Ransomware attacks and other cybersecurity threats are hitting companies across the federal supply chain, leaving businesses and government agencies vulnerable to major data breaches and financial losses. In this episode of "Security Clearance Insecurity," host Lyndy Kyzer speaks with GroupSense CEO, Kurtis Minder, about the latest cyber threats and best practices for protecting against them.
Security Clearance Insecurity
By Editorial Team on Mar 20, 2023 9:45:57 AM
Topics: Blog Ransomware Podcast
Panel: The Evolving Threat of Ransomware
By Editorial Team on Mar 16, 2023 9:00:00 AM
Join our partner NTT Data Services for their upcoming webinar panel, "The Evolving Threat of Ransomware," this March 29. GroupSense CEO Kurtis Minder will join industry experts to talk about the rapidly changing world of ransomware threats. The panelists will dissect modern ransomware attacks that jeopardize businesses across various sectors. Register here to save your spot.
Discover how a new generation of cybercriminals and their ransomware-as-a-service schemes are putting SME/SMBs in the crosshairs, launching the effectiveness and volume of ransomware to unprecedented heights. Learn how these cunning operators exploit the primal fears of data loss and exposure to create a sense of urgency, driving their victims to act impulsively.
Ransomware operators prey on the fear of data loss which sparks emotions that drive their targets to react right away. The fear of embarrassment and their sensitive data being exposed to the world increases the stakes of every ransomware attack.
Know the panelists:
Haroon Malik: Director – NTT Data
Kurtis Minder: CEO - GroupSense
Morgan Wright: Chief Security Advisor - SentinelOne
Brian Stockbrugger: Sr. Cloud Security Architect - Microsoft
Mike Landeck: Director of Security Services - NTT DATA Services
Salvatore Perlangeli: Heart of Threat Defense Practice - NTT DATA Italia
Topics: Webinar Events
One Big Thing
By Editorial Team on Mar 15, 2023 9:00:00 AM
GroupSense CEO Kurtis Minder was featured in the Tuesday, March 14 issue of the Axios Codebook Newsletter. The "1 big thing" section is focused on the increasing threat posed by ransomware gangs and their extreme blackmail tactics. These cyber criminals have been fine-tuning their strategies to maximize their profits and inflict more damage on their victims. Ransomware attacks involve the use of malware that encrypts a victim's files, making them inaccessible until a ransom is paid. The attackers typically demand payment in cryptocurrency, making it difficult to track the money and identify the criminals.
Ransomware gangs have evolved their tactics, not only encrypting victims' files but also stealing sensitive data before locking it down. This technique is called "double extortion," where the criminals threaten to publish or sell the data if the ransom is not paid. The gangs are also targeting larger organizations and demanding higher ransoms, with some demanding payments of up to $50 million.
The section also highlights Kurtis' contributions to the fight against ransomware. He has been a vocal advocate for proactive measures to prevent ransomware attacks, including monitoring networks for signs of an attack and training employees to recognize phishing and social engineering tactics commonly used by ransomware gangs. For many organizations, these measures can prevent cyber attacks and ransomware attacks.
Kurtis' expertise in ransomware has led him to create a "Ransomware Task Force" that includes experts from both the public and private sectors. The task force's goal is to develop a comprehensive strategy to combat ransomware, including prevention, response, and recovery measures. The task force has already published a report with recommendations for improving ransomware defenses, and Kurtis has been actively promoting these recommendations to policymakers and business leaders. Check out the full newsletter here.
Topics: News Blog Ransomware
New National Cybersecurity Strategy Forgets Small Businesses
By Editorial Team on Mar 14, 2023 9:00:00 AM
At first glance, Biden’s recently released National Cybersecurity Strategy appears comprehensive and forward-thinking. It focuses on a number of areas such as strengthening the Cybersecurity and Infrastructure Security Agency (CISA), developing new technologies to detect threats, and increasing international cooperation to fight transnational cybercrime. However, the strategic initiatives laid out in the document are not funded, and in many cases, are not possible without fundamental changes to organizations and their systems. In this blog, we will focus on strategic initiatives 1.4, 2.2, 2.3, and 3.3.
Protect Your Organization From Cyber Threats
By Editorial Team on Mar 3, 2023 10:13:27 AM
Cybercriminals are opportunistic by nature. Repeatable methods like ransomware and business email compromise (BEC) attacks are a quick and easy way for criminals to make money. Fortunately, there are steps your organization can take to prevent these attacks from happening that focus on simple, proactive methods of cybersecurity. Download our guide to get actionable advice today.
Topics: Whitepapers
BBC 4 You and Yours
By Editorial Team on Mar 1, 2023 11:19:53 AM
Last week, GroupSense CEO Kurtis Minder was featured on the BBC 4 news program You and Yours. The presenter, Winifred Robinson, spoke about the effect of the Royal Mail ransomware attack with UK citizens and discussed the severity of the attack with Kurtis.
Topics: News Blog Podcast
The Evolution of Pro-Russian Hacktivism in One Year of War Report
By Editorial Team on Feb 24, 2023 1:52:49 PM
The Russo-Ukrainian War: A Year in Review
One year after Russia's full-scale invasion of Ukraine, we are providing this report summarizing what we have learned while observing the cyber dynamics of this latest stage in the Russo-Ukrainian War.
While experts expected Russia to unleash its full arsenal of cyber capabilities, much of the publicly-known cyber activity associated with the war has come from hacktivist activity among ideologically-motivated actors who have taken the side of Russia or Ukraine.
The report summarizes what we have learned in the past year, highlights the evolution of pro-Russian hacktivism as a significant factor in the cyber realm and provides recommendations for all organizations to consider as this conflict wages on.
Topics: Whitepapers
Cybersecurity: Anyone Can Be Prey
By Editorial Team on Feb 7, 2023 9:00:00 AM
Cybersecurity isn't just for big business. Organizations of all sizes, shapes, and industries can fall prey to cyberattacks. CEO Kurtis Minder was featured on the "C-Suite Blueprint" podcast to talk about the evolution of cybersecurity since Kurtis entered the industry and the things that executives should take seriously when it comes to cybersecurity.
Topics: Blog Podcast
Schools Don't Pay, but Ransomware Attacks Still Increasing
By Editorial Team on Feb 2, 2023 9:00:00 AM
Ransomware gangs have increasingly focused their attacks on the K-12 education sector, even though most school districts do not pay the ransom. But how long will that last? GroupSense CEO Kurtis Minder was featured in a recent TechTarget article exploring the trend of ransomware attacks on education institutions.
Topics: News Blog Ransomware
Is President Biden's Cybersecurity Strategy a Good Idea?
By Editorial Team on Feb 1, 2023 9:13:36 AM
This week, GroupSense CEO Kurtis Minder was featured in Help Net Security's video series. In the video, Kurtis reviews the proposed changes to the US national cybersecurity strategy. In the forthcoming strategy, President Biden recommends a more offensive cybersecurity posture, stating that the US will proactively attack threat actors. Kurtis believes that these changes, while "exciting", are not as effective as a defensive cybersecurity strategy. Watch the full video and check out the article here.
Topics: Blog Video
GroupSense Launches New, Individualized VIP Monitoring Service
By Editorial Team on Jan 31, 2023 9:00:00 AM
Standalone Service Offering Enables Enterprises to Proactively Protect Executives, Aiming to Shrink Overall Attack Surfaces
ARLINGTON, Va. – January 31, 2023 – GroupSense, a digital risk protection services (DRPS) company, today announced an individualized VIP Monitoring service. The new service assesses and monitors high-profile individuals, executive identities, and their extended personal networks to detect exposure and threats, helping to proactively prevent identity theft, fraud, ransomware and other cyber-attacks.
Topics: Press Releases
How to Prevent Ransomware in Critical Infrastructure
By Editorial Team on Jan 26, 2023 9:00:00 AM
Ransomware attacks plagued 14 of the 16 critical infrastructure sectors over the last several years. Cyber criminals are well aware of the emergencies that are caused by a shutdown of critical infrastructure organizations, and they know ransoms will be paid to get operations up and running again. Ransomware attacks represent 28% of the attacks on critical infrastructure, and attacks are on the rise throughout the world in 2022.
Topics: Blog
When Leaders Talk
By Editorial Team on Jan 25, 2023 9:00:00 AM
This week, GroupSense CEO Kurtis Minder was featured on the first episode of the "When Leaders Talk" podcast. The new podcast focuses on success stories, failures, and what is needed to be a good leader. Host Stefano Calvetti pulls on his years in the Italian navy to get down to what makes certain leaders impactful.
Topics: Blog Podcast
The Ransomware Economy
By Editorial Team on Jan 18, 2023 9:00:00 AM
CEO Kurtis Minder was featured on an episode of the "Where Humanity Meets Technology," podcast with host Maurice Hamilton. During the episode, "The Ransomware Economy & Prevention," Kurtis and Maurice cover threat actor profiling, the ransomware economy, and mitigation strategies for organizations to employ.
Topics: Blog Podcast
Killnet Increases Attacks on US Organizations
By Editorial Team on Dec 20, 2022 9:34:13 AM
Throughout the Russian invasion of Ukraine, the pro-Russian hacktivist group Killnet has captured the attention of cybersecurity experts. Killnet originally began as a DDoS botnet service. In January 2022, a threat actor posted an advertisement for the Killnet botnet in Duplikat, a dark web forum for carding, botnets, and other illegal activities. According to the ad, the botnet allowed users to direct traffic without the target’s knowledge. It also claimed that the botnet uses the latest WEB3 technology and that the data is stored throughout the Blockchain. Since January, the nationalist group has targeted pro-Ukrainian countries and organizations in a slew of attacks and experienced organizational shake-up after their leader left.
Topics: Blog
Third-Party Attacks on Critical Infrastructure
By Editorial Team on Dec 15, 2022 9:27:18 AM
Third-party and supply chain attacks have plagued organizations for years, and the attacks keep on coming. These attacks happen when threat actors gain access to your organization’s systems through a third-party, such as a supplier or vendor. Just a few weeks ago, we saw a third-party cyber attack on LastPass that affected GoTo, a remote access and collaboration organization. As a security-focused organization, it may have surprised many that they were impacted, but third-party attacks don’t discriminate.
Topics: Blog
Inside the Mind of a Cyber Criminal
By Editorial Team on Dec 14, 2022 9:00:00 AM
Cyber criminals have a longstanding reputation of being loners who work out of their mom's basement with hoodies on, but cyber analysts know this isn't the case. Over the last decade, cyber experts have observed an uptick of cyber crime-as-a-service, in which criminals operate in larger, business-like crime units. But what if cyber criminals have a personality profile that organizations can look out for?
Topics: News Blog
GroupSense Recognized by Gartner® in 2022 Emerging Tech Impact Radar: Security Report
By Editorial Team on Dec 13, 2022 9:00:00 AM
Report Notes Digital Risk Protection Services Market is Driven by Increasing Need to Have Visibility Into External-facing Assets to Help Prioritize Mitigation and Remediation Efforts
ARLINGTON, Va. – December 13, 2022 – GroupSense, a digital risk protection services (DRPS) company, today announced that Gartner, a company that delivers actionable, objective insight to executives and their teams, has recognized the company as a Sample Vendor in the 2022 Emerging Tech Impact Radar: Security report. This specific report aims to track some of the more impactful emerging technologies and trends driving innovation in the security market, including DRPS.
Topics: News Press Releases
Mitigating ICS and SCADA Vulnerabilities
By Editorial Team on Nov 30, 2022 9:10:12 AM
Our nation’s critical infrastructure is vital to our day-to-day lives. Encompassing 16 sectors, critical infrastructure spans transportation, manufacturing, utilities, and more. When we think of threats to infrastructure, natural disasters immediately come to mind, but cybersecurity incidents have the same potential for destruction, including interrupting manufacturing, supply chain availability, and other vital functions. Manufacturing currently contributes $2.7 trillion to the US economy, contributing heavily to GDP (gross domestic product), job growth, and more. Manufacturers are one of the main user groups of ICS (industrial control systems) and SCADA (supervisory control and data acquisition) technologies.
