up with the rest of the Rizzos, but she has this, like, Bonnie and Clyde thing, she lives for danger and that’s more important to her than her own safety or anyone she loves. There is no risk she’s unwilling to take, and no consequence great enough to give her pause. Call me biased or jilted or whatever, but if she confronts you, don’t bother firing a warning shot. She can’t be intimidated, if anything, it’ll just encourage her. Shoot to kill.”

“Noted.” Ariadne rolled her eyes. She was sure they could handle whatever squeaky-voiced rich brat who was airheaded enough to find Prescott attractive, and she didn’t need to know him for very long to know you couldn’t trust a word out of his mouth. “If there’s nothing else, let’s saddle up and get this heist underway. I don’t want to spend any more valuable time helping Prescott, whom I hate, than we need to.”

14 notes · View notes

hajikhan123 · 3 years

Text

Morgan Stanley Details Bitcoin Exposure Plans in SEC Filings

Morgan Stanley Details Bitcoin Exposure Plans in SEC Filings https://decrypt.co/63693/morgan-stanley-bitcoin-exposure-sec https://decrypt.co/63693/morgan-stanley-bitcoin-exposure-sec

0 notes

gomontaygo · 3 years

Text

0 notes

brettzjacksonblog · 5 years

Text

Kraken CEO Sees Bitcoin Price at $100K-$1M as Bears Cry Correction

The price of bitcoin on Wednesday came close to hitting the $13,000 level for the first time since January 2018. While the cryptocurrency could be on its way to reclaim its all-time high of $20,000, its wild bull run is also increasing the probability of an equally primitive bear correction.

But that does not concern Jesse Powell of US-based cryptocurrency exchange, Kraken. The chief executive officer said today that he is not anchoring his thoughts on an imminent bitcoin correction. Instead, he is looking at a big picture, wherein the cryptocurrency value could reach anywhere between $100,000 and $1 million.

“When I hear people talking about a bitcoin “correction” I’m thinking $100k, maybe $1m. That’s what’s correct,” said Powell.

When I hear people talking about a bitcoin "correction" I'm thinking $100k, maybe $1m. That's what's correct.

— Jesse Powell (@jespow) June 26, 2019

Powell’s bullish sentiment towards bitcoin appears in tandem with a general market viewpoint towards the cryptocurrency’s future. This week, Anthony “Pomp” Pompliano of Morgan Creek Digital also predicted that bitcoin would reach $100,000 a piece ahead of the 2021 close. The founding partner said that there could be correction periods of 20-30 percent whenever bitcoin hits a new high, but the asset would continue rising, nevertheless.

“These mini-boom/bust cycles should not cause panic, but rather need to be understood as natural market dynamics whenever an asset gains significant value in short periods of time,” explained Pomp.

Paper Gains

But not all financial players are big fans of a decentralized cryptocurrency. Prominent US stockbroker Peter Schiff, who was among the few ones to predict the 2007-2008 financial crisis, called the bitcoin’s ongoing parabolic move a “sucker’s rally,” stating that speculators are driving the cryptocurrency’s rate higher without understanding the underlying dangers posed by its lack of intrinsic value.

“It doesn’t matter how high the price of Bitcoin rises unless you sell. Every buyer must eventually sell to realize any benefit from the rise,” said Schiff. “But therein lies the problem. Once HODLERS decide to cash out, the price collapses, wiping out paper gains before they can be realized!”

Bitcoin bugs claim the only reason I am pro gold is that I have a gold company or that one of the mutual funds I manage is a gold fund. Yet they ignore the greater bias of those shilling for Bitcoin, who own huge personal stakes, manage crypto funds, or own crypto businesses!

— Peter Schiff (@PeterSchiff) June 22, 2019

Then, there is Will Harborne, the founder of Ethfinex, a London-based cryptocurrency exchange, who believes the fresh supply of 600,000 tethers (USDT) — stablecoins pegged to the US dollar on a one-to-one basis — is behind the bitcoin price rally. Harborne said in an interview to Decrypt that the over-the-counter exchanges are the biggest buyers of USDT. He explained that a typical OTC handles large-scale bitcoin orders, which sometimes require it to fill the bids with USDT for smooth liquidity.

“An OTC desk might do a large deal selling BTC to a large buyer in the US, and then will convert the dollars to Tether in order to spread the other side of the order across Bitfinex and Binance where there is more liquidity,” he said.

Tether has been a controversial stablecoin for allegedly lacking the US dollar reserves that should back its net USDT supply. In April, the New York Attorney General (NYAG), Letitia James, accused Tether and its associate-exchange BitFinex of hiding an $850 million loss, so to artificially maintain the USDT-USD peg.

Bitcoin Bullish Factors

On the other hand, the bullish sentiment of both Powell and Pomp relies on bitcoin’s scarce economic model. The cryptocurrency’s protocol is set to reduce its supply by half in May next year. At the same time, the demand for bitcoin is allegedly increasing in the wake of an impending geopolitical crisis in the Middle East, and other weak macroeconomic outlooks.

“These,” wrote Pomp, “include large scale institutional adoption, multiple ETF and retail product approvals, increased global instability, lack of performanace in traditional markets, and the continued manipulation of markets, economies, and currencies by governments around the world.”

Bitcoin Price Closing in On the $13,000 Level | Image Credits: TradingView.com

The bitcoin price was trading at $12,583 at the time of this writing.

The post Kraken CEO Sees Bitcoin Price at $100K-$1M as Bears Cry Correction appeared first on NewsBTC.

from CryptoCracken SMFeed https://ift.tt/2RBrWKZ via IFTTT

#IFTTT #CryptoCracken SMFeed

0 notes

michaelbennettcrypto · 5 years

Text

Kraken CEO Sees Bitcoin Price at $100K-$1M as Bears Cry Correction

“When I hear people talking about a bitcoin “correction” I’m thinking $100k, maybe $1m. That’s what’s correct,” said Powell.

When I hear people talking about a bitcoin "correction" I'm thinking $100k, maybe $1m. That's what's correct.

— Jesse Powell (@jespow) June 26, 2019

Paper Gains

— Peter Schiff (@PeterSchiff) June 22, 2019

Bitcoin Bullish Factors

Bitcoin Price Closing in On the $13,000 Level | Image Credits: TradingView.com

The bitcoin price was trading at $12,583 at the time of this writing.

