This Small Tech Company May Be a Ransomware Front Group

It seems innocent enough: a little-known Canadian company that offers an array of tech and consulting services. But a certificate from that company—a sort of signature that can be tacked onto malware—showed up in two pieces of ransomware last month and leading experts told The Daily Beast they believe the small company is actually a front for at least two Russian ransomware gangs.

The company—cheerily named “SpiffyTech”—has a number of red flags. For one, if you want to look at SpiffyTech’s leadership team, you’re out of luck. They don’t exist.

The site does list four top staffers next to their stylish headshots. But the SpiffyTech operators appear to have stolen each and every photo.

A reverse image search on Google shows the headshots come from a professional photographer’s website. The photographer, Kirill Tigai, confirmed the photos in question were part of a shoot for a different company and said he did not give SpiffyTech permission to use them.

“I think… this website SpiffyTech is a fraud,” Tigai told The Daily Beast. “They just use photos that I made for my clients under different names.”

Another reason experts believe “SpiffyTech” is a front is far more technical.

Hackers frequently steal certificates from actual businesses in order to help their attacks fly under the radar and trick computers into thinking their malware is legitimate. And while it’s possible the hackers did the same here—or tricked a real company into sharing a legitimate “cert”—the shadiness of the site, and its apparent connection to ransomware, leads cybersecurity analysts to believe SpiffyTech is a disguise for something more sinister.

https://www.thedailybeast.com/this-small-tech-company-spiffytech-may-actually-be-a-ransomware-front-group?ref=home