Topics: Blog
Cyber Experts Buckle Up for the Holidays
By Editorial Team on Nov 22, 2022 10:23:12 AM
The GroupSense team is preparing for the inevitable increase in attacks during the holiday season along with the threat actors perpetrating the attacks. This year, CEO Kurtis Minder spoke with Politico's John Sakellariadis about threat actors playing the Grinch in the Politico cybersecurity newsletter.
Topics: News Blog
GroupSense Announces Partnership with Colley Intelligence
By Editorial Team on Nov 17, 2022 9:00:00 AM
Partnership Expands the Reach of Digital Risk Protection and Intelligence Services to the Legal and Corporate Sectors
Topics: News Press Releases
Election Security in the Midterms
By Editorial Team on Nov 15, 2022 9:34:21 AM
During the midterm elections, national news was seemingly quiet about election interference from foreign powers, but that doesn’t mean there were no incidents. Election interference, especially the cyber variety, doesn’t always come on the day of the election. Whether counties or localities suffered DDoS attacks, wi-fi outages, or other cybersecurity attacks, it can all be chalked up to election interference. Here are a few of the incidents that GroupSense analysts were tracking during last Tuesday's election monitoring.
Topics: Blog Elections
Hacking Humans Podcast with Kurtis Minder
By Editorial Team on Nov 10, 2022 2:07:41 PM
GroupSense CEO and chief ransomware negotiator Kurtis Minder was featured on the Hacking Humans podcast. During the episode, Kurtis speaks with host Dan Bittner about how legislation leaves small businesses out of the discussion of ransomware response.
Topics: Blog Video Podcast
Brick Church Men's Association Breakfast Series
By Editorial Team on Nov 7, 2022 2:25:52 PM
GroupSense CEO Kurtis Minder will be presenting to the Brick Church Men's Association in New York City this November 16 as part of their breakfast series. During the session, Kurtis will talk about preventing ransomware attacks and improving cybersecurity at the personal and organizational levels.
Topics: Events
GroupSense Report: Cybersecurity Threats to Critical Infrastructure
By Editorial Team on Nov 3, 2022 9:00:00 AM
With threats coming from APTs, state-sponsored actors, hacktivists, and cyber criminals, critical infrastructure organizations need to be prepared to defend their assets from all angles. In this report, GroupSense covers the top threats that critical infrastructure agencies are facing and recommended mitigations.
Topics: Whitepapers
Hitting the Moving Target
By Editorial Team on Nov 2, 2022 9:12:25 AM
On October 31, CEO Kurtis Minder was honored to present on the panel, "Hitting the Moving Target: cyber, data privacy and artificial intelligence (AI) compliance and governance," at this year's International Bar Association Annual Conference in Miami, FL.
Topics: Blog Events
Just. Stop. Clicking.
By Editorial Team on Oct 25, 2022 9:16:38 AM
October has been a busy month for GroupSense. During three speaking opportunities including the Trellix Cybersecurity Summit, NVTC’s Capital Cyber Summit, and the Wisconsin Governor’s Cybersecurity Summit, Kurtis Minder has one important takeaway for employees of your organization: Just. Stop. Clicking. Just stop!
Topics: Blog Events
GroupSense Report: The Cyber Warfare Report
By Editorial Team on Oct 20, 2022 9:00:00 AM
Modern warfare isn't just fought with boots on the ground. Throughout Russia's invasion of Ukraine, there have been volleys of cyber attacks designed to make each side weaker. As different countries declare allegiances, state agencies and other critical infrastructure organizations are in the crossfire. GroupSense analysts have spent the duration of the invasion closely monitoring the changing cyber landscape.
Topics: Whitepapers
GroupSense Delivers New Ransomware Negotiation Training Service
By Editorial Team on Oct 19, 2022 9:00:00 AM
Training Service Prepares Ransomware Response Team for Successful Threat Actor Engagement to Mitigate Damage, Protect Brand Reputation, Anticipate Emerging Threats and More
Topics: News Press Releases
Cybersecurity Tips from GroupSense Analysts
By Editorial Team on Oct 5, 2022 9:14:23 AM
This October, GroupSense is celebrating Cybersecurity Awareness Month (CSAM). As a CSAM champion, it’s our duty to pass on lessons learned and practical advice that will make you and your organization more secure. This year, Stay Safe Online, CISA, and CSAM champions are exploring four key behaviors:
Topics: Blog
NVTC Capital Cybersecurity Summit
By Editorial Team on Oct 4, 2022 9:00:00 AM
GroupSense CEO Kurtis Minder is honored to participate in the panel, "Cyber Hacking: Stories from the Front Line," at the NVTC Capital Cybersecurity Summit on October 19th. The panel will explore assessing cyber risk and adequate defense measures to prevent malware, ransomware, and phishing through panelists' stories from the field. Kurtis will share the stage with experts from industry and Federal agencies.
Topics: Events
IBA Annual Conference
By Editorial Team on Sep 29, 2022 3:55:48 PM
The International Bar Association (IBA) Annual Conference is the leading conference for legal professionals worldwide to meet, share knowledge, build contacts and develop business.
It serves to advance the development of international law and its role in business and society to provide members with world-class professional development opportunities to enable them to deliver outstanding legal services.
Topics: Webinar Events
Calling in the Ransomware Negotiator
By Editorial Team on Sep 27, 2022 10:12:47 AM
This week, GroupSense CEO Kurtis Minder was featured on the Lock and Code podcast. During his episode, "Calling in the Ransomware Negotiator," Kurtis and host David Ruiz discuss the intricacies of ransomware negotiation. "In his experience, Minder has also learned that the current debate over whether companies should pay the ransom has too few options. For a lot of small and medium-sized businesses, the question isn't an ideological one, but an existential one: Pay the ransom or go out of business."
Topics: Blog Podcast
Detection and Response, Meet Digital Risk Protection
By Editorial Team on Sep 22, 2022 9:08:02 AM
If you work in the cybersecurity field, you’ve seen an explosion of EDR (endpoint detection and response) tools in the last few years. There are EDR, MDR (managed detection and response), and XDR, (extended detection and response) tools everywhere. That market expansion won’t be slowing down anytime soon— the global market size is expected to grow from $2.6 billion this year to $5.6 billion by 2027.
Topics: Blog
GroupSense Significantly Expands its Partner Ecosystem
By Editorial Team on Sep 21, 2022 9:00:00 AM
Service Providers Including Abacode, BreachBits, Cynergistek, Palladium GmbH and ProVelocity Sign on to Integrate Digital Risk Protection Services into Their Customer Offerings Worldwide
Topics: News Press Releases
Local Elections Are Now More Hostile for Candidates
By Editorial Team on Sep 15, 2022 9:46:34 AM
Local elections are an essential part of our democratic process. Smaller offices typically have a much larger impact on constituents' day-to-day lives, but what happens when those candidates don't feel safe enough to run? Recently, Bloomberg City Lab wrote about the hostility directed at candidates in local elections rising over the last couple of years. GroupSense Director of Intelligence Operations, Bryce Webster-Jacobsen, was featured in the article, commenting on threats to candidates in cyber space.
Topics: News Blog
How Cyber Identity Fraud Impacts the Government
By Editorial Team on Sep 7, 2022 9:00:00 AM
When you think of security in a government agency, lots of images might come to mind: key card scanners, color-coded security clearances, and complex access management systems. If you’ve ever worked for a government agency or contractor, you probably recall the hours of training modules on security protocols. When it comes to controlling access to information, these agencies have things locked down, but much like third-party data breaches or security incidents, there are weak links in the system.
Topics: Blog
What Recent Phishing Attacks Can Teach You About Suspicious Domains
By Editorial Team on Aug 18, 2022 9:34:31 AM
Over the past few months, threat actors carried out highly targeted SMS phishing attacks against Twilio, CloudFlare, and Cisco. With security or cybersecurity practices of their own, threat actors were particularly bold in carrying out these attacks, and they achieved varying levels of success. One thing that threat actors can count on, however, is that people will click on links no matter how much security training they go through— human error caused 82% of breaches in 2021.
Topics: Blog
Prevent a Ransomware Attack on Your Business
By Editorial Team on Aug 11, 2022 10:07:56 AM
GroupSense CEO Kurtis Minder was honored to present at the Metroport Chamber Membership Luncheon on August 10. The Metroport Chamber brings seven business communities together to connect and build lasting partnerships that strengthen the Texas business community.
Topics: Blog Events
Small Businesses Often Left Hanging by Ransomware Scourge
By Editorial Team on Aug 4, 2022 1:51:15 PM
Ransomware is hitting small businesses hard. But most of the legislation, regulations, and headlines focus on large businesses. The math is simple -- large businesses impact many end-users, and they have lots of money to pay lobbyists, so they wind up stealing the show when it comes to ransomware. But what about the local print shop, deli, or accounting office? Even though small businesses are suffering from ransomware 70 percent more often than large businesses (according to the Cyber Edge 2022 Cyberthreat Report), government regulations haven’t changed to accommodate them.
Topics: News Blog
Helping Organizations Protect Themselves
By Editorial Team on Aug 4, 2022 10:03:41 AM
GroupSense COO Kelly Milan was featured on eChannelNews speaking on GroupSense's new MSP partnership program with Provelocity. In the video interview, Kelly and host Julian talk about the challenges that many organizations face when it comes to cybersecurity: looking beyond detection and response. With GroupSense's MSP program, organizations can cost-effectively monitor the cyber crime underground for risk. Because GroupSense operates outside of the firewall, our analysts can be on the same forums where cyber criminals conduct their business. This allows us to monitor for all of the things that a firewall can miss, and creates a more proactive cybersecurity posture.
Topics: Blog Video
Killnet Founder Leaves Hactivist Group
By Editorial Team on Jul 29, 2022 9:00:00 AM
Pro-Russian hacktivist group Killnet has kept very busy since Russia invaded Ukraine. After declaring war against organizations in Ukraine-allied countries, Killnet carried out attacks in Lithuania, Norway, and Italy, to name a few. These attacks have left many wondering if their organizations will be next.
During the week of July 18, GroupSense analysts noted an announcement from Killnet. The group claimed that they would attack Lockheed Martin, a US defense contractor, with a new cyber tool. This attack would be different than most others that Killnet carries out: they will not be using a DDoS (distributed denial of service) attack. GroupSense analysts believe that Killnet continue shifting away from DDoS attacks, and instead carry out hack-and-release attacks. GroupSense analysts provided screenshots and translations from hacking forums with evidence supporting the move from DDoS to hack-and-release.
On July 12, a Killnet affiliate group called Zarya Squad posted six files to Telegram they claim to have stolen from the State Archival Service of Ukraine.
Topics: News Blog
OpSec for Employee Travel
By Editorial Team on Jul 26, 2022 9:00:00 AM
Our last blog, “The OpSec Conversation You Haven’t Had,” highlighted the often-forgotten side of cybersecurity: operational security, or OpSec. The increase in remote work won’t stop anytime soon—research estimates that 36.2 million Americans will work from home by 2025. That’s an 87% increase from pre-pandemic levels. If your organization is starting to reevaluate its cybersecurity policies, a factor worth considering is the work-from-anywhere trend. Since employees can work from anywhere, they can protect your organization from anywhere.