The post Kraken CEO Sees Bitcoin Price at $100K-$1M as Bears Cry Correction appeared first on NewsBTC.

from Cryptocracken WP https://ift.tt/2RBrWKZ via IFTTT

#IFTTT #Cryptocracken WP

0 notes

joshuajacksonlyblog · 5 years

Text

Kraken CEO Sees Bitcoin Price at $100K-$1M as Bears Cry Correction

“When I hear people talking about a bitcoin “correction” I’m thinking $100k, maybe $1m. That’s what’s correct,” said Powell.

When I hear people talking about a bitcoin "correction" I'm thinking $100k, maybe $1m. That's what's correct.

— Jesse Powell (@jespow) June 26, 2019

Paper Gains

— Peter Schiff (@PeterSchiff) June 22, 2019

Bitcoin Bullish Factors

Bitcoin Price Closing in On the $13,000 Level | Image Credits: TradingView.com

The bitcoin price was trading at $12,583 at the time of this writing.

The post Kraken CEO Sees Bitcoin Price at $100K-$1M as Bears Cry Correction appeared first on NewsBTC.

from Cryptocracken Tumblr https://ift.tt/2RBrWKZ via IFTTT

#IFTTT #Cryptocracken Tumblr

0 notes

aheliotech · 5 years

Text

THE TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

New Post has been published on https://www.aheliotech.com/blog/the-trade-secret-firms-that-promised-high-tech-ransomware-solutions-almost-always-just-pay-the-hackers/

THE TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

This story was originally published by ProPublica.

As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra.

by Renee Dudley and Jeff Kao, ProPublica

From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the U.K. It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlanta’s online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom.

“You just have 7 days to send us the BitCoin,” read the ransom demand to Newark. “After 7 days we will remove your private keys and it’s impossible to recover your files.”

At a press conference last November, then-Deputy Attorney General Rod Rosenstein announced that the U.S. Department of Justice had indicted two Iranian men on fraud charges for allegedly developing the strain and orchestrating the extortion. Many SamSam targets were “public agencies with missions that involve saving lives,” and the attackers impaired their ability to “provide health care to sick and injured people,” Rosenstein said. The hackers “knew that shutting down those computer systems could cause significant harm to innocent victims.”

In a statement that day, the FBI said the “criminal actors” were “out of the reach of U.S. law enforcement.” But they weren’t beyond the reach of an American company that says it helps victims regain access to their computers. Proven Data Recovery of Elmsford, New York, regularly made ransom payments to SamSam hackers over more than a year, according to Jonathan Storfer, a former employee who dealt with them.

Although bitcoin transactions are intended to be anonymous and difficult to track, ProPublica was able to trace four of the payments. Sent in 2017 and 2018, from an online wallet controlled by Proven Data to ones specified by the hackers, the money was then laundered through as many as 12 bitcoin addresses before reaching a wallet maintained by the Iranians, according to an analysis by bitcoin tracing firm Chainalysis at our request. Payments to that digital currency destination and another linked to the attackers were later banned by the U.S. Treasury Department, which cited sanctions targeting the Iranian regime.

“I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime,” Storfer said. “So the question is, is every time that we get hit by SamSam, and every time we facilitate a payment — and here’s where it gets really dicey — does that mean we are technically funding terrorism?”

Proven Data promised to help ransomware victims by unlocking their data with the “latest technology,” according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.

Another U.S. company, Florida-based MonsterCloud, also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies, ProPublica has found. The firms are alike in other ways. Both charge victims substantial fees on top of the ransom amounts. They also offer other services, such as sealing breaches to protect against future attacks. Both firms have used aliases for their workers, rather than real names, in communicating with victims.

The payments underscore the lack of other options for individuals and businesses devastated by ransomware, the failure of law enforcement to catch or deter the hackers, and the moral quandary of whether paying ransoms encourages extortion. Since some victims are public agencies or receive government funding, taxpayer money may end up in the hands of cybercriminals in countries hostile to the U.S. such as Russia and Iran.

In contrast to Proven Data and MonsterCloud, several other firms, such as Connecticut-based Coveware, openly help clients regain computer access by paying attackers. They assist victims who are willing to pay ransoms but don’t know how to deal in bitcoin or don’t want to contact hackers directly. At the same time, Coveware seeks to deter cybercrime by collecting and sharing data with law enforcement and security researchers, CEO Bill Siegel said.

Siegel refers to a handful of firms globally, including Proven Data and MonsterCloud, as “ransomware payment mills.” They “demonstrate how easily intermediaries can prey on the emotions of a ransomware victim” by advertising “guaranteed decryption without having to pay the hacker,” he said in a blog post. “Although it might not be illegal to obfuscate how encrypted data is recovered, it is certainly dishonest and predatory.”

MonsterCloud chief executive Zohar Pinhasi said that the company’s data recovery solutions vary from case to case. He declined to discuss them, saying they are a trade secret. MonsterCloud does not mislead clients and never promises them that their data will be recovered by any particular method, he said.

“The reason we have such a high recovery rate is that we know who these attackers are and their typical methods of operation,” he said. “Those victims of attacks should never make contact themselves and pay the ransom because they don’t know who they are dealing with.”

On its website, Proven Data says it “does not condone or support paying the perpetrator’s demands as they may be used to support other nefarious criminal activity, and there is never any guarantee to obtain the keys, or if obtained, they may not work.” Paying the ransom, it says, is “a last resort option.”

However, chief executive Victor Congionti told ProPublica in an email that paying attackers is standard procedure at Proven Data. “Our mission is to ensure that the client is protected, their files are restored, and the hackers are not paid more than the minimum required to serve our clients,” he said. Unless the hackers used an outdated variant for which a decryption key is publicly available, “most ransomware strains have encryptions that are too strong to break,” he said.

Congionti said that Proven Data paid the SamSam attackers “at the direction of our clients, some of which were hospitals where lives can be on the line.” It stopped dealing with the SamSam hackers after the U.S. government identified them as Iranian and took action against them, he said. Until then, he said, the company did not know they were affiliated with Iran. “Under no circumstances would we have knowingly dealt with a sanctioned person or entity,” he said.

Proven Data’s policy on disclosing ransom payments to clients has “evolved over time,” Congionti said. In the past, the company told them it would use any means necessary to recover data, “which we viewed as encompassing the possibility of paying the ransom,” he said. “That was not always clear to some customers.” The company informed all SamSam victims that it paid the ransoms and currently is “completely transparent as to whether a ransom will be paid,” he said.

