Coveware Blog
76 FOLLOWERS
The Coveware team prides itself on keeping up-to-date, 24/7 with every aspect of ransomware and its possible threat to your business. Coveware helps businesses recover with speed and confidence when the latest evolution of ransomware strikes.
Coveware Blog
2M ago
Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks as they attempt to obfuscate their identity in Q2 2024 ..read more
Coveware Blog
6M ago
Table of Contents
Raas Groups
Payment Rates
Types of Ransomware
Attack Vectors & TTPs
Industries Impacted
Following the FBI disruption of BlackCat ALPHV in Q4, a global Law Enforcement Agency (LEA) consortium also successfully disrupted the LockBit Ransomware-as-a-Service (RaaS) organization which included sanctions on two members of the LockBit organization. While neither of these operations have completely shuttered BlackCat or LockBit, the show of force by LEAs was effective in shaking the confidence of ransomware affiliates and RaaS developers. The actions demonstrated that threat acto ..read more
Coveware Blog
9M ago
Table of Contents
Ransomware Bans
Payment Rates
Types of Ransomware
Attack Vectors & TTPs
Industries Impacted
As the year turns, and weary defenders begin to worry about what new threats will present themselves in 2024, the conversation of ransomware payment bans has resurfaced. This is not a new debate and resurfaces from time to time, so we decided to unpack this issue.
Why would a country consider a ban?
The rational answer to this question is that a government would enact a ban because they truly believe the policy would minimize ransomware payments and compel cybercriminals to c ..read more
Coveware Blog
1y ago
Table of Contents
Scattered Spider
Payment Rates
Types of Ransomware
Attack Vectors & TTPs
In Q3 of 2023, several high profile attacks against the gaming industry and other large enterprises were carried out by “Scattered Spider”, aka UNC3944, aka Scatter Swine aka, Muddled Libra, aka Roasted 0ktapus aka possibly sometimes BlackCatALPHV or Rhysida, aka a group of globally distributed teenagers…
Attribution is hard in this industry.
While we are using a smidge of humor to draw attention to the dilemma, the reality is trying to fit these types of attacks into a perfect box for the sake of ap ..read more
Coveware Blog
1y ago
Table of Contents
Cyber Extortion Opportunity Cost Curve
Types of Ransomware
Attack Vectors & TTPs
Industries Impacted
In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%. The trend represents the compounding effects that we have noted previously of companies continuing to invest in security, continuity assets, and incident response training. Despite these encouraging statistics, ransomware threat actors and the entire cyber extortion economy, continue to evolve their attack and extortion tactics.
Understandin ..read more
Coveware Blog
1y ago
Table of Contents
Average Ransom Payment
Types of Ransomware
Attack Vectors & MITRE ATT&CK Tactics
Industries Impacted
Midway through Q1 the winds of progress shifted, and we observed a material increase in attacks on large enterprises that achieved levels of impact that we had not observed since before the Colonial Pipeline attack in May 2021. In 2019 and 2020 it was fairly common to see large enterprises become completely paralyzed by ransomware encryption. This evolved in the quarters that followed the Pipeline attack. We highlighted the key reasons for ransom payment contraction la ..read more
Coveware Blog
2y ago
Table of Contents
Average Ransom Payment
Data Exfiltration
Types of Ransomware
Attack Vectors & MITRE ATT&CK Tactics
Companies Targeted
The cat and mouse game between ransomware affiliates and defenders spilled into new arenas of combat in Q2 of 2022. The looming question “What will happen once Conti disappears?” was answered rather quickly; nothing really changed except for name plates. The diaspora of Conti affiliates that was precipitated the Conti Leaks / Russian - Ukrainian invasion, were absorbed by existing and new Ransomware-as-a-Service (RaaS) groups such as Black Basta, Black ..read more
Coveware Blog
2y ago
One of the critical components to addressing the problem of ransomware is data aggregation. A recently passed law, the Cyber Incident Reporting Act, provides a key element to data aggregation: mandatory incident reporting. The staff of the HSGAC has also performed some critical research into the topic by publishing two reports. One is a case study on the impact of ransomware attacks on US companies. The other focuses on the ransomware money laundering process and the use of cryptocurrency.
We had the opportunity to provide testimony and answer questions to the HSGAC recently. We have pos ..read more
Coveware Blog
2y ago
Table of Contents
Average Ransom Payment
Big Shame Hunting
Types of Ransomware
Attack Vectors
MITRE ATT&CK Tactics
Companies Targeted
No Silver Bullets, Just Pressure and Time
In the fight against ransomware, there is no magic bullet or single solution that will fix ANY aspect of this problem. Much as there is no single way to secure a network, there is no single method to make the unit economics of cybercrime worse for attackers. This is a double edged sword. For constituents that are in this fight for the long haul, the complexity of the problem actually allows for many levers to be test ..read more
Coveware Blog
2y ago
Before the start of the Russian / Ukraine war, there had been steady, yet fragile improvements to contract the scope of ransomware attacks. Law enforcement operations had been ramping up, with multiple arrests, disruptions and seizures. Even Russia had shown a glimmer of cooperation by arresting several high profile members of a notorious ransomware group.
Since the invasion of Ukraine, these trends have been overwhelmed by new warnings of direct cyber attacks from Russian State actors or targeted wiper attacks spilling out of the conflict. While these risks are very real, the socio-econ ..read more