Topics: Blog
Malicious Life Podcast with Ransomware Negotiator Kurtis Minder
By Editorial Team on Jul 21, 2022 9:43:38 AM
GroupSense CEO and chief ransomware negotiator Kurtis Minder was featured on the Malicious Life podcast. During the episode, Kurtis speaks with host Ran Levi about the ransomware negotiation process and how GroupSense's negotiation practice was formed over the past several years.
Topics: Blog Video Podcast
Kurtis Minder at Metroport Chamber
By Editorial Team on Jul 19, 2022 9:38:32 AM
GroupSense CEO Kurtis Minder is honored to present at the Metroport Chamber Membership Luncheon this August 10 in Texas. The Metroport Chamber brings seven business communities together to connect and build lasting partnerships that strengthen the Texas business community.
Topics: Webinar Events
The OpSec Conversation You Haven't Had
By Editorial Team on Jul 13, 2022 9:00:00 AM
As a digital risk protection company, GroupSense finds information in all kinds of places it shouldn’t be. If data has a monetary value, cyber criminals will do everything in their power to attain and sell that information on the dark web. Most security professionals expect to find data on the dark web or cyber crime forums, but they forget about another avenue: the outside world. With employees working from home, at the coffee shop, and in between flights at the airport, it’s not so hard for threat actors to overhear your conversation with a colleague about an important deal or personnel issues. With each bit of information said aloud, a malicious actor gets one more piece of your organization’s puzzle.
Topics: Blog
GroupSense Announces New Managed Service Provider Partnership with Provelocity
By Editorial Team on Jul 12, 2022 12:58:10 PM
Partnership delivers enterprise-grade digital risk protection services to the mid-market
ARLINGTON, Va., July 12, 2022 /PRNewswire/ -- GroupSense, a digital risk protection company, today announced a new Managed Service Provider (MSP) partnership with Provelocity. The partnership will expand the reach of GroupSense's digital risk protection services, including ransomware readiness and response and recovery, to Provelocity's robust client base.
Topics: Press Releases
The Insider Threat Now Lives Outside the Office
By Editorial Team on Jul 6, 2022 3:50:53 PM
GroupSense CEO and Co-Founder Kurtis Minder was recently featured in SC Media with his article, "The Insider Threat Now Lives Outside the Office." In the article, Kurtis reviews the top ways that employees can help protect your organization's data.
Topics: News Blog
Webinar: How to Protect Your Data-Operational Security in Remote Work
By Editorial Team on Jun 28, 2022 9:00:00 AM
The days of sitting in your cubicle and overhearing colleagues discuss the latest deals, investment rounds, or client information are long gone, but those conversations are still happening. As the workforce—including your employees—distributes into coffee shops, airports, and co-working spaces, how are you protecting your organization’s private information?
Topics: Webinar Events
What You Need to Know About Ransomware
By Editorial Team on Jun 21, 2022 9:51:19 AM
As Americans, our civic duties include voting, sitting on juries, and paying taxes—but those aren't the only duties that promote American values. GroupSense CEO Kurtis Minder believes that cyber hygiene is your civic duty, too. Last weekend, Kurtis had the honor of presenting at TedX Grand Junction. During his talk, "What You Need to Know About Ransomware," Kurtis spoke about the actions we can all take to protect our nation and its critical infrastructure: small businesses.
Topics: News Blog Events
The Role of Cryptocurrency in Ransomware Negotiations & Cybercrimes
By Editorial Team on Jun 17, 2022 9:00:00 AM
This week, Senior Threat Intelligence Analyst Samira Pakmehr and Director of Intelligence Operations Bryce Webster-Jacobsen presented their talk, "The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes," at the virtual SANS Ransomware Summit. Packed with a full day of sessions, attendees come away from the summit with deeper insight into today's ransomware landscape and its inner workings.
Topics: Blog Events
The Allies and Enemies of Killnet
By Editorial Team on Jun 16, 2022 9:00:00 AM
Note: This content was updated on June 29 with updates on Killnet's activity in Lithuania.
Impacts of the Russia-Ukraine conflict keep coming, and the Russian military isn’t the only actor fighting to defend their country against adversaries. Nationalist hacking groups are launching geopolitically charged cyber attacks against perceived adversaries, including the hacktivist group called Killnet. Their main focus in the past few weeks are nations providing support to Ukraine.
Topics: Blog
Combatting Ransomware in Critical Infrastructure
By Editorial Team on Jun 14, 2022 9:00:00 AM
GroupSense CEO Kurtis Minder presented at last week's Colorado Airport Operators Association (CAOA) Spring Conference in Grand Junction, CO. As part of our nation's critical infrastructure, the aviation industry is prone to ransomware and cyber attacks, just like utilities, state governments, and schools. Members of the CAOA have the opportunity to take action against ransomware in their industry by taking a few small steps.
Topics: Blog Events
RSAC 2022 In Review
By Editorial Team on Jun 10, 2022 9:15:00 AM
After a two-year hiatus, RSA Conference returned to the Moscone Center in San Francisco for another exciting week. GroupSense’s CEO, Kurtis Minder, and Director of Intelligence Operations, Bryce-Webster Jacobsen, presented their talk, “Dissecting the Ransomware Killchain: Why Companies Need It,” to a packed audience. Kurtis was also interviewed by Jax S. of Outpost Gray.
Topics: Blog Video Events
How to Talk to Threat Actors
By Editorial Team on May 26, 2022 10:15:00 AM
When faced with ransomware, revenue loss and damage to your organization’s reputation aren’t the only things to worry about. To reach the best-case scenario after an attack, your ransomware response team must understand how to talk to threat actors. With the right people on the team, you’re already off to a good start.
Topics: Blog Ransomware Panel
Responding and Recovering from Ransomware
By Editorial Team on May 26, 2022 10:10:27 AM
Ransomware is one of the most dynamic, constantly changing forms of cryptocurrency-based crime. As of February 2022, we’ve identified just over $720 million worth of ransomware payments in 2021 and that number keeps growing. But what happens when a business encounters ransomware?
Topics: Blog Events
The Forgotten Art Project Podcast with Kurtis Minder
By Editorial Team on May 16, 2022 10:34:00 AM
GroupSense CEO Kurtis Minder was featured on Episode 14 of the Forgotten Art Project Podcast. During the episode, Kurtis and host David Weaver discuss Kurtis’s journey in entrepreneurship, how and why he got into the work he is doing, along with how GroupSense's company culture, values & leadership shaped who he is today.
Topics: Podcast
Building a Ransomware Response Bench
By Editorial Team on May 12, 2022 10:30:00 AM
Old misconceptions of lone hackers sitting in dark basements are long gone and are replaced by the new wave of cybercrime-as-a-service models marking a new era. With operations like many other businesses, ransomware and other cybercrime gangs have a business structure, “customer” support, and an org chart. How can organizations communicate effectively with the threat actors that are attacking their systems with ransomware?
Topics: Blog Ransomware
Cyber Security Matters Podcast with Kurtis Minder
By Editorial Team on May 4, 2022 12:15:04 PM
This week, GroupSense CEO Kurtis Minder was featured on episode 126 of the Cybersecurity Matters Podcast with hosts Dominic Vogel and Christian Redshaw. During his episode, "Dealing with a Ransomware Attack," Kurtis and the hosts discussed:
Topics: Podcast
Colorado Aiport Operators Association's Spring Conference
By Editorial Team on May 2, 2022 12:19:29 PM
GroupSense CEO Kurtis Minder will be speaking at the Colorado Airport Operators Association's Spring Conference taking place June 8-10, 2022 in Grand Junction, CO. The annual event will be held at the Grand Junction Convention Center.
Topics: Webinar Events
Webinar: How to Stop the Impact of Ransomware
By Editorial Team on Apr 30, 2022 10:46:11 AM
Ransomware attacks have increased significantly.
It’s no longer “good enough” to do the bare minimum to prevent ransomware. The FBI's Internet Crime Complaint Center reported a 62% increase in ransomware reports from 2020 to 2021 – and that’s probably not even scratching the surface when you consider how many attacks aren’t reported every day.
Topics: Webinar Events
The Software Won't Save You
By Editorial Team on Apr 29, 2022 10:30:00 AM
GroupSense CEO Kurtis Minder spoke at Colorado Mesa University’s Entrepreneurship Day on April 27. During his keynote, “The Software Won’t Save You,” he spoke about the genesis of GroupSense’s Ransomware practice, how attackers carry out ransomware attacks, and how each of us can help protect our own computer systems with simple cyber hygiene.
Topics: Blog
Ransomware Survival Guide
By Editorial Team on Apr 28, 2022 10:15:00 AM
Cybersecurity professionals now think of ransomware as inevitable for organizations of all shapes and sizes. With a relatively quick payoff, ransomware provides cyber criminals with a fast, reliable revenue stream. If your organization is facing an attack, it’s vital to get the first few decisions right.
Topics: Blog Ransomware
Good Cyber Hygiene is a Civic Duty
By Kurtis Minder on Apr 20, 2022 10:30:00 AM
This article was originally published on INC.com
Topics: Blog
Trellix Cybersecurity Summit
By Editorial Team on Apr 18, 2022 10:23:10 AM
The cyber threats public sector organizations face continue to evolve. And all too often, agencies and institutions are focused on securing against the threats of the past rather than planning for the next sophisticated attack. However, with the emergence of security tools built on machine learning, AI, predictive analytics and extended detection and response, that no longer has to be the case.
Topics: Webinar Events
SANS Ransomware Summit 2022
By Editorial Team on Apr 13, 2022 11:01:15 AM
Ransomware attacks are more prevalent each day. Join GroupSense Director of Intelligence Operations Bryce Webster-Jacobsen and Senior Threat Intelligence Analyst Samira Pakmehr at this year's SANS Ransomware Summit on June 16, 2022 to learn more about how to stop your organization from becoming a ransomware horror story. Bryce and Samira will present on The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes on June 16 at 1:10-1:45pm ET.
Topics: Webinar Events
TedX Grand Junction
By Editorial Team on Apr 12, 2022 11:09:00 AM
Join Kurtis Minder, GroupSense CEO, on Saturday, June 18 for TedX Grand Junction. Positioned as a cultural leader in Western Colorado, Grand Junction challenges the region in powerful ways.
TedX Grand Junction encourages creativity, innovation, cultural awareness, and social impact through the power of big ideas. This year, the event will focus around the theme Reimagine. Buy tickets for the event at the Avalon Theater box office >
Topics: Webinar Events
Lexology: Social Links: Behavioral Targeting Under Scrutiny from Lawmakers
By Editorial Team on Apr 6, 2022 7:37:38 AM
Recently Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, was featured in Lexology's "Social Links: Behavioral Targeting Under Scrutiny from Lawmakers" article. Bryce was quoted from his Axios feature: Activist Movements Drive Misinformation Mayhem. The Lexology highlight is below.
Topics: News
Operational Security Best Practices Webinar with IrishAngels
By Editorial Team on Apr 4, 2022 7:12:01 AM
On Wednesday, April 6th Kurtis Minder, GroupSense CEO, will provide an overview of Operational Security and best practices to institute in hybrid work environments to the IrishAngels.
Topics: Webinar Events
Chainalysis Links New York
By Editorial Team on Apr 3, 2022 4:07:44 PM
Kurtis Minder, GroupSense CEO, will speak at Chainalysis Links in New York. The conference is being held May 18-19th 2022. The expanded event will feature 3 tracks of amazing content over 2 full days. Learn more about the event >
Topics: Events
Outpost Gray Podcast: Ransomware Prevention
By Editorial Team on Apr 3, 2022 1:12:09 PM
Recently Kurtis Minder, GroupSense CEO, was a guest on Outpost Gray’s podcast. Kurtis did a Q&A with Jax, Outpost Gray founder and Cybersecurity Manager from Grant Thornton. They talked about ransomware prevention and negotiations.