“It is easy to take the position that no one should pay a ransom in a ransomware attack because such payments encourage future ransomware attacks,” he said. “It is much harder, however, to take that position when it is your data that has been encrypted and the future of your company and all of the jobs of your employees are in peril. It is a classic moral dilemma.”

***

No U.S. laws prohibit paying ransoms. The FBI frowns on it officially — and winks at it in practice. Ransom payment “encourages continued criminal activity, leads to other victimizations, and can be used to facilitate serious crimes,” an FBI spokesperson told ProPublica in an email. But in 2015, the assistant special agent in charge of the FBI’s cyber program in Boston said at a cybersecurity conference that the bureau will “often advise people just to pay the ransom,” according to news reports.

Paying a ransom while pretending otherwise to a client, though, could constitute deceptive business practices prohibited by the Federal Trade Commission Act, said former FTC acting chairman Maureen Ohlhausen. “Any claim that a company makes, they can legally be held to that claim,” she said. Neither MonsterCloud nor Proven Data has been cited by the FTC.

Storfer, who worked for Proven Data from March 2017 until September 2018, said in a series of interviews that the company not only paid ransoms to the SamSam hackers, but also developed a mutually beneficial relationship with them. As that relationship developed, he said, Proven Data was able to negotiate extensions on payment deadlines.

“With SamSam, we could say, hello, this is Proven Data, please keep this portal open while we contact and interact with the customer while moving forward,” Storfer said. “And they would remove the timer on the portal. And then they would respond quicker and in many cases would be able to provide things a little bit easier.”

The SamSam attackers didn’t identify themselves, he said. While Proven Data generally concealed its identity when responding to ransom demands, “we were very open” with the SamSam hackers, “and we would essentially announce ourselves,” Storfer said.

Eventually, the attackers began recommending that victims work with the firm. “SamSam would be like, ‘If you need assistance with this, contact Proven Data,’” said Storfer, who declined to identify clients. Some of them wondered about this endorsement. “Honestly, the weirdest thing was clients would ask us why, and we would have to respond to that, which was not a really fun conversation,” he added.

The referrals indicate the SamSam hackers’ confidence that Proven Data would pay the ransom, said Bart Huffman, a Houston lawyer specializing in privacy and information security. Such prior understandings could be seen as a criminal conspiracy and may violate the U.S. Computer Fraud and Abuse Act, he said.

“That does seem like you are working for the other side,” Huffman said. “You are facilitating the payment at the recommendation of SamSam, in the manner suggested by SamSam.”

Proven Data has never been charged with such a violation. The company “never had a ‘close relationship’ with SamSam attackers,” said Congionti, who didn’t comment on the recommendations specifically. “Our contact with attackers is limited to minimizing the attack on the customer. … Anyone can reach out to a hacker and tell them to keep the portal open longer.”

***

The father of ransomware was Harvard-educated anthropologist Joseph L. Popp Jr. While researching the theory that AIDS originated in green monkeys in East Africa, Popp in 1989 mailed more than 20,000 floppy disks about AIDS education to people interested in public health. When recipients ran the disk, their computers froze, and a message on the screen instructed them to send up to $378 to a post office box in Panama for a second disk that would restore their access.

The FBI arrested Popp before he could carry out his plan to distribute another 2 million disks. U.S. officials extradited him to England, where he was deemed mentally unfit to stand trial, John Kilroy, one of his lawyers, said.

“I believe he sincerely wanted to stop the spread of AIDS,” Kilroy said. “He lost his way in doing the ransom. I don’t think he had a good understanding of the consequences for other people.”

Popp, an Ohio native, returned to the U.S. and settled in Oneonta, New York. There, he helped establish a butterfly conservatory that was named in his honor after he died in a 2006 car accident at age 55, according to a local news clipping and his death certificate.

He didn’t live to see his brainchild become one of the world’s most common types of cybercrime. It wasn’t until 2012, when bitcoin began gaining traction, that ransomware took off. The decentralized digital currency made it difficult to trace or block payments.

Since 2016, more than 4,000 ransomware attacks have taken place daily, or about 1.5 million per year, according to statistics posted by the U.S. Department of Homeland Security.

“Ransomware continues to spread and is infecting devices around the globe,” the FBI said in a statement. “We are seeing different kinds of ransomware, different deployment methods, and a coordinated distribution. The FBI considers it one of the top cybercriminal threats.”

Yet the FBI’s Internet Crime Complaint Center counted only 1,493 ransomware victims in 2018 — a figure the bureau itself says represents only a small fraction of total incidents. Victims don’t report attacks, perhaps because they’re embarrassed or reluctant to admit to gaps in their IT security, according to law enforcement officials.

Even when victims do report ransomware, the culprits are rarely caught. The Iranians who allegedly distributed SamSam were the first people ever indicted by the U.S. government for deploying a ransomware scheme, although others have pleaded guilty to money laundering or computer damage in connection with ransomware.

While demands to businesses and municipal governments have reached as high as six figures, the average ransom sought is a few thousand dollars, according to cyberresearch firms. That’s well below the thresholds maintained by federal prosecutors to trigger an investigation, said former FBI Deputy Director John Pistole. Local police departments lack the resources to solve cybercrime and themselves are frequently ransomware targets. “It is a weird gray area where there is a law but it isn’t enforced,” said Jeffrey Kosseff, an assistant professor of cybersecurity law at the United States Naval Academy. “Ransomware is a real failure of the current legal system. There is not a good remedy.”

European law enforcement agencies have had more success. In March 2018, for example, the Polish Police — in cooperation with the Belgian Federal Police and Europol — arrested a Polish national suspected of having infected several thousand computers with ransomware. European law enforcement officials “just hang out on Slack channels where we tell them stuff,” said Fabian Wosar, a U.K.-based security researcher, referring to the popular messaging platform.

Asked whether its agents also gather information via Slack, the FBI said that it “must adhere to rules relating to federal agency recordkeeping, which makes the adoption of more agile communication methods trickier for us than for private sector companies.”

When Wosar discovered servers in the U.S. and the Netherlands that likely contained the attackers’ decryption keys for the ASN1 ransomware strain and could help identify the criminals, he and another researcher notified the FBI and the Dutch National Police. “Great news,” a member of the Dutch high-tech crime team responded. “We are eager to start things up” and “try to seize the servers.” The FBI replied with basic questions that reflected a lack of understanding of how ransomware works, said Wosar, who is head of research at anti-virus provider Emsisoft.

