Coveware

November 4, 2020

Why Paying to Delete Stolen Data is Bonkers

This post was originally published on this siteCompanies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway. The findings come in […]
May 11, 2021

A Closer Look at the DarkSide Ransomware Gang

This post was originally published on this siteThe FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue. Colonial Pipeline has shut down 5,500 miles of fuel pipe in response to a ransomware incident. Image: colpipe.com New York City-based cyber intelligence firm […]
July 19, 2021

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

This post was originally published on this siteBrowse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. This story isn’t about what organizations do in response to cybercriminals holding their data for hostage, which has become something of a best practice among most of the top […]
November 2, 2021

The ‘Groove’ Ransomware Gang Was a Hoax

This post was originally published on this siteA number of publications in September warned about the emergence of “Groove,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. “An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector. Groove was first announced Aug. 22 on RAMP, a new and fairly exclusive Russian-language darknet cybercrime forum. “GROOVE is first and foremost an aggressive […]