[olliej]

Or their clients are naive I don’t recognize that they’re being charged more to “decrypt” than the cost of the ransom, or (plausibly) the client is intentionally not paying the ransom because they (incorrectly) believe it means they aren’t giving money to criminals.

[XorNot]

Or they maintain back channels to the groups and negotiate discounted rates on the basis of reliability of pay outs.

[olliej]

I was actually wondering about that - or alternatively ye olde protection racket type thing: they being the original authors of the attack.

Of course it’s much more plausible that they’re just scumbags looking to make an “honest” profit of a criminal act.

[Phlarp]

We aren't being presented any evidence that they are playing both sides of the table that brazenly. However, I can't see a situation where if the firm were in a position to stop the ransomware globally that they would actually do so.

Maybe an altruistic individual within the company, but not as a directed managerial effort.

[olliej]

Like I said - probably just general scummy behavior rather than criminal behaviour

[wolco]

I believe they would because the press will be worth it for future business. Not all ransomware but certain strains.

[Phlarp]

If they are a UK company with a prominent young leader it seems just as likely to get you investigated or indicted.

[hcs]

The article says there are groups that will do this for you explicitly, and one hopes for lower fees than the companies that claimed they were doing it without paying the ransom.