On another occasion, Wosar had what he called a “very hot lead” on the inventor of the ACCDFISA strain. He tried one FBI agent after another and ended up submitting his tip on the “FBI homepage like everyone else,” he said. “I’m sure it got lost among hundreds of thousands of submissions.” The bureau declined to comment on the incidents.

As ransomware proliferated without an effective law enforcement response, an industry sprang up to unlock victims’ computers. In the U.S., it was dominated by two firms: Proven Data and MonsterCloud. Each says it has assisted thousands of victims.

The companies’ claims to be able to release files using their own technology aroused Wosar’s curiosity. He and other security experts sometimes find ways to disable ransomware, and they post those fixes online for free. But they can decrypt ransomware only if there are errors in the underlying software or if a security lapse allows the researchers to hack into the attacker’s server, he said; otherwise, it’s essentially bulletproof.

“If there is a company that claims they broke the ransomware, we are skeptical,” Wosar said. “Everything the ransomware did has been analyzed by other researchers. It’s incredibly unlikely they were the only ones to break it.”

In December 2016, he devised an experiment dubbed “Operation Bleeding Cloud,” after MonsterCloud and the notorious “Heartbleed” software vulnerability. He and another researcher created a variant of ransomware and used it to infect one of their own computers. Then they emailed MonsterCloud, Proven Data and several data recovery firms based in the U.K. and Australia, posing as a victim who didn’t want to pay a ransom.

Wosar said he sent some sample encrypted files to the firms along with a fake ransom note that he had written. Like many ransom notes, the demand included an email address to contact the attacker for instructions on how to pay. Each note also contained a unique ID sequence for the victim, so Wosar could later identify which firm had contacted him even if it used an anonymous email account.

The firms eagerly agreed to help. “They all claimed to be able to decrypt ransomware families that definitely weren’t decryptable and didn’t mention that they paid the ransom,” Wosar said. “Quite the contrary actually. They all seemed very proud not to pay ransomers.”

Soon, the email accounts that he’d set up for the imaginary attacker began receiving emails from anonymous addresses offering to pay the ransom, he said. He traced the requests to the data recovery firms, including MonsterCloud and Proven Data.

“The victims are getting taken advantage of twice,” he said.

Proven Data’s Congionti and MonsterCloud’s Pinhasi both said they could not recall this particular case. “If someone is saying that we promised up front that we would be able to decrypt their files, I am certain that this is inaccurate,” Pinhasi said.

Last year, the research division of Israeli cybersecurity company Check Point Software Technologies used a similar tactic to unmask Dr. Shifro, a Russian company. Dr. Shifro purported to use its own technology to liberate computers locked by ransomware, but it actually negotiated with a security researcher posing as the hacker, according to Check Point. Dr. Shifro did not respond to an email in both Russian and English seeking comment.

Storfer, the former Proven Data ransom negotiator, said he was saddened to read of Dr. Shifro’s tactics. “That’s basically what I was doing,” he said.

***

In 2017, Storfer was a year out of college and looking online for a job close to his Westchester County, New York, home when he spotted an opening for an office manager at Proven Data. He’d never heard of the company, but he applied and was hired.

He thought he would be scheduling meetings, sending out packages and accepting deliveries. But prior jobs at retail stores and restaurants had honed his customer service skills. After a short time at Proven Data, he was given the title of client solutions manager and assigned to negotiate with hackers. Storfer “was responsible for some of the correspondence with ransomware attackers,” Victor Congionti said. The job, which Storfer said paid a starting salary of about $41,000 a year, provided a unique window onto the rarely glimpsed underworld of cybercrime.

He soon realized that ransomware is a vast global industry. Most attacks on U.S. targets originate from abroad, especially Russia and Eastern Europe. There are hundreds of ransomware strains and thousands of variants of those strains. Some are sidelined as their revenues diminish or cybersecurity researchers devise ways to neutralize them, while new ones are always emerging.

Some ransomware attacks hit millions of computers indiscriminately, hoping to infiltrate them through infected spam email attachments. Others target businesses, government agencies and nonprofit organizations, sometimes with “brute-force” tools that invade computer networks. While individuals are frequently attacked, criminals increasingly extort institutions that have deeper pockets and readily pay the ransom to minimize disruption to their operations.

Once ransomware penetrates the computer, victims are unable to open their files, which are often renamed with a new extension. Generally, a ransom note pops up on the screen. It may direct victims to a page only accessible through Tor, a dark web browser, or to a hacker’s email address, for information on how to pay. The hackers may offer to decrypt a sample file. When they receive confirmation of payment — usually in bitcoin but sometimes in even less traceable forms of cryptocurrency, such as Dash and Monero — they send the software and key to unlock the files. Most hackers live up to their end of the deal, Storfer said. Otherwise, they are denounced as cheaters on websites frequented by victims, researchers and data recovery firms, and their ransom demands lose credibility, he and others said.

Some attackers warn victims to avoid data recovery firms. “Decryption of your files with the help of third parties may cause increased price (they add their fee to our),” said one ransom note posted on Coveware’s website.

More sophisticated cyberattackers cultivate firms like Proven Data as a source of income. The hackers sometimes offer discounts, which Congionti said the company’s “present policy” is to pass on to clients. The dark website for the GandCrab strain offers a “promo code” box on its ransom checkout page exclusively for data recovery firms. After paying a ransom, the firms receive a code for a discount on a future ransom.

***

Proven Data’s rival, MonsterCloud, is run by Pinhasi, who describes himself as a former IT security intelligence officer for the Israeli military. He declined ProPublica’s request to visit its South Florida storefront office, saying it was being renovated. Instead, over a mid-February lunch at Shalom Haifa, a nearby restaurant, Pinhasi guardedly discussed his business.

He said MonsterCloud handles up to 30 calls a day and has about 20 employees in South Florida as well as extensive global contacts. “Our network is in the hundreds,” he said. “Because keep in mind that we have people who we are connected to pretty much all over the globe, who are working with us in various cases.” Asked what these people do, he said, “I can’t really dive into it.”

In some cases, he said, MonsterCloud uses its contacts on the darknet — hidden, anonymous networks that communicate over the internet. “Our goal is to restore the data and help the customer. If we need to walk to the moon on broken glass, we will. We don’t care how, what, where, whatever. Our goal is to get the data out.”

In a video posted online touting MonsterCloud’s services, Pinhasi wears a dark suit and tie and rimless glasses. At lunch, the 43-year-old sported a white long-sleeve T-shirt emblazoned with the logo of teen retailer Abercrombie & Fitch.