Topics: Podcast Events
GroupSense Report: State of the Ransomware Market
By Editorial Team on Apr 1, 2022 5:16:46 PM
Ransomware is a big business. It has been prominent since the mid-2000s, with Ransomware-as-a-Service emerging in 2016. A company impacted by ransomware could suffer devastating financial and reputational losses. We've compiled information on the ransomware market and what you need to know.
Topics: Whitepapers
Dark Reading: What the Conti Ransomware Group Data Leak Tells Us
By Editorial Team on Mar 24, 2022 10:45:28 AM
Recently Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, was featured on Dark Reading's "What the Conti Ransomware Group Data Leak Tells Us".
Topics: News
How to Negotiate with a Cyber Threat Actor Podcast
By Editorial Team on Mar 23, 2022 2:11:49 PM
Join Kurtis Minder, GroupSense CEO, on March 31 at 3:30PM ET for a podcast with Outpost Gray on "How to Negotiate with a Cyber Threat Actor."
Topics: Podcast
Cryptocurrency and Security On-Demand Webinar with Bace Cybersecurity
By Editorial Team on Mar 22, 2022 12:46:34 PM
Recently Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, joined Bace Cybersecurity Institute for a webinar on Cryptocurrency and Security. The webinar walked through cryptocurrencies and the promise it delivers as a secure and efficient anonymous monetary transaction.
Topics: Webinar Events
Ransomware Groups are Getting More Sophisticated
By Editorial Team on Mar 16, 2022 2:00:00 PM
Ransomware attacks have exploded over the past few years, and ransomware groups have reinvested their earnings into their malicious businesses.
Threat actor groups have discovered a significant opportunity within the market to provide Ransomware-as-a- Service (RaaS). Much like the Software-as-a-Service (SaaS) offerings we are all familiar with, RaaS operations have employees, customer service, and a business structure to lean on. It paves the way for inexperienced threat actors to utilize the expertise of more advanced threat groups, ultimately expanding the effects of ransomware to a broader breadth of targets.
One RaaS group, Conti, became prolific over the last several years, with attack numbers above 1,000. The ransomware group is having a pretty bad month. After aligning themselves with Putin’s invasion of Ukraine, assumed Ukrainian members took the liberty of leaking months’ worth of internal chat logs and documents, revealing their internal business structure, office politics, and pay scales. GroupSense analysts have been translating and digesting the information, corroborating the intelligence with data that they have already collected on Conti through threat investigations.
Conti
Conti has successfully targeted and impacted significant players from the financial sector to the software industry, such as the Japanese electronics supplier JVCKenwood, London-based high society jeweler Graff, and the Irish health system. Last year, GroupSense threat analysts observed Conti’s tactics, techniques, and procedures (TTPs) when the group breached a client’s network and demanded ransom.
In a recent chat log leak, GroupSense learned that Conti has upper and middle management with entry-level employees that do the leg work. The separation of roles within Conti enables the employees to focus on specific parts of the cyber kill chain. Gaining initial access to the system is the most time-consuming part of the attack. It requires reconnaissance and planning, which “initial access brokers” work on over weekends. This leg work allows for more attacks and ultimately more revenue for the ransomware group.
Conti typically deploys their ransomware through targeted spear-phishing and broader phishing campaigns that contain malicious attachments or links. The attachments serve as vessels for deploying other malware that utilizes more advanced techniques. These vessels are typically called “loaders” or “downloaders,” and they will do their best to mask the actual malware such as TrickBot, or in this case, Conti ransomware.
When our client was hit with Conti last year, they hired GroupSense for our Ransomware Negotiation Services. As part of the service, GroupSense confirms that the actor returns the decrypted data before the client pays the ransom. After providing sufficient proof that the actor returned the data, our negotiator helped our client pay the ransom. Unfortunately, the story doesn’t end here.
Conti Again?
Months later, the client’s customers started receiving phishing emails on the same thread that Conti used to communicate with the client, meaning the actor had access to the old email thread. This method, called email chain hijacking, allows the threat actor(s) to send phishing emails by replying to old email threads, which tricks victims into thinking the email is
legitimate. Access to the original email thread strongly indicates that Conti could be behind a repeat attack.
The phishing emails were riddled with typos, grammar mistakes and had other pronounced signs of phishing, including mismatched sender names and addresses with a badly spoofed email domain. Typically, when Conti uses phishing as a vector, they are careful to cover their tracks and make the email look as legitimate as possible. Email chain hijacking increases the likelihood of success for phishers. Furthermore, Conti was not known to use email chain hijacking in previous attacks. With these conflicting pieces of evidence, our analyst dove deeper to find out if the phishing attack was coming from Conti or a second and unrelated actor.
Connecting the Bots
The GroupSense analyst started an investigation to compile a list of threat actors who had
historically used the email chain hijacking technique within previous campaigns. During this investigation, the analyst identified the following groups:
- TrickBot Gang
- The newly revived Emotet
- TA 551 (Shatak)
- IcedID campaigns
- QakBot campaigns
In November 2021, the intelligence community discovered that the TrickBot Gang teamed up
with TA551 to deploy Conti ransomware. In January 2022, SANS found that Emotet had reemerged with help from the TrickBot group. In February 2022, AdvIntel discovered that the Conti group had taken over the TrickBot operations.
Knowing several roads lead back to the Conti Group, the analyst deployed the malicious link in a sandbox environment. The link downloaded several pieces of malware to the device, including the IcedID loader operated by TA 551. GroupSense assessed with high confidence that the Conti ransomware syndicate was actively targeting our client’s customer base using stolen email threads.
Below are the hashes gathered upon detonation and the IP addresses that the payload contacted.
IP Addresses:
- 208.95.112[.]1
- 23.21.43[.]186
- 54.225.179[.]233
- 82.221.103[.]243
SHA-256 Hashes |
00c62ed42795f996b5f963c69ce918c2623d72896ebb628dfd9bc800514900ce |
086a7e44de35a235bc258bf1107e22a7dc27932cb4d7e3ebcd1f368acc000caa |
0cd5b187ffad353e52c996c8f5bb1f5499d42e3525a56d1787a587a00b67b491 |
0f8ced5f44da7acf761d497fbffd203cc8d213d837ca76e0c63d90bf914d2f76 |
10d8b828af4080ab9d7a4943a64960bf047637a95ac3aac046b9e7b7232943b6 |
31fc706ae4bd5093aecb6a0b7f9d3b686feb284076b1122aaff978779612dc06 |
51980490612ad901964738ab28951c55b2140e71e460a43bd4bc3ef80cd626b2 |
5a0b7495f961d70b1e9a5a41aaae77748f9fb042110b66ea76ef7c5757e61fa1 |
5e872715109b381c99aa19e2435628640505794e09a1998de7b92c2a5aea38e1 |
61acd6e7405fad348433f8de4b12ed97b42caccbcf28fe0e4ba4b4a5d2ea707e |
68e37eed2e04830fce9f735d8a2ecebb19a651394f5d590581370ac5d7754d90 This one matches a ruleset for the IcedID payload |
6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658 |
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea |
6cce352f8426a6cb2d41d5d108658cfa1244f0142d6f60bc96e3c4c2904913c3 |
aa5daecee872ca7c079b5363c2ffb0a6bbb335414ac3ce2006bc18015fcd45e4 |
bc05a98d03525d3255d0e2d55edd6afb93e4b5ef7db2ff17609b541a5fce3d7d |
bdd5111162a6fa25682e18fa74e37e676d49cafcb5b7207e98e5256d1ef0d003 |
d1b9d32702d7d7a184ab4654c204e6d385a9499fde63e0b06bda60f8077a7862 |
dfc98ccf84f4551aae0f4ac0334df103e2cfeb7a55af486b68c0392fc78a5fa4 |
e39d6a57d2f16e60c4075d07741dadd6a2742a85aceb250083d7ab103279f737 |
e5a870dda2bca2b632f9aa3eee7768b5dd1498046d53af5fb6b5d5920debe27a |
f6006f75b9c9f94761370e6810cdf9bc1d2794f7a3513a9bfe119606d76d2992 |
261fcca4a1177c03c7aff8b3bcdbf4016c2a3da6674e6afb4c8a885d9784064b |
Repeat Attacks
It’s rare for ransomware groups to attack the same target twice. Because RaaS groups run like businesses, they work on similar reputational rules as legitimate companies. If a RaaS group says they will return stolen data from their victims, they are expected to keep their word. If they return the data to the victims, they can only cash out on the data once.
In this case, Conti was trying to cash out twice on the same set of stolen data. Our analysts have not seen such a brazen attack that would damage a threat actor’s reputation before.
Wider Implications
This investigation suggests that the Conti ransomware syndicate is rapidly increasing its sophistication and standing in the initial access ecosystem. This increased sophistication means that they can hit larger, more complex systems and demand even higher ransoms in the future.
Topics: Blog
GroupSense and CynergisTek Strategic Partnership Aimed at Helping Healthcare Organizations
By Editorial Team on Mar 16, 2022 11:16:14 AM
CynergisTek strengthens its service portfolio by partnering with GroupSense to provide enhanced and proactive cyber reconnaissance services and incident response services.
Austin, Texas & Arlington, Va. --CynergisTek (NYSE American: CTEK), leading cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, announces a new agreement with GroupSense to provide organizations with vital threat intelligence to identify and mitigate attacker activity. This partnership offers CynergisTek’s customer base ransomware negotiation services and provides increased capabilities around incident response (IR) training and tabletop exercises.
“In order for healthcare organizations to more successfully anticipate where cyber attackers are likely to be present, they need a clearer picture of their risk and a better understanding of their environment,” said Mac McMillan, President & CEO of CynergisTek. “Incorporating GroupSense’s capabilities into our Risk and Incident Response services enables us to assist our clients in performing better reconnaissance, thereby enhancing their resilience. Just as important as being able to anticipate the threat, so is being able to execute more precisely when adverse situations arise. Incorporating ransomware negotiation and deeper awareness into client IR immersive exercises and incident response further enhances the value of our support to our clients,” he says.
“I am excited about the launch of our partnership with CynergisTek,” said Kurtis Minder, founder and CEO of GroupSense. “Given the increased attack surface, especially in the healthcare industry, organizations need solutions, not an increase in alerts or data feeds. The combined digital risk and attack surface capability of GroupSense, with the solution expertise of CynergisTek, solves IT risk problems while reducing operational overhead.”
This partnership marks CynergisTek’s focus on building cyber resiliency by helping businesses become proactive against threats and develop effective incident response procedures. CynergisTek and GroupSense are providing customers with threat intelligence capabilities that allow for healthcare specific insight on where organizations should prioritize remediation efforts based on their specific risk profile. CynergisTek clients will have access to additional threat monitoring and foot printing capabilities that help expose unknown gaps that organizations may have with the use of GroupSense’s cyber reconnaissance platform and team of highly trained analysts.
About GroupSense
GroupSense is a digital risk protection services company that delivers customer-specific intelligence that dramatically improves enterprise cybersecurity and fraud-management operations. Unlike generic cyber-intelligence vendors, GroupSense uses a combination of automated and human reconnaissance to create finished intelligence that maps to each customer's specific digital business footprint and risk profile. This enables customers and partners to immediately use GroupSense's intelligence to reduce enterprise risk, without requiring any additional processing or management by overstretched security and fraud-prevention teams. GroupSense is based in Arlington, Va., with a growing customer base that includes large enterprises, state and municipal governments, law enforcement agencies and more.
About CynergisTek, Inc.
CynergisTek is a top-ranked cybersecurity consulting firm helping organizations in highly-regulated industries, including those in healthcare, government, and finance navigate emerging security and privacy issues. CynergisTek combines intelligence, expertise, and a distinct methodology to validate a company's security posture and ensure the team is rehearsed, prepared, and resilient against threats. Since 2004, CynergisTek has been dedicated to hiring and retaining experts who bring real-life experience and hold advanced certifications to support and educate the industry by contributing to relevant industry associations.
