General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThis Small Tech Company May Be a Ransomware Front Group
It seems innocent enough: a little-known Canadian company that offers an array of tech and consulting services. But a certificate from that companya sort of signature that can be tacked onto malwareshowed up in two pieces of ransomware last month and leading experts told The Daily Beast they believe the small company is actually a front for at least two Russian ransomware gangs.
The companycheerily named SpiffyTechhas a number of red flags. For one, if you want to look at SpiffyTechs leadership team, youre out of luck. They dont exist.
The site does list four top staffers next to their stylish headshots. But the SpiffyTech operators appear to have stolen each and every photo.
A reverse image search on Google shows the headshots come from a professional photographers website. The photographer, Kirill Tigai, confirmed the photos in question were part of a shoot for a different company and said he did not give SpiffyTech permission to use them.
I think
this website SpiffyTech is a fraud, Tigai told The Daily Beast. They just use photos that I made for my clients under different names.
Another reason experts believe SpiffyTech is a front is far more technical.
Hackers frequently steal certificates from actual businesses in order to help their attacks fly under the radar and trick computers into thinking their malware is legitimate. And while its possible the hackers did the same hereor tricked a real company into sharing a legitimate certthe shadiness of the site, and its apparent connection to ransomware, leads cybersecurity analysts to believe SpiffyTech is a disguise for something more sinister.
https://www.thedailybeast.com/this-small-tech-company-spiffytech-may-actually-be-a-ransomware-front-group?ref=home
halfulglas
(1,654 posts)Does anybody really use spiffy any longer? I can't remember the last time somebody said to me "That's really spiffy."
Jilly_in_VA
(10,075 posts)"Fraud Guarantee"?
Tetrachloride
(7,963 posts)ret5hd
(20,607 posts)Tetrachloride
(7,963 posts)not to mention the recertification, drivers license, birth certificate, certification fees, PCR results and the goodwill of one of the immigration officers. I was certified.
The original Apple App Store developer certificate originally was also fairly thorough. Apple called me personally to say I passed. (I dont know what they do these days.) Then, Every line of code had to pass certain tests.
That company was never certified in person.
A digital certificate is only electrons.
Same word, different quality.