Pinhasi said he came to the U.S. in 2002. He told ProPublica that he has led MonsterCloud since 2003, but Florida corporation records show the business began 10 years later. Instead, in 2003, he co-founded a Florida company called PC USA Computer Solutions Providers.

One PC USA client, Maurice Oujevolk, vented his unhappiness on Yelp. Oujevolk hired PC USA for his Sunrise, Florida, model car business, and paid regularly for cloud backup service. In March 2016, his company’s computer system crashed. He called PC USA for help. But Pinhasi told Oujevolk that PC USA’s system had also failed, and complete backups were not available, Oujevolk said. Pinhasi demanded more money to try to recover the files. Oujevolk refused.

“I lost tremendous time and money to rebuild the information that disappeared,” Oujevolk said. He didn’t sue PC USA, he said, because the dispute was impairing his health and he wanted to put it behind him. “I am surprised he can still be doing business in Florida. We were trusting them, and they took our money and disappeared. They had told us we didn’t need to do any backups.”

Pinhasi said that Oujevolk’s was the only complaint he had received in 18 years of service. He said Oujevolk’s “fact recollection was flawed,” and the problem was that the client’s hard drive provided to PC USA for storage was “corrupted.” He said Oujevolk declined PC USA’s offer to send the hard drive to a recovery company in California. Oujevolk said there was no such offer.

Pinhasi flourished financially. Public records show he’s driven three new Mercedes in the past decade and owns two houses in South Florida, including a waterfront home in Hallandale Beach assessed at $1.4 million. Once ransomware took off, he pivoted from cloud services to data recovery.

On its website, MonsterCloud offers “guaranteed results.” It tells prospective clients, “Don’t Pay the Ransom.” Paying the ransom, it says, “doesn’t guarantee you’ll get your data back.” It’s “a risk you don’t want to take. Let our experts handle the situation for you.”

Pinhasi declined to say whether MonsterCloud pays ransoms. “We work in the shadows,” he said. “How we do it, it’s our problem. You will get your data back. Sit back, relax and enjoy the ride.”

The lack of transparency deterred Tim Anderson, an IT consultant based in Houston. When the Nozelesn strain of ransomware attacked one of his clients this past January, he reached out to MonsterCloud. The firm wanted $2,500 for an analysis and up to $25,000 for actual recovery, he said. The ransom was 2 bitcoin, worth about $7,000 at the time.

When Anderson requested an explicit technical description of how MonsterCloud would unlock the files, the firm demurred.

“I immediately smelled a rat,” Anderson said. “How do I know they’re not taking the $25,000 and paying the ransom guy $7,000 of it? The consumer doesn’t know what’s going on.”

He declined MonsterCloud’s services. Instead, his client hired another firm to pay the ransom.

***

Pinhasi points to MonsterCloud’s ties to law enforcement as evidence of its integrity.

“We are trusted by law enforcement and intelligence agencies,” he said. “We recently met with the FBI to share with them our deep knowledge of Ransomware, and we often share with them our cyberintelligence gathering findings. They wouldn’t waste their time with us if we were a deceptive company.”

John Pistole, a former deputy director of the FBI under Robert Mueller, is featured in a promotional video on MonsterCloud’s homepage. “Police departments, government agencies, hospitals, small business and Fortune 500 firms trust MonsterCloud to help recover from attacks and protect against new ones,” Pistole said in the video. “MonsterCloud’s proprietary technology and expertise protects their professional reputations and organizational integrity.”

Pistole, who also headed the Transportation Security Administration under President Barack Obama, is listed on MonsterCloud’s website as the only member of its “Cyber Security Advisory Council.” Now president of Anderson University in Indiana, he said in an interview that he became acquainted with Pinhasi after MonsterCloud reached him through a speaker’s bureau. Pistole said that MonsterCloud pays him indirectly through the bureau.

Pistole said his testimonial was scripted by Pinhasi. He is well aware, he said, that in most cases the only way to decrypt computers hit by ransomware is to pay the hackers. That’s MonsterCloud’s approach, he said.

“The model I’m used to is, you pay the ransom,” he said. “That’s the business model as I understood it last year when I did my initial look at it after meeting Zohar. … Based on my experience and knowledge, ransom is paid and they facilitate the best practices moving forward.”

Pistole is listed in Florida corporation records as an “authorized member” of another company run by Pinhasi, Skyline Comfort LLC. Pistole said that Skyline’s business plan is putting massage chairs in airports. For a few minutes’ massage, passengers would pay a fee, which Skyline would split with the airport authority. Pistole said that he connects Pinhasi with airport officials and will be paid if the company becomes profitable. A former TSA colleague and Pinhasi’s brother-in-law are also involved in Skyline, he said.

In other testimonials on MonsterCloud’s website, four local law enforcement agencies praise the firm for restoring their data following ransomware attacks. ProPublica spoke with all but the Kaufman, Texas, Police Department, which did not respond to messages. Officials at the three departments we spoke with were all under the impression that MonsterCloud decrypted their computer networks without paying a ransom.

Chief Deputy Ward Calhoun of the Lauderdale County Sheriff’s Office in Meridian, Mississippi, which enlisted MonsterCloud after a ransomware attack in May 2018, said in an interview that other victims seek his advice “once or twice a month.” He tells them that MonsterCloud can help them. “The danger is, even if you give money to hackers, you don’t know you’re gonna be able to unlock your data anyway,” he said. “We decided we weren’t going to do that. We went with MonsterCloud instead.”

The Trumann, Arkansas, Police Department was another satisfied customer. When its computer system was infected in November, decades’ worth of data including case notes, witness statements, affidavits and payroll records were frozen. The department’s IT manager came across MonsterCloud on a Google search while “frantically looking for a way to fix the problem,” said the chief of police, Chad Henson.

Henson, who oversees about two dozen officers serving a population of 8,000, said he was reassured about MonsterCloud’s capabilities when he discovered “how friendly they are to law enforcement and to government entities.”

“That’s when we made the phone call to them,” he recalled. “They said: ‘Don’t worry about it. We are pretty sure we can get everything back.’”

Another reason he chose MonsterCloud, he said, was that it wouldn’t pay the ransom. “I’m the one in the seat, the one charged to safeguard the department,” he said. “To turn around and spend taxpayer money on a ransom — that is absolutely the wrong decision. It is the nuclear option. But with MonsterCloud, we can just remove that option.”