Original Press Release: https://www.businesswire.com/news/home/20220316005363/en
Topics: News
Colorado Mesa University's E-Day with Kurtis Minder
By Editorial Team on Mar 10, 2022 10:05:29 PM
Entrepreneurship Day is back at Colorado Mesa University. Join GroupSense CEO, Kurtis Minder, as he gives the keynote on Wednesday, April 27th, 2022.
Topics: Events
HIMSS Conference: GroupSense & CynergisTek
By Editorial Team on Mar 10, 2022 9:53:13 AM
Kelly Milan, GroupSense, will attend HIMSS with our friends at CynergisTek on Tuesday, March 15th and Wednesday, March 16th. He will give two demos on Tuesday and Wednesday in CynergisTek's booth (#4942) on Hacking and Healthcare.
Topics: Events
The Inner Workings of the Conti Ransomware Group
By Editorial Team on Mar 4, 2022 2:24:16 PM
Earlier this week, a Ukrainian security researcher with insights into the Conti ransomware group leaked almost two years’ worth of internal chat logs. Conti is responsible for a number of high profile ransomware attacks.
Topics: Blog
ModernCTO Podcast: Ransomware Readiness, Defense, and Negotiation
By Editorial Team on Mar 4, 2022 10:35:28 AM
Adam Bregenzer, GroupSense's CTO, was a guest on the ModernCTO podcast. He spoke to Joel Beasley about ransomware readiness, defense, and negotiation. Below are a few of our favorite clips, as well as the full episode!
Topics: Podcast
WEM Event: Wisconsin Under Attack: Responding to Cyber Criminals
By Editorial Team on Mar 3, 2022 5:26:39 PM
On Wednesday, March 9th, GroupSense CEO, Kurtis Minder, will co-present "Wisconsin Under Attack: Responding to Cyber Criminals" at the 54th Annual - Wisconsin Governor's Conference on Emergency Management and Homeland Security with LTC Sarah Frater.
Topics: Events
Task Force 7 Radio: Lessons from a Ransomware Negotiator
By Editorial Team on Mar 3, 2022 4:55:41 PM
Kurtis Minder, CEO of GroupSense, was a guest on Episode #209 of Task Force 7 Radio's podcast. Kurtis talked to co-host Andy Bonillo about lessons from a ransomware negotiator, why small businesses need cybersecurity resources, as well as how cyber criminals may be shifting their focus during the Russia/Ukraine conflict. Below are a few highlights from the interview.
Topics: Podcast
CHIME Focus Session: GroupSense & CynergisTek
By Editorial Team on Mar 3, 2022 4:07:07 PM
Kurtis Minder, GroupSense CEO, will speak at a CHIME focus session with Mac McMillan, CynergisTek CEO on Monday March 7th. Kurtis and Mac will have an active discussion around the sophistication of cyberattacks affecting healthcare institutions across the country and around the globe.
Topics: Events
Innovate Springfield: Dialogue with GroupSense Co-Founder, Kurtis Minder
By Editorial Team on Mar 3, 2022 10:32:04 AM
Join Kurtis Minder, GroupSense CEO, on Thursday, April 7, 2022 from 5:00 PM - 6:00 PM CT for Innovate Springfield.
Topics: Webinar Events
Report: Most Active 2021 Ransomware Groups
By Editorial Team on Mar 1, 2022 5:00:00 PM
2021 was another pivotal year for ransomware attacks. Cybercrime was expected to hit $6 trillion and is expected to grow by 15% annually during the next five years.
Topics: Whitepapers
GroupSense Logs Record Customer and Revenue Growth in 2021
By Editorial Team on Mar 1, 2022 10:50:14 AM
GroupSense Adds Nearly 50 Fortune 1000 Companies and Governments to its Roster, Delivering Customer-Specific Intelligence to Help Them Significantly Reduce Digital Risk
ARLINGTON, Va., March 1, 2022 /PRNewswire/ -- GroupSense, a digital risk protection services company, today announced several notable achievements from 2021, including 75 percent year-over-year subscriber growth, adding nearly 50 new customers and 6 new partnerships, among many other impressive milestones. The company has successfully helped its customers reduce risk from data breaches, ransomware, election security, disinformation, fraud and more.
Topics: Press Releases
Ransomware Negotiation Guide
By Editorial Team on Mar 1, 2022 10:07:00 AM
GroupSense has been negotiating with threat actors on the underbelly of the internet for years, so we are uniquely suited to assist in ransomware negotiations. We often get the question, what does a ransomware negotiator do? A ransomware negotiator acts as a mediator between a ransomware victim and the ransomware operator. This role is an important one, providing an objective view of the situation, empowering the victim with enough information to make an informed business decision on whether to pay a ransom, and providing a layer of operational security between the victim and the ransomware operator.
Topics: Whitepapers
Asharq News: Russian Ukraine Conflict
By Editorial Team on Feb 25, 2022 9:54:16 AM
As Russia unleashes war on Ukraine, many are asking about a possible Russian cyber-attack. Asharq News interviewed Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, about the Russian Ukraine Conflict and its impact on the cyber nexus.
Topics: News
TV Globo: Hacker attacks double this year in the US
By Editorial Team on Feb 23, 2022 9:45:42 AM
TV Globo interviewed GroupSense's CEO and Ransomware Negotiator, Kurtis Minder, about how ransomware attacks have doubled in the US because of the pandemic. Below is a translated transcript of the article. Watch the clip in the article to hear Kurtis talk about the topic.
Note: Article and video clip linked is in Portuguese.
Topics: News
CyberNews: Businesses should understand – it’s not a matter of ‘if’, but ‘when’ they’ll face an attack
By Editorial Team on Feb 9, 2022 2:42:32 PM
CyberNews interviewed GroupSense's Director of Intelligence Operations, Bryce Webster-Jacobsen, about cyber attack landscape and its business impact. Below is a transcript of Bryce's interview with CyberNews.
Topics: News
Cryptocurrency and Security Webinar with Bace Cybersecurity
By Editorial Team on Feb 4, 2022 1:07:39 PM
Join Bace Cybersecurity Institute for a webinar on Cryptocurrency and Security. Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, will join David Rosenthal, formerly at Sun Microsystems and Nvidia, to discuss the reality of cryptocurrencies on Wednesday, February 16th, 2022 at 11am PT / 2pm ET. Learn about the event >
Topics: Webinar Events
Takeaways from Defendify's Cyber Crystal Ball Panel
By Editorial Team on Feb 2, 2022 4:51:39 PM
Earlier this week, Kurtis Minder, CEO at GroupSense, joined Defendify's Cyber Crystal Ball panel with Lori Sussman, Professor at University of Southern Maine and Antoinette King, Founder at Credo Cyber Consulting.
Topics: Webinar Ransomware Events
VICE Media: I Stop Multimillion Dollar Cyberattacks
By Editorial Team on Jan 31, 2022 4:43:45 PM
Kurtis Minder, GroupSense CEO, was featured in VICE Media's "I Stop Multimillion Dollar Cyberattacks." Kurtis spoke to VICE about his experience as a ransomware negotiator and what happens during and after a ransomware attack.
Topics: News Ransomware
NBC News: Ransomware hackers' new tactic: Calling you directly
By Editorial Team on Jan 28, 2022 5:00:32 PM
Hackers have increasingly roped in everyday people whose information is stored in computers that have been breached, pestering them by phone and email.
Topics: News Ransomware
Cyber Crystal Ball
By Editorial Team on Jan 25, 2022 11:40:36 AM
On January 27th, Kurtis Minder, CEO of GroupSense, will join Defendify's Cyber Crystal Ball panel to reflect on 2021. IT professionals and organizations were dealt some difficult cards, and "the cards don't lie, Honey". You don't have to be psychic to predict more of the same coming in 2022.
Topics: Webinar Events
Search Tool For CISA’s Log4j Database
By Editorial Team on Jan 24, 2022 6:00:00 AM
GroupSense's CTO, Adam Bregenzer, and Cybersecurity and Infrastructure Security Agency's Senior Advisor, Beau Woods, have developed a new open-source search tool to help cybersecurity professionals navigate the ever-growing list of software products impacted by Log4j. "Beau and I wanted to make the vast list of software organizations sortable and searchable. By default it's just a very large web page," Adam Bregenzer.
Topics: News
Squid Games Ransomware Cyber Drill
By Editorial Team on Jan 19, 2022 11:24:05 AM
Earlier this week, GroupSense's CEO, Kurtis Minder, participated in *AIMA's APAC Webinar: Cyber Security x Ransomware: Squid Games Edition.
*Note: An account is needed to view the replay.
Topics: News Blog Ransomware
Security Analytics & XDR Demo Forum
By Editorial Team on Jan 12, 2022 10:10:05 AM
GroupSense’s CTO, Adam Bregenzer, participated on the Security Analytics & XDR Demo Forum with Richard Stiennon, as well as BlackCloak, Cyberint, and Digital Shadows. They discussed Digital Risk Protection around intel collection strategy, initial access brokers, and threat intel SOC integration.
Topics: Webinar Events
New Wave of Jan. 6 Conspiracy Theories
By Editorial Team on Jan 6, 2022 5:45:02 PM
Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, was quoted in Axios' article, "New Wave of Jan. 6 Conspiracy Theories". Bryce spoke to Sara Fischer, Media Reporter at Axios, about conspiracy theories surrounding the January 6th attack on the U.S. Capital.
Topics: News
The Top 5 Cybersecurity Tools Companies Need to Implement Right Now
By Editorial Team on Jan 3, 2022 4:46:25 PM
Kurtis Minder, GroupSense CEO, started 2022 off on the right foot with a feature on Infosecurity. He shared his top five cybersecurity tools that companies need to implement right now. While these items may be considered “cybersecurity 101,” you’d be surprised how many organizations don’t have these measures in place. Below is a snippet from the article.
Topics: News
Whitepaper: WhatsApp Security Risks - What You Need to Know
By Editorial Team on Jan 1, 2022 10:41:00 AM
WhatsApp is a popular social messaging platform used worldwide. With such a large audience, threat actors use it to spread disinformation, distribute malware and carry out many more cyber attacks. Read our white paper to understand the threats you or your colleagues can face from using the messaging app.
Topics: Whitepapers
Seven Tips for Negotiating with Hackers (or Anyone for that Matter)
By Editorial Team on Dec 30, 2021 12:47:57 PM
Kurtis Minder, GroupSense CEO and cofounder, sat down with Joe Meadows, Partner at Gordon & Rees, and talked about seven tips for negotiating with hackers (or anyone for that matter!). Here are a few highlights of that conversation:
Topics: News Blog Ransomware
GroupSense to Speak at CactusCon in Two Ransomware Sessions
By Editorial Team on Dec 28, 2021 3:03:16 PM
GroupSense CEO and co-founder, Kurtis Minder, Intelligence Analyst, Nicole Hoffman, and Director of Intelligence Operations, Bryce Webster-Jacobsen, are speaking at CactusCon February 4-5, 2022.
Topics: Webinar Events
Ask Me Anything Webinar with Abacode
By Editorial Team on Dec 28, 2021 11:30:04 AM
Ransomware attacks have increased significantly over the past year. On Tuesday, February 22nd, join Jeremy Rasmussen, Chief Technology Officer at Abacode, and renowned ransomware negotiator and CEO of GroupSense, Kurtis Minder, to get behind the scenes exclusive access and insight into what happens after a ransomware attack.
Topics: News Webinar Ransomware Events
AIMA APAC Webinar: Cyber security x Ransomware
By Editorial Team on Dec 27, 2021 2:13:08 PM
On January 18th, Kurtis Minder, GroupSense CEO, will join AIMA for their APAC Webinar: Cyber security x Ransomware: Squid Games Edition.
