Ransomware actors pivot away from major brands in Q2 2024
Coveware Blog
by Bill Siegel
2M ago
Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks as they attempt to obfuscate their identity in Q2 2024 ..read more
Visit website
RaaS devs hurt their credibility by cheating affiliates in Q1 2024
Coveware Blog
by Bill Siegel
6M ago
Table of Contents Raas Groups Payment Rates Types of Ransomware Attack Vectors & TTPs Industries Impacted Following the FBI disruption of BlackCat ALPHV in Q4, a global Law Enforcement Agency (LEA) consortium also successfully disrupted the LockBit Ransomware-as-a-Service (RaaS) organization which included sanctions on two members of the LockBit organization. While neither of these operations have completely shuttered BlackCat or LockBit, the show of force by LEAs was effective in shaking the confidence of ransomware affiliates and RaaS developers. The actions demonstrated that threat acto ..read more
Visit website
New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying
Coveware Blog
by Bill Siegel
9M ago
Table of Contents Ransomware Bans Payment Rates Types of Ransomware Attack Vectors & TTPs Industries Impacted As the year turns, and weary defenders begin to worry about what new threats will present themselves in 2024, the conversation of ransomware payment bans has resurfaced. This is not a new debate and resurfaces from time to time, so we decided to unpack this issue.  Why would a country consider a ban? The rational answer to this question is that a government would enact a ban because they truly believe the policy would minimize ransomware payments and compel cybercriminals to c ..read more
Visit website
Scattered Ransomware Attribution Blurs Focus on IR Fundamentals
Coveware Blog
by Bill Siegel
1y ago
Table of Contents Scattered Spider Payment Rates Types of Ransomware Attack Vectors & TTPs In Q3 of 2023, several high profile attacks against the gaming industry and other large enterprises were carried out by “Scattered Spider”, aka UNC3944, aka Scatter Swine aka, Muddled Libra, aka Roasted 0ktapus aka possibly sometimes BlackCatALPHV or Rhysida, aka a group of globally distributed teenagers… Attribution is hard in this industry. While we are using a smidge of humor to draw attention to the dilemma, the reality is trying to fit these types of attacks into a perfect box for the sake of ap ..read more
Visit website
Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments
Coveware Blog
by Bill Siegel
1y ago
Table of Contents Cyber Extortion Opportunity Cost Curve Types of Ransomware Attack Vectors & TTPs Industries Impacted In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%. The trend represents the compounding effects that we have noted previously of companies continuing to invest in security, continuity assets, and incident response training. Despite these encouraging statistics, ransomware threat actors and the entire cyber extortion economy, continue to evolve their attack and extortion tactics. Understandin ..read more
Visit website
Big Game Hunting is back despite decreasing Ransom Payment Amounts
Coveware Blog
by Bill Siegel
1y ago
Table of Contents Average Ransom Payment Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Industries Impacted Midway through Q1 the winds of progress shifted, and we observed a material increase in attacks on large enterprises that achieved levels of impact that we had not observed since before the Colonial Pipeline attack in May 2021. In 2019 and 2020 it was fairly common to see large enterprises become completely paralyzed by ransomware encryption. This evolved in the quarters that followed the Pipeline attack. We highlighted the key reasons for ransom payment contraction la ..read more
Visit website
Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022
Coveware Blog
by Bill Siegel
2y ago
Table of Contents Average Ransom Payment Data Exfiltration Types of Ransomware Attack Vectors & MITRE ATT&CK Tactics Companies Targeted The cat and mouse game between ransomware affiliates and defenders spilled into new arenas of combat in Q2 of 2022. The looming question “What will happen once Conti disappears?” was answered rather quickly; nothing really changed except for name plates. The diaspora of Conti affiliates that was precipitated the Conti Leaks / Russian - Ukrainian invasion, were absorbed by existing and new Ransomware-as-a-Service (RaaS) groups such as Black Basta, Black ..read more
Visit website
HSGAC Hearing Recap: Ransomware Attacks and Ransom Payments Enabled by Cryptocurrency
Coveware Blog
by Bill Siegel
2y ago
One of the critical components to addressing the problem of ransomware is data aggregation. A recently passed law, the Cyber Incident Reporting Act, provides a key element to data aggregation: mandatory incident reporting. The staff of the HSGAC has also performed some critical research into the topic by publishing two reports. One is a case study on the impact of ransomware attacks on US companies. The other focuses on the ransomware money laundering process and the use of cryptocurrency.  We had the opportunity to provide testimony and answer questions to the HSGAC recently. We have pos ..read more
Visit website
Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting
Coveware Blog
by Bill Siegel
2y ago
Table of Contents Average Ransom Payment Big Shame Hunting Types of Ransomware Attack Vectors MITRE ATT&CK Tactics Companies Targeted No Silver Bullets, Just Pressure and Time In the fight against ransomware, there is no magic bullet or single solution that will fix ANY aspect of this problem. Much as there is no single way to secure a network, there is no single method to make the unit economics of cybercrime worse for attackers. This is a double edged sword. For constituents that are in this fight for the long haul, the complexity of the problem actually allows for many levers to be test ..read more
Visit website
How the Russian/Ukraine war may lead to an explosion in Ransomware attacks
Coveware Blog
by Bill Siegel
2y ago
Before the start of the Russian / Ukraine war, there had been steady, yet fragile improvements to contract the scope of ransomware attacks. Law enforcement operations had been ramping up, with multiple arrests, disruptions and seizures. Even Russia had shown a glimmer of cooperation by arresting several high profile members of a notorious ransomware group.  Since the invasion of Ukraine, these trends have been overwhelmed by new warnings of direct cyber attacks from Russian State actors or targeted wiper attacks spilling out of the conflict. While these risks are very real, the socio-econ ..read more
Visit website

Follow Coveware Blog on FeedSpot

Continue with Google
Continue with Apple
OR