MonsterCloud restored the Police Department’s files within 72 hours and assured the department it did not pay a ransom, Henson said. In return for the testimonial, it waived its $75,000 fee.

MonsterCloud’s contract with the Trumann Police, obtained under a public records request, calls its recovery method a “trade secret” and says the firm would not explain the “proprietary means and methods by which client’s files were restored.” It also says that if “all possible means of directly decrypting client’s files have been exhausted,” the firm would attempt to recover data by “communicating with the cyber attacker.”

Pinhasi said that the Trumann department was crippled by the Dharma strain of ransomware. Wosar and Michael Gillespie, a software analyst in Illinois whom the FBI has honored with a community leadership award for his help on ransomware, said there was no known way of decrypting the Dharma ransomware in use at the time. They said MonsterCloud must have paid a hacker.

MonsterCloud also received a testimonial in lieu of a fee from the Lamar County, Texas, Sheriff’s Office. A May 2018 ransom note said: “You are unlucky! The terrible virus has captured your files!” The sheriff’s office brought in MonsterCloud, which “did an excellent job,” said Lamar County network administrator Joel Witherspoon.

He said MonsterCloud contacted the hacker, who was demanding 1 bitcoin, worth about $8,000 at the time. Witherspoon then told the company that the county wouldn’t pay the ransom. MonsterCloud didn’t answer him, he said.

“I don’t think they would ever pay” the ransom, Witherspoon said. “They just said they had a team of specialist engineers working on it.”

Pinhasi declined to say how MonsterCloud retrieved the law enforcement agencies’ data but noted that it did so for free. “We provide complimentary services to law enforcement agencies,” he said. “There has never been one cent of taxpayer money used for any ransom we’ve been involved with.”

***

Witherspoon was especially impressed by his primary contact at MonsterCloud, Zack Green. “Zack’s title, dear God, it’s a mile long title. He seems to know a lot.”

Green’s titles on his email signature include “Ransomware Recovery Expert,” “Cyber Counterterrorism Expert,” “Cyber Crime Prevention Expert” and “Cyber Intelligence Threat Specialist.” We called MonsterCloud asking for Green but were told he was in a meeting. Cybersecurity experts said the credentials he lists are not actual industry designations.

Pinhasi said Green is an alias, but he declined to say for whom. “We go based on aliases, because we’re dealing with cyberterrorists,” he said.

After we told Witherspoon that Green was an alias, his opinion of MonsterCloud changed. “It makes me think, ‘Did we get attacked, or did they attack us?’ I am surprised,” he said.

Some tributes to MonsterCloud on its website may also be fabricated. Under a section titled “Real Testimonials,” MonsterCloud posted 58 five-star Google reviews from clients like “Brad Stevens” and “Sam Smith” — the names of the Boston Celtics coach and a Grammy Award-winning singer, respectively. The reviews were replete with exclamation points and details of MonsterCloud’s heroics. A Google search showed that about half of them were submitted six months ago, when some of those same reviewers, including Stevens and Smith, also raved about a skin-care establishment down the street from MonsterCloud’s office. The two businesses share the same marketing director: Boris Zion.

Under his own name, Zion gave MonsterCloud a five-star Google review and more plaudits on TrustPilot.

“MonsterCloud is #1 ransomware company hands down!” he wrote in October. “I knew them for a while before I became a customer [when] I found myself in situation where my business was attacked.”

Pinhasi and Zion said that the testimonials are legitimate. “We sent out an email to our clients to ask for reviews as many businesses do, so many of our reviews came in around the same time,” Pinhasi said. Zion acknowledged it was “kind of coincidental” that the same customers had praised MonsterCloud and the skin care company. He said that it’s challenging to persuade publicity-shy ransomware victims to post positive reviews. “For the most part, nobody wants to write a review online,” he said. “You don’t tell anybody that you got hacked.”

He said that he couldn’t recall when he was attacked by ransomware, or by which strain. “I’m a marketing guy, not a cybersecurity expert,” he said. He agreed to send us the ransom note but never did.

After defending the reviews, MonsterCloud on Tuesday removed them from its website.

***

Storfer soon realized that neither his co-workers nor his bosses, brothers Victor and Mark Congionti, had much expertise in writing computer programs to disable ransomware. Before they started Proven Data, Mark Congionti had been a substitute math teacher. Victor Congionti had a more technical background — he had worked as an IT security analyst for an insurance company — but his passion was electronic dance music. Victor was building a side business as a disc jockey and rarely came to the Proven Data office, which was then in Mark’s house in White Plains, New York, Storfer said. The company moved this past March to an office building in Elmsford.

A 2016 resume posted on an archived version of Victor Congionti’s personal webpage said his roles at Proven Data included adding “to existing customer profitability” and “developing new business and strategic partnerships.” In his profile on a roommate-search website, he describes himself as a “foodie,” “fitness junkie” and “party person” who works from home. He told ProPublica that he is no longer a partier now that he has a 4-year-old son and is going to college to study electronic music production.

“We are not coders,” Victor Congionti acknowledged. He said Proven Data uses its network “to research any emerging ransomware variants and the potential for cracking encryptions.”

Richard Moavero, Proven Data’s client services manager, said that Mark Congionti is more involved than Victor in running the company day to day, including negotiating with hackers. “Mark’s really cool about it,” Moavero said. “If it was up to me, I’d punch them through the computer. His demeanor is really good in dealing with these people. Just the way he doesn’t get flustered. … He’s able to take the emotional part out of it.”

The Congionti brothers established Proven Data around 2011 primarily to recover information from broken hard drives and cameras and other hardware. As ransomware proliferated, and calls poured in from prospective clients seeking help releasing their encrypted files, the business model shifted, according to Victor Congionti and a review of the company’s archived web pages.

During his year and a half at Proven Data, Storfer fielded hundreds of these calls. He took a “don’t ask, don’t tell,” approach to informing clients that Proven Data would pay their ransoms.

If they didn’t ask, “it was more of a lie by omission,” he said. If they asked, he told the truth. But some of those clients still requested a non-itemized receipt that didn’t break out the bitcoin ransom price separately.

“There were people who would ask us specifically not to put the bitcoin price on it,” he said. “By hiring a business like that, it does give you a kind of plausible deniability.”

His predecessors took a different approach. Storfer said he’s been told by the FBI that Proven Data’s staff used to rely on “canned responses” that gave clients two options for data recovery. The first was paying the ransom. The second option was to unlock the files using Proven Data’s technology. Unbeknownst to clients, Storfer said, the second option didn’t exist. If they chose it, Proven Data paid the ransom anyway.

Victor Congionti said that Proven Data employees “did use and still use scripts,” which he also called “canned responses.” Asked about the two options, he didn’t answer directly, but said, “If we have ever found any scripts to be misleading or perceived the wrong way, we would make the necessary changes immediately.”

Some clients became suspicious. After its networks were frozen by ransomware in June 2016, Safford, Arizona, hired Proven Data, said Cade Bryce, the city’s systems administrator.

Proven Data case manager Brad Miller told the city in an email that the company’s engineers had analyzed a sample file and found there was a “high chance for data recovery” by “using our streamlined process and latest technology.” Miller acknowledged the company’s price “can be high” and suggested that the city’s insurance “may cover the cost.”

According to Storfer and Victor Congionti, Brad Miller was an alias that the company used for overseas freelancers. “Their names can be complex,” Victor Congionti said. “We used this alias to simplify things.” He said the company has stopped using the alias “as we saw the confusion it could create. We did not view it as deceptive. It was for convenience.”

About a week later, Proven Data told the city that the “decryption process has completed successfully.” But the city later discovered that some files remained locked, Bryce said. Proven Data opened a new case and insisted on charging the city once more. Safford acquiesced — its insurance company ultimately reimbursed most of the total bill of $8,413 — but Bryce wondered why it had to pay twice if Proven Data already had the solution.

“If their algorithms did the first one, why couldn’t they do the second?” he said in an interview.

In mid-August, Proven Data gave up. “We haven’t had any luck decrypting this remaining variant and contact to the hackers has not yielded any results as well,” it said in an email.

Wosar and Gillespie said the most likely explanation was that Proven Data paid the ransom, but that bugs in the ransomware permanently damaged the files.

Sam Napier, the city’s IT administrator, shared the company’s update with Bryce. “I think you were right about them working with the hackers and adding a fee,” Napier wrote. Victor Congionti declined to comment on the Safford case.

***

One part of Storfer’s job was listening sympathetically to panicked IT managers who were confused and ashamed about the attacks on their organizations and fearful of losing their jobs. Another was bonding with cybercriminals, in the hope of reducing the ransom price.

Often, the victims who contacted Proven Data had already berated their attackers. Annoyed, some hackers would demand more money, and others would disappear, Storfer said.

“People would get into a pissing contest with the hacker and try to incite them,” he said. “Because they have all the power, they don’t take nicely to antagonistic behavior. You really want to unfortunately befriend them in some way or ingratiate yourself because you want to try to find some empathy.”

Moavero, the client services manager, agreed. “It’s not like one of those things where you can just get on and vent with them, because then they’ll just shut right off,” he said. “You have to treat them with kid gloves sometimes.”

Storfer often didn’t know who he was dealing with. It could have been the ransomware creator or a middleman. Some of the people or crime organizations that develop ransomware strains also handle functions such as infecting computer networks, sending ransom notes and collecting payments. Others license the ransomware to intermediaries for a fee. From clues in their emails, such as video game references, he could sometimes tell which attackers came from the same hacker group.

Storfer said Proven Data kept a list of hackers who could supply decryption keys quickly and cheaply as needed. He bargain-hunted by stirring up “market rate competition” among them. “Even though one group may have done the hacking, a different group could provide you with the key,” he said.

“There are some hackers who would charge 1 bitcoin, which at its peak when they were doing this was about $10,000, to decrypt one machine,” he said. “Another hacker might have been able to do it for $4,000.”

In such cases, the interlopers would not supply Proven Data with a master key, which would have enabled the company to clear future incursions of the same ransomware for free. Instead, they would send a decryption key for the specific attack and victim. The attackers might never know they had been bypassed for payment, because some don’t track each victim among the thousands targeted.

Storfer learned quickly never to use the term “hacking.” Instead, he would assume his correspondent “thinks they’re a businessman,” Storfer said. “I’d say: ‘Look, we can’t afford this at this time. Do you mind providing your product at a lower rate?’ And it worked,” he said. “They’re doing a job where everyone hates them, so feeling like they were respected made them work with us. I like to think empathy goes a long way.”

The rapport sometimes reaped discounts. “We were able to get a $5,000 ransom lessened to $3,000 because they knew we could deliver it exactly when we said we were going to get it to them,” Storfer said.

Once the attackers agreed to lower the ransom for one client, it was easier to persuade them to reduce it for others, as well. He’d tell them, “‘Look, we have another client who you may be able to help. Can you provide this pricing?’ Their response is: ‘Sure thing.’”

Though successful, his tactics made Storfer uneasy. “It’s one of the weird kind of gray areas that I never felt comfortable with — that I had to interact and almost befriend these individuals,” he said. “But for the good of helping people that we were dealing with and making their lives easier, I thought it was a real benefit.”

Storfer usually didn’t reveal his company to hackers. Still, by using the same anonymous email address repeatedly, he became familiar to them. The hackers would “want to verify that we worked with them before.”

“And I want to be clear, ‘worked with them’ being the most accurate term, but I want to say that there is no love in this agreement,” Storfer said. “I’m using terms like ‘working with them’ but it’s the skin-crawliest way to describe it, because we truly hate them. And it was something that we would openly talk about — about how creepy and crawly we felt in general to have to put yourself on their side and empathize with these individuals to get them to work with you. Because you kind of have to shed your skin afterwards.”

Despite Storfer’s best efforts, sometimes the hackers behaved erratically. Proven Data would pay the requested ransom, but they would not respond. At such times, Storfer would share the attacker’s email address and details of the snub with other hackers in the same group.

Then the hacker “would come back and say, ‘Sorry, I’ve been on a coke binge for three weeks.’” Storfer said.

***

For the FBI, retracing individual victims’ ransom payments has rarely been a priority. But Proven Data’s startling success in decrypting ransomware drew the attention of a bureau office in Anchorage, Alaska.

In April 2016, a strain of ransomware called DMA Locker infiltrated the computer files and backups for Leif Herrington’s real estate brokerage in Anchorage. The ransom note demanded 4 bitcoin, then worth about $1,680. Herrington called the FBI. “They said, ‘There’s thousands of these going on every day, we don’t have the resources to do anything,’” Herrington said.