Topics: Webinar Events
NYLIB: Cyber Security Panel Discussion
By Editorial Team on Dec 27, 2021 1:46:16 PM
GroupSense CEO Kurtis Minder, will join NYLIB as a keynote speaker highlighting his experience in the cyber security space. Afterwards, NYLIB will host a panel discussion focused on cyber security risks facing banks, current trends, and best practices.
Topics: Webinar Events
Five Ransomware Predictions for 2022
By Editorial Team on Dec 22, 2021 9:30:00 AM
In 2021, we saw a steady rise in the number of ransomware attacks. It’s projected that global ransomware damage costs will reach $20 billion by the end of 2021. Nearly every week, you hear of a new high-profile catastrophic breach, but organizations of all sizes have been critically impacted by ransomware and cyber threats.
Topics: Blog Ransomware
GroupSense's Kurtis Minder and Bryce Webster-Jacobsen to Speak at RSA
By External Author on Dec 21, 2021 5:33:49 PM
GroupSense CEO and co-founder, Kurtis Minder, and Director of Intelligence Operations, Bryce Webster-Jacobsen, are speaking at the RSA Conference June 6-9, 2022.
Topics: Webinar Events
The Bad Actors – The Extortion Economy
By Editorial Team on Dec 17, 2021 2:53:29 PM
Kurtis Minder, Ransomware Negotiator and GroupSense CEO, was featured on MIT Technology Review & ProPublica's: The Bad Actors – The Extortion Economy podcast. This series is hosted by Meg Marco and produced by Emma Cillekens, Tate Ryan-Mosley and Anthony Green. The podcast dives into the criminal world where the stakes are high, but the methods are increasingly business-like and meet the people who interact with the ransomware hackers.
Topics: News Ransomware Podcast
Impact of CVE-2021-44228 Apache Log4j Vulnerability
By Editorial Team on Dec 16, 2021 3:42:30 PM
GroupSense performed a deep and dark web investigation into the critical remote code execution (RCE) zero-day impacting the Apache Java-based logging utility Log4j (CVE-2021-44228). This high severity vulnerability is already being actively exploited in the wild, per numerous public reports. The attack vector is extremely trivial for threat actors to exploit, requiring only a single string of code, and impacts software products from numerous vendors. The US Cybersecurity and Infrastructure Security Agency is maintaining an updated list of affected vendors.
Topics: Blog
CynergisTek's Healthcare Ransomware Bootcamp Recap
By Editorial Team on Dec 13, 2021 1:19:21 PM
Cyber Resilience is like muscle – training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies.
CynergisTek, Lockton Companies, and GroupSense provided insider insights on how to stay ahead of the curve and protect yourself from being the next target.
"The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019," SafeAtLast.
Elissa Doroff, Managing Director & Cyber Technical Leader at Lockton Companies, presented "Cyber Insurance - The Effects of Ransomware". Ransomware attacks accounted for 41% of all filed cyber insurance claims in the first half of 2020, according to a report by Coalition. To keep up with the cost, and rise in claim occurrence, cyber insurance providers are implementing compliance requirements that, depending on compliance capability, might increase your coverage cost or deem you ineligible to be insured at all.
Elissa Doroff covered the following in her session:
- Background of the always-evolving cyber insurance industry. Once deemed an organizational “nice to have”, finds itself in a pivotal point that may change the insured’s coverage decision forever.
- A walkthrough of the top 10 cybersecurity compliance standards, and a deep dive into why they are important, and what they mean.
- What happens once you become insured. Including best practices to work with your insurance company, how cyber insurance works, a look into filing a claim, and a broker’s perspective on breach response.
Kurtis Minder followed Elissa and presented "Real Life Perspectives from a Ransomware Negotiator". No one ever expects it to happen to them, but with ransomware and cybercrime on the rise, it’s more likely than ever to discover that ransomware has locked down your system and cybercriminals are holding your data hostage.
"2020 Healthcare attacks involved the theft or exposure of the protected health information of at least 18,069,012 patients," HIPPA Journal.
Kurtis Minder covered the following in his session:
- What most people don’t realize about ransomware and the cybercriminals that run these exploits
- Immediate do’s and don’ts if your systems are being held captive
- How to limit potential damage like data loss, overpaying threat actors, tarnished brand reputation, and compliance violations
- Notable stories from the field
Below are some interesting healthcare specific stats/issues from Kurtis's session:
- Connected IoMT: There are 430 million connected medical devices worldwide. The number rises every day, creating an expanded attack surface.
- Mergers and Acquisitions (M&A): It is not uncommon for healthcare organizations to have many mergers and acquisitions. An organization might be more vulnerable if the acquired organization doesn’t have up-to-date records of all its assets.
- 2020 Healthcare Ransomware: More than a third of healthcare organizations were hit by a ransomware attack in 2020 and of those, 65% said the cybercriminals were successful in encrypting their data.
- Unpatched Systems: Many health care institutions use unpatched or outdated hardware devices and software, which are prone to ransomware attacks.
Mac McMillan, President & CEO at CynergisTek closed out the event by highlighting the crucial need for organizations to shift towards cybersecurity resilience, and away from a compliance/preparation-only mindset. Mac discussed key findings from Elissa and Kurtis’s sessions and tied it all together.
About Kurtis Minder:
Kurtis Minder is the CEO and co-founder of GroupSense, a leading provider in Digital Risk solutions. Kurtis built a robust cyber reconnaissance operation protecting some of the largest enterprises and government organizations. Kurtis has been the lead negotiator at GroupSense for ransomware response cases. He has successfully navigated and negotiated some of the largest ransomware, breach, and data extortion cases world-wide. With over 20 years in the information security industry, Kurtis brings a unique blend of technical, sales and executive acumen.
Topics: News Webinar Ransomware Events
The Rise of the Geopolitical Hack
By Editorial Team on Dec 10, 2021 9:39:28 AM
The residue of ransomware is infiltrating our psychology and pocketbooks. Is politics next?
Earlier this year, GroupSense spoke to Erika Hellerstein, Senior Reporter at Coda, about connecting links between disinformation and ransomware, as well as GroupSense's backstory on how they became ransomware negotiators.
Topics: News
Activist Movements Drive Misinformation Mayhem
By Editorial Team on Dec 3, 2021 10:50:27 AM
Bryce Webster-Jacobsen, Director of Intelligence Operations at digital risk protection / ransomware negotiators GroupSense, was a featured in Axios' article "Activist Movements Drive Misinformation Mayhem. Bryce spoke to Sara Fischer about anti-vaccination conspiracy theories and how they are becoming dangerous spreaders of misinformation.
Topics: News
Prioritizing Cybersecurity: Tips to Better Protect Your Data
By Editorial Team on Dec 1, 2021 3:49:00 PM
GroupSense does some of the largest negotiations for ransomware. Ransomware is a quick and easy path to revenue for criminals. Unfortunately, ransomware isn’t always the first play in a criminal’s playbook. They usually have been in your network for a while and deploy ransomware after they’ve accessed all your data. GroupSense’s team of experienced negotiators developed cybersecurity tips to help reduce your risk.
Topics: Whitepapers
CynergisTek's Ransomware Bootcamp
By Editorial Team on Dec 1, 2021 12:00:00 PM
Cyber Resilience is like muscle – training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies.
Topics: News Webinar Ransomware Events
As the cyber insurance bubble begins to burst, the market scrambles for a new approach
By Editorial Team on Nov 24, 2021 3:47:22 PM
Bryce Webster-Jacobsen, Director of Intelligence Operations at digital risk protection / ransomware negotiators GroupSense, was a featured on SC Media. Bryce spoke to Joe Uchill about the cyber insurance bubble bursting and how organizations need to take a different approach.
Topics: News
SafetyDetectives - Digital Risk Protection Q&A with Kurtis Minder
By Editorial Team on Nov 19, 2021 5:05:52 PM
Earlier this week, Kurtis Minder, GroupSense CEO & Co-founder, was interviewed by Aviva Zacks, Cybersecurity Expert and Writer at SafetyDectives. During the interview they discussed GroupSense's backstory, how GroupSense serves their clients, what makes GroupSense so unique, and the worst cyberthreat out there today. Below are a few highlights from the interview.
Topics: News
GroupSense Presents at BSidesDFW
By Editorial Team on Nov 3, 2021 1:53:41 PM
Join Nicole Hoffman, GroupSense Intelligence Analyst, on Saturday, November 6th (12PM CT) at BSidesDFW! Nicole is presenting The Cognitive Stairways of Analysis.
Topics: Events
A Mysterious Network of Twitter Bots Promote Alleged NRA Hack
By External Author on Nov 2, 2021 12:00:00 PM
When a mysterious Russian hacking gang announced last week that it had assaulted the National Rifle Association with a ransomware attack, the NRA was quiet on whether the claim was true. But a network of hundreds of Twitter trolls were far from mute—they lapped up the news and went to town amplifying it across Twitter.
Topics: News Ransomware
As demo’d with NRA, ‘information operations’ may be new way to give ransomware victims Grief
By External Author on Nov 1, 2021 11:30:00 AM
After the notorious Grief ransomware group added the National Rifle Association to its public list of victims, messages of the breach was reportedly amplified by a network of fake Twitter accounts. While it's still unclear if the network is connected to Grief, experts worry it could mark the beginning of information campaigns being added to the ransomware arsenal.
Topics: News Ransomware
4th Cybersecurity Conference: How to Negotiate with Ransomware Hackers
By Editorial Team on Oct 28, 2021 3:30:00 PM
On Thursday, October 28th, GroupSense's CEO, Kurtis Minder, spoke at Convent's 4th Annual Cybersecurity Conference. Kurtis spoke to Andreas Horchler, Founder & Managing Partner of podcon.de, about his experiences as a Ransomware Negotiator and how to negotiate with ransomware hackers.
Topics: News Video Webinar Ransomware Events
GroupSense Spoke About Ransomware Prevention at The Fairfax County's Department of Information Technology Event
By Editorial Team on Oct 28, 2021 2:32:52 PM
On Friday, October 15th, GroupSense's CEO, Kurtis Minder, spoke at The Fairfax County's Department of Information Technology event for Cyber Security Awareness Month. Kurtis spoke about reducing ransomware — from prevention through recovery.
Topics: Events
Cybercrime Magazine Podcast: Ransomware Negotiation
By Editorial Team on Oct 27, 2021 10:00:00 AM
Cybercrime Radio, host Hillarie McClure spoke with Kurtis Minder, a ransomware negotiator and CEO of GroupSense, a leading provider in Cyber Reconnaissance.
Topics: News Ransomware
SC Media Ransomware Kill Chain Feature
By Editorial Team on Oct 22, 2021 12:00:00 PM
Ransomware needs its own kill chain framework
GroupSense's Intelligence Analyst, Nicole Hoffman, is featured in SC Media. Nicole explains the evolution of the Cyber Kill Chain developed by Lockheed Martin and argues that the industry needs a kill chain specifically for ransomware.
Topics: News Blog Ransomware
Cover Story: The dark web rises
By External Author on Oct 18, 2021 10:15:00 AM
The dark web is often seen as a virtual back alley — a shady place where underground deals are made and criminal gangs plot their next heist. While most law-abiding citizens tend to steer clear of the dark web, the growing number of ransomware attacks and cybercriminal cases has made it far too dangerous to ignore.
Topics: News Ransomware
The Ransomware Pandemic that COVID Started
By Kurtis Minder on Oct 15, 2021 9:45:00 AM
By Kurtis Minder, CEO, GroupSense
Topics: News Blog Ransomware
Couple use peanut butter sandwich to trade nuclear secrets for crypto
By External Author on Oct 12, 2021 9:30:00 AM
A husband and wife espionage team could face up to 10 years in prison after investigators discovered their alleged attempts to hide — and sell — top-secret military information in ordinary items such as a peanut butter sandwich and a stick of chewing gum.
Topics: News Ransomware
WIRED Security Virtual Event: Top Priorities to Protect the Future of Business
By External Author on Oct 12, 2021 9:15:00 AM
WIRED Security will explore current issues and top priorities for security experts to protect the digital and physical future of business. The event gathers the innovators, disruptors and leaders in security for a day of eye-opening and inspirational stories, case studies and workshops that cover new cybersecurity threats, deal with disruptive technologies and build resilience in a world that’s constantly changing.
Topics: News Webinar Ransomware Events
Hello Show by Orange Silicon Valley- October 5 to 7, 2021
By External Author on Oct 5, 2021 9:30:00 AM
9:15 a.m. (PDT) — No More Yelling in the Boardroom: How Companies Misunderstood Ransomware Response — Talk by Kurtis Minder, CEO, GroupSense, and moderated Q&A with Alex Chitea, Principal, Technology Group, Orange Silicon Valley
Topics: News Video Webinar Ransomware Events
Congress Questions FBI’s Tight-Lipped Ransomware Tactics
By External Author on Sep 25, 2021 10:45:00 AM
More weight should be placed on consideration of the victims whose business has been ground to a halt in the aftermath of ransomware attacks, according to Kurtis Minder, CEO and co-founder of security firm GroupSense, which helps ransomware victims negotiate with cybercriminals if they can’t obtain a decryption key otherwise.
Topics: News Ransomware
Best tips for negotiating with hackers
By External Author on Sep 23, 2021 9:30:00 AM
Kurtis Minder, CEO of the American cyber security company GroupSense, has been busy acting as a ransom negotiator in ransomware cases. It started with a client who needed help, and then as the number of cases increased, he refined his ability to negotiate with the criminal gangs on the other side.
Topics: News Blog Ransomware
Webinar: Technology Risks & Rewards- 2021 and Beyond
By External Author on Sep 20, 2021 10:00:00 AM
Join Kaufman Rossin CEOLink with our partner GrayRobinson for a one-hour session, Technology Risks & Rewards: 2021 and Beyond, moderated by WLRN's Tom Hudson, host of The Sunshine Economy.
Topics: News Video Webinar Ransomware Events
The Baltimore Sun: Kurtis Minder Ransomware Negotiator
By Editorial Team on Sep 20, 2021 9:30:00 AM
“What bothers me most is how preventable this all is.”
Kurtis Minder, CEO of GroupSense, provided commentary to The Baltimore Sun yesterday about “vaccinating” a company against ransomware. “What bothers me most is how preventable this all is. In fact, like current COVID-19 deaths, it’s at least 99.2% preventable. “Vaccinating” a company against ransomware isn’t expensive or technically daunting — yet companies fail at simple cyber hygiene and put their businesses, our critical infrastructure, and sometimes even people’s lives, at risk,” says Kurtis Minder.
Below are a few highlights from Kurtis’ op-ed.
Topics: News Blog Ransomware
FNC Smart Talks with a Ransomware Negotiator
By External Author on Sep 14, 2021 9:30:00 AM
In this interview Rodrigo Andrade receives Kurtis Minder, CEO of GroupSense and Ransomware Negotiator. They talk about what to do in case of attacks, who are the main targets and how to prevent and stay safe from these crimes.
Topics: News Video Ransomware
Pretend Podcast: The Ransomware Negotiator
By External Author on Sep 14, 2021 9:30:00 AM
Ransomware. Does that term ring a bell? Even if you've never heard those words before, trust me, most of us have experienced Ransomware one way or another. If you live on the East Coast, you remember waiting long hours at the gas pump this past May. That's because a hacking group known as DarkSide hacked the Colonial Pipeline. The hackers demanded a ransom for 75 bitcoins which is equivalent to $4.4 million. How did the hackers break into the oil company's system? Easy. Some employees used the same password they used on another account that was previously hacked. And guess what? Colonial Pipeline paid the ransom and the hackers. $4.4. million dollars—gone, just like that.
Topics: News Ransomware Podcast
How Can I Reduce the Chances of My Company Getting Hit by Ransomware?
By Kurtis Minder on Sep 10, 2021 9:15:00 AM
Question: How can I reduce the chances of my company getting hit by ransomware? Where do I start?
Topics: News Blog Ransomware
Podcast: What Ragnar Locker Got Wrong About Ransomware Negotiators
By External Author on Sep 9, 2021 9:30:00 AM
The Ragnar Locker ransomware gang put its victims on notice: If victims call investigators, the FBI or ransomware negotiators for help the punishment will be publishing encrypted files.
Bryce Webster-Jacobsen, Director of Intelligence Operations at digital risk protection / ransomware negotiators GroupSense, was a featured guest on Threatpost’s podcast this week. Bryce spoke to Lisa Vaas about what Ragnar Locker got wrong about ransomware negotiators. Below are a few highlights from the conversation.
Topics: News Ransomware Podcast
The Art of Ransomware Negotiation
By External Author on Sep 7, 2021 9:30:00 AM
Kurtis Minder shielded his laptop screen from prying eyes in the airline seats around him.
Topics: News Ransomware
Webinar: Ransomware Negotiator - Ask Me Anything
By Editorial Team on Sep 6, 2021 11:08:00 AM
Ransomware attacks have increased significantly over the past year. There were 93% more ransomware attacks carried out in the first half of 2021 than the same period last year.
Topics: News Blog Webinar Ransomware Events
What can we learn from the Poly Network cryptocurrency heist?
By External Author on Aug 24, 2021 9:30:00 AM
On Monday, cryptocurrency finance firm the Poly Network ended its strange journey with a hacker or hackers who stole $611 million, when the remaining funds were returned. It was a sequence of events so baffling, it will leave many people to wonder if common-sense rules for negotiations still apply.
Topics: News Ransomware
To Prevent Ransomware Attacks, We Must Look Inward
By Kurtis Minder on Aug 24, 2021 9:30:00 AM
By Kurtis Minder, co-founder and CEO of GroupSense
A year and a half ago, I was pulled into a ransomware negotiation as a lead negotiator. My company has been negotiating with threat actors on the underbelly of the internet for years, so we were uniquely suited to assist. Following that case, more cases came that varied in size and complexity.
Topics: Blog Ransomware
Inside the Secret Codes Hackers Use to Outwit Ransomware Cops
By External Author on Aug 20, 2021 9:30:00 AM
They used to be a safe space for hackers to coordinate attacks, but with online forums worried about unwanted attention from law enforcement, many have banned ransomware posts. And—as is usually the case in the whack-a-mole game of hacking—cybercriminals are finding a way around the new restrictions: a coded language to bypass suspicion.
Topics: News Ransomware
Webcast: Ransomware Negotiator - Ask Me Anything with Kurtis Minder
By External Author on Aug 18, 2021 9:15:00 AM
According to a former senior White House official, 2020 was the year that ransomware went from being a nuisance to a full-scale national security threat and a “scourge.” The frequency of ransomware attacks has increased dramatically over the past year, with 93% more carried out in the first half of 2021 than the same period last year. Ransom payments topped over $400 million last year and is on pace for another record breaking year in 2021. Although those payments may seem jaw-dropping its nothing compared to the damage that a ransomware attack can cause on enterprises and critical infrastructure such as the attack on Colonial Pipeline.
Topics: News Video Webinar Ransomware
Podcast: Black Hat 2021... What Did We Learn?
By External Author on Aug 13, 2021 9:15:00 AM
On today’s No Name Security Podcast, Matt Stephenson welcomes 3 people doing very cool things in a very cool industry… and… they happen to be to very cool people. Kurtis Minder is the co-founder and CEO at GroupSense, Tom Pace is the co-founder and CEO at NetRise and Scott Scheferman is the Chief Strategist at Eclypsium. They are each legendary incident response types who were at Black Hat for a multitude of reasons. Why were they there…? Stick around and find out!
Topics: News Ransomware Podcast
Cover Story: Holding Data Hostage
By External Author on Aug 9, 2021 9:00:00 AM
Ransomware is a present-day digital plague — cold, methodical and indifferent. Spreading from source to source, it can lie dormant within networks for years, biding its time before striking.
Topics: News Ransomware
A Disgruntled Threat Actor Provides a Behind-the-Scenes Look at a Ransomware Group’s Playbook
By Editorial Team on Aug 6, 2021 2:09:02 PM
Background
On 5 August 2021, a seemingly disgruntled Russian-speaking threat actor claiming to work as an affiliate for the popular ransomware group Conti leaked on the underground forum XSS a 113 MB archive of training materials and tools allegedly used by Conti to conduct its ransomware attacks (Figure 1).
Topics: Blog Ransomware
Ransomware's Big Year - from nuisance to 'scourge'? - DEF CON Policy Panel
By External Author on Aug 5, 2021 5:33:04 PM
When: August 6th, 1:00 pm to 2:00 pm PST
Where: DEF CON main stage panel
According to a former senior White House official, 2020 was the year that ransomware went from being a nuisance to a full-scale national security threat and a “scourge.” After an awkward adolescence spent shaking down individual users for a couple hundred dollars and a big debut in 2017 with WannaCry and NotPetya , ransomware really hit the big time in 2020.
Topics: News Ransomware Panel
Podcast: Bryce Webster-Jacobsen on negotiating with ransomware hackers
By External Author on Jul 31, 2021 9:00:00 AM
Ransomware attacks are not a new phenomenon, but they have increased exponentially since the beginning of the pandemic. Cybersecurity experts attribute the surge, in part, to the shift to people working from home and away from the safe perimeters of corporate networks.
Topics: News Ransomware Podcast
BlackMatter & Haron: Evil Ransomware Newborns or Rebirths
By External Author on Jul 28, 2021 2:30:00 PM
So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with.
Topics: News Ransomware
GroupSense and Airgap Partnership Helps Companies Prepare for and Defend Against Ransomware Attacks
By Editorial Team on Jul 28, 2021 10:00:00 AM
Arlington, Va. and Santa Clara, Calif. – July 28, 2021 – GroupSense, a digital risk protection services company, and Airgap, a cybersecurity provider of the industry’s first agentless Ransomware Kill Switch™, today announced a partnership to help customers prepare for and defend against ransomware attacks. By combining GroupSense’s Ransomware Response Readiness Subscription (R3S) service offering with Airgap’s Ransomware Kill Switch™ annual SaaS subscription, customers can microsegment their networks to automatically prevent the spread of ransomware during the incident mitigation lifecycle, and also have a comprehensive and tested ransomware “playbook” for mitigating the damage caused by these attacks.
Topics: News Press Releases Ransomware
Many ransomware attacks go unreported. The FBI and Congress want to change that.
By External Author on Jul 27, 2021 7:30:00 PM
Congress, urged on by the nation’s top law enforcement agencies, is pushing to require companies to report ransomware attacks in an effort to help the government understand the scope of the threat.
At a Senate Judiciary Committee hearing on Tuesday, representatives of the Justice Department, FBI, Secret Service and the Cybersecurity and Infrastructure Security Agency all said Congress should consider passing a bill forcing companies that have been hit by a cyberattack to tell the government.
Topics: News Ransomware
How crypto is supercharging ransomware attacks
By External Author on Jul 26, 2021 8:00:00 AM
Cryptocurrencies like Bitcoin are becoming the preferred payment method in ransomware attacks, in which computer data is held hostage by malicious software. But crypto's anonymity means cybercriminals are becoming even harder to trace and prosecute.
Topics: News Video Ransomware
Software company’s unveiling of decryption key comes too late for many victims of devastating ransomware attack
By External Author on Jul 23, 2021 6:00:00 PM
On Thursday, the software company Kaseya announced that it could help unlock any of its customers’ systems that were still inaccessible following a devastating ransomware attack early this month that took down as many as 1,500 businesses worldwide. But for many victims it was too little, too late.
Topics: News Ransomware
Kaseya Gets Tool to Unlock Data After Ransomware Attack
By External Author on Jul 23, 2021 8:15:00 AM
The technology provider at the center of a ransomware attack this month said it obtained a tool to unlock data targeted by hackers in an incident that disrupted hundreds of firms in several countries.
Topics: News Ransomware
Podcast: Kurtis Minder, Ransomware Negotiator and CEO of Group Sense | What To Do When Your Data’s Being Held Ransom - Episode 27
By External Author on Jul 22, 2021 9:00:00 AM
Kurtis Minder joins Dominique Shelton Leipzig and David Biderman on the Decrypted Unscripted podcast to discuss how GroupSense’s team of cyberspies knows how to find where the bad guys are operating and work with clients to protect their data. He describes in detail how he became the “go-to” ransomware negotiator in the country. He also explains the dark web and how it helps criminals steal information and shares why his team has seen a steady increase in threat actors accessing data remotely over the last 12 months.
Topics: News Ransomware Podcast
Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy
By External Author on Jul 21, 2021 9:00:00 AM
In a series of ransomware payment negotiations last December, operatives from a gang known as “Egregor” alternated from treating their victims with surprising civility, and behaving like cartoonish movie villains.
Topics: News Ransomware
Podcast: What’s Next for REvil’s Victims?
By External Author on Jul 19, 2021 7:15:00 PM
Last week, the servers of ransomware giant REvil vanished.
Topics: News Ransomware Podcast
Podcast: Ransomware - a very 21st century crime
By External Author on Jul 18, 2021 8:45:00 AM
The rush to go digital during Covid-19 has coincided with a marked rise in ransomware attacks.
Topics: News Ransomware Podcast
Podcast: Threat actors changing ransomware tactics
By External Author on Jul 15, 2021 10:00:00 AM
Guest Kurtis Minder from GroupSense joins Dave to discuss divergent ransomware trends, the guys have a listener reminder about it being CompTIA, Joe, Dave has a story about a coupon scam in the Houston area, Joe's story is about a real estate rental scam and a scammer who likes to talk about his work, and our Catch of the Day is from a listener named Craig with an email about an unprofessional colleague and a questionable attachment.
Topics: News Ransomware Podcast
REvil gang suddenly goes silent leaving victims unable to recover systems
By External Author on Jul 14, 2021 8:45:00 AM
The dark web sites operated by the notorious REvil ransomware group suddenly went offline on Tuesday, prompting speculation that the US or Russian governments stepped in. Meanwhile, victims and the security companies working for them to recover data have been put in a more difficult situation.
Topics: News Ransomware
Ransomware gang REvil's websites become unreachable
By External Author on Jul 13, 2021 4:15:00 PM
WASHINGTON, July 13 (Reuters) - Websites run by the ransomware gang REvil suddenly became unreachable on Tuesday, sparking widespread speculation that the group had been knocked offline.
Topics: News Ransomware
Hacking group behind widespread ransomware attacks disappears online
By External Author on Jul 13, 2021 3:45:00 PM
A cybercriminal group that took responsibility for a massive ransomware attack that affected hundreds of businesses this month has disappeared from sight online.
Topics: News Ransomware
Russia’s most aggressive ransomware group disappeared. It’s unclear who disabled them.
By External Author on Jul 13, 2021 1:30:00 PM
Just days after President Biden called President Vladimir V. Putin of Russia and demanded that he act to shut down ransomware groups that are attacking American targets, the biggest of them has gone off-line. The mystery is who made that happen.
Topics: News Ransomware
Waikato DHB could 'use some help' with ransomware clean up
By External Author on Jul 10, 2021 10:00:00 AM
Kurtis Minder is the chief executive of GroupSense, a US-based company that deals in the prevention of and response to ransomware and other cyber attacks.
Topics: News Video Ransomware
The anatomy of a ransomware attack
By External Author on Jul 9, 2021 10:00:00 AM
Just hours before the Fourth of July weekend, a huge, coordinated cyberattack hit hundreds of businesses across the world. A group of hackers broke in by exploiting a hole in the software code of an information technology company with a wide-ranging client base, then demanded $70 million in ransom.
Topics: News Ransomware
Ransomware Negotiations Spark New Business For Cybersecurity Companies
By External Author on Jul 8, 2021 11:00:00 AM
The rise of ransomware attacks directed at U.S. companies is creating demand for a new service from cybersecurity companies: ransomware negotiations.
Topics: News Video Ransomware
Ransomware group demands $70 million for Kaseya attack
By External Author on Jul 5, 2021 9:45:00 AM
The ransomware group REvil has demanded a $70 million payment in Bitcoin for a decryptor tool following its attack on the software vendor Kaseya, cyber researchers say.
Topics: News Ransomware
Why has data stolen in the HSE cyberattack not yet appeared online?
By External Author on Jul 3, 2021 9:30:00 AM
Topics: News Ransomware
Kaseya Ransomware Incident
By Editorial Team on Jul 2, 2021 5:43:58 PM
GroupSense analysts became aware of a wide-spread attack leveraging Kaseya’s Vector Signal Analysis (VSA) platform, commonly in use by Managed Service Providers.
Topics: Blog Ransomware
Negotiating with ransomware criminals creates new business for security professionals
By External Author on Jun 29, 2021 12:00:00 PM
A growing swarm of ransomware attacks has created a cottage industry of tech whizzes willing to do what companies and law enforcement won’t: negotiate with the cybercriminals taking systems and data hostage.
Topics: News Ransomware
Could curtailing cryptocurrency calm cyber crime wave?
By External Author on Jun 28, 2021 2:30:00 PM
Besides outright banning ransom payments, one of the most widely circulated policy ideas to curtail ransomware would be to treat cryptocurrencies as a bonafide component of the financial system: require cryptocurrency exchanges or the cryptocurrencies themselves to abide by regulations that reduce anonymity and prevent money laundering.
Topics: News Ransomware
Podcast: Kurtis Minder - The Seven Dirty Words of Cybersecurity
By External Author on Jun 22, 2021 12:00:00 PM
If you have been reading about or watching news shows discussing ransomware, more than likely, you have seen Kurtis Minder. He has been nearly omnipresent across multiple platforms because his team at Groupsense has been putting in the work to help the victims of ransomware attacks negotiate with attackers in order to get their data back.
Topics: News Ransomware Podcast
Monero emerges as crypto of choice for cybercriminals
By External Author on Jun 22, 2021 9:00:00 AM
For cybercriminals looking to launder illicit gains, bitcoin has long been the payment method of choice. But another cryptocurrency is coming to the fore, promising to help make dirty money disappear without a trace.
Topics: News Ransomware
Can the ransomware threat be stopped?
By External Author on Jun 17, 2021 2:00:00 PM
Ransomware attacks have become one of the biggest threats in cybersecurity today. Cybercriminals have blocked access to a major US oil pipeline, shut down hospitals in Ireland and halted operations in the world's largest meat processing company.
Topics: News Video Ransomware
Why backups are not the panacea for recovery from a ransomware attack
By External Author on Jun 17, 2021 9:15:00 AM
The most pervasive wisdom about preventing damage from ransomware is to backup systems. FujiFilm and Colonial Pipeline in fact, restored from back-ups. So in an era of increased concern about ransomware, is solving the ransomware scourge as simple as investing in some backups?
Topics: News Ransomware
Podcast: Ransomware Threats in Illinois
By External Author on Jun 15, 2021 12:30:00 PM
In the past year, several Illinois organizations have been compromised by ransomware groups, which often demand payment in cryptocurrency under threat of compromising services or leaking sensitive data.
Topics: News Ransomware Podcast
One of ransomware's top negotiators would rather you not have to hire him
By External Author on Jun 14, 2021 3:00:00 PM
Kurtis Minder, CEO of threat intelligence firm GroupSense, received a lot of press as a top negotiator in ransomware cases. But he’d rather you not hire him or his peers to negotiate. Instead, he says, he’d much rather you stop the ransomware attack before you’d ever need to call him in.
Topics: News Ransomware
Podcast: The World Tonight ransomware discussion with Kurtis Minder
By External Author on Jun 11, 2021 10:00:00 AM
Kurtis Minder speaks to Razia Iqbal of BBC News on what happens when a ransomware attack occurs and if they can be prevented. In his discussion he explains the basic steps he takes when starting a ransomware negotiation and his experiences throughout the process.
Topics: News Ransomware Podcast
Secrets of a ransomware negotiator
By External Author on Jun 10, 2021 8:45:00 AM
Kurtis Minder told CNN when discussing ransomware negotiation: "Part of this whole process is also about being a counselor and helping them (the victim) remain objective during this unfortunate event."
Topics: News Video Ransomware
The business of negotiating with ransomware hackers
By External Author on Jun 9, 2021 12:00:00 PM
Recent ransomware attacks have shown just how vulnerable any business can be to hackers. The growing threat has forced some companies to negotiate with hackers, and has created a whole new business to help corporations navigate the process. Kurtis Minder, a ransomware negotiator and the founder and CEO of GroupSense, joined CBSN to discuss.
Topics: News Video Ransomware
GroupSense and CipherTrace Partner to Reduce Cyrptocurrency Cybercrime
By Editorial Team on Jun 9, 2021 8:45:00 AM
Arlington, Va. – June 08, 2021 – GroupSense, a digital risk protection services company, and leading crypotcurrency intelligence company CipherTrace, accounce combining their threat intelligence offerings for enterprise clients who are victims of ransomware attacks.
Topics: News Press Releases
Podcast: The booming ransomware business
By External Author on Jun 8, 2021 9:00:00 AM
Hackers are making millions from ransomware attacks. What can be done to stop them? Ed Butler speaks to professional ransomware negotiator Kurtis Minder, about the increasing professionalisation of the ransomware business. Kimberly Grauer, head of research at Chainalysis explains why following the bitcoin trail may be the best way of bringing ransomware gangs to justice and Vishaal Hariprasad, boss of cyber insurance company Resilience, tells us why the ransomware threat means there needs to be a stepchange in how companies view cyber security.
Topics: News Ransomware Podcast
Webinar: Cyber Ransom Negotiation
By External Author on Jun 7, 2021 9:00:00 AM
Ransomware is not just a problem for large enterprises and utility companies, it is impacting thousands of small and medium businesses in all sectors. Kurtis Minder, founder of digital risk protection services company GroupSense, has led the response, mitigation, and negotiations of ransomware incidents world-wide. He will share how these attacks occur, who are the perpetrators, how to minimize the chances of being a victim, and what to do if you are.
Topics: Webinar Ransomware
Podcast: The Current- Examining the threat of ransomware attacks
By External Author on Jun 7, 2021 8:45:00 AM
The U.S. government says it's taking ransomware attacks as seriously as terrorism after meat plants and a major U.S. pipeline network were temporarily shuttered by hackers. But will that make it any easier to catch the perpetrators? Joe Uchill, a senior reporter with online cybersecurity publication SC Media, brings us the view from Washington. We also speak with Kurtis Minder, founder and CEO of GroupSense, which helps organizations defend against cyber threats; and David Shipley, co-founder and CEO of Fredericton-based cybersecurity startup Beauceron Security.
Topics: News Ransomware Podcast
Bloomberg Quicktake "Take the Lead" with Kurtis Minder
By External Author on Jun 4, 2021 9:30:00 AM
Kurtis Minder, #GroupSense CEO, speaks to Bloomberg about ransomware and ransomware negotiations at 41:52.
Topics: News Video Ransomware
A cybersecurity expert takes us inside a ransomware attack on a 