Herrington’s son looked into the attack, discovered there was no known way to decrypt the files and suggested his father pay the ransom. After unsuccessful attempts to pay the ransom on his own and through a local IT firm, Herrington called Proven Data. It told him it could unlock his files for $6,000.

“They represented that they had proprietary software they developed to unencrypt,” Herrington said. “They never said anything about paying the ransom.”

A January 2018 FBI affidavit, seeking a search warrant to obtain information from Proven Data and its email provider, lays out what happened next. Herrington’s IT consultant, Simon Schroeder, gave Proven Data a sample infected file for evaluation. During a follow-up appointment a couple of days later, Schroeder granted remote access to Proven Data and watched as it unlocked a set of files in 45 minutes.

The firm cleared the files so quickly that Schroeder suspected it paid the ransom. Although Herrington was back in business, he called the FBI again. An agent came to his office to ask about Proven Data, Herrington said, adding that he and Schroeder turned over all their documents.

Herrington told the agent that he didn’t know whether Proven Data “actually had keys or if they were in cahoots with the ransomware attackers and just collected the money,” he said. “I suggested to the FBI that they would want to investigate them, whether they were somehow in partnership with the ransomware people.”

The FBI confirmed his hunch. Records provided to the FBI pursuant to a federal grand jury subpoena showed 4 bitcoin flowing from a Proven Data account to the online wallet that the attackers had designated for payment. An email from the hacker’s address thanked Proven Data for the payment and included instructions on decrypting Herrington’s files.

“Subsequent investigation by the FBI confirmed that PDR was only able to decrypt the victim’s files by paying the subject the ransom amount,” the affidavit said.

The bureau interviewed Proven Data’s co-owners, the Congionti brothers. Mark Congionti acknowledged that at the time of the attack, there was no known way to unlock the files aside from paying the hacker, the affidavit said. (An FBI spokeswoman said in January that the bureau could not discuss the case because it was active. The U.S. Department of Justice declined this month to identify the target of the investigation or to say if it’s still ongoing. As yet, no charges have been publicly filed.)

Victor Congionti acknowledged that the company paid Herrington’s ransom. “It was the only option to get his data back,” he said. “We regret that he felt misled. … There was obviously a misunderstanding as to how we would solve his problem. We have re-examined all of our practices and procedures to ensure that such a misunderstanding does not occur again.”

The FBI agent discussed the possible legal nuances with Herrington. “The FBI did explain if they were up front, that was legal, but that if they represented they had the technology to do it, it might not be,” Herrington said. “They were not being up front about it. They said they had technological expertise.”

Also at issue was whether Proven Data had “any working relationship with the ransomware people,” Herrington recalled the agent saying. “The FBI was concerned that even if these companies were paying the ransom, it is encouraging the ransom people. By paying, they’re effectively keeping these guys in business.”

Proven Data had several hundred email exchanges with the addresses associated with DMA Locker attacks, according to the FBI affidavit. As with the SamSam hackers, Proven Data used its own email addresses with DMA Locker. “We interacted directly with them,” Storfer said.

Victor Congionti said Proven Data later determined that using its own address with hackers was “not advisable” and abandoned the practice.

Storfer wondered if the hacker behind DMA Locker was a British soccer fan because his emails contained references to Manchester United including one username of “John United” and another honoring former team manager Alex Ferguson. The ransom price was in British pounds, an unusual currency in ransomware circles, he said.

“DMA was actually a very good, nice negotiator for the most part,” Storfer said. “He was very clear, straightforward,” and wrote “very proper English. And he had a tool that worked impeccably well, and he would even troubleshoot for you.”

Normally, attackers don’t send the key until they’re notified that the ransom has been paid, typically via a bitcoin transaction ID number. But the DMA Locker hacker was so familiar with Proven Data’s wallet IDs that sometimes he sent a decryption key as soon as he saw the bitcoin transaction post on the Blockchain, the electronic public ledger of transactions.

“One of the weird benefits was that he knew our wallets enough that every time we sent him a payment, he would send us a key before we could send a transaction ID,” Storfer said. “He would literally sit on the blockchain, and just be like, ‘Oh ya, Proven, let me give you guys some keys.’”

Victor Congionti said he wasn’t “aware of this type of familiarity. If it did occur, we had no control over it.”

When the hacker decided to retire from the ransomware business, he let Proven Data know — and proposed one last deal.

“He literally said: ‘Hey, I’m shutting down service. Do you have any other clients that need keys? I’m doing this super discount for any of them,’” Storfer said. “I actually consider that one of the benefits of being friendly with — the biggest air quotations — the hackers.”

***

Proven Data raised Storfer’s salary, he said. But his conscience was weighing on him, especially after the FBI began questioning Proven Data employees in the Alaska case.

He worried that he was abetting a sophisticated form of organized crime. He struggled to justify his line of work to his family and friends, some of whom teased him for answering late-night hacker emails.

“Do I miss ever having to explain what my job is to anyone else? No,” Storfer said. “Having that conversation and trying to explain, oh what do you do? Oh, I negotiate with hackers for a living. … It is a very weird business, and it is one of the reasons I couldn’t stay in the field.”

After a year and a half at Proven Data, he decided to leave the industry. But he wavered in this resolve when Coveware, the Connecticut firm that is transparent about paying ransoms, sought to recruit him. Siegel, who co-founded Coveware in 2018, said he wanted to hire Storfer because of his familiarity with ransomware.

In the end, Storfer chose a job outside the data recovery industry. “I just decided that I wanted to get out of the space because I felt uncomfortable. … The realm where Proven Data and MonsterCloud and Coveware and all these groups act in is the Wild West. They set their own rules.” Victor Congionti confirmed that Storfer left voluntarily.

Moavero, who joined Proven Data soon after Storfer left, also had no background in cybersecurity. “I responded to an online ad looking for a head of customer service,” he said. “I had no clue what Proven Data did. … Ransomware? I had to go home and look up ransomware. It’s been a whirlwind.”

Even after Storfer left Proven Data, it still paid the SamSam hackers. Chainalysis found that on November 16, 2018, 1.6 bitcoin, or about $9,000 at the time, moved from Proven Data’’s wallet to a digital currency address associated with the SamSam attackers — an intermediary step on the chain to the Iranian-controlled wallet. Twelve days later, the Iranians were indicted, and payments into their wallets were banned.

Today, hardly any money is left in those Iranian wallets.

Garen Hartunian contributed to this report.

The post THE TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers appeared first on Emsisoft | Security Blog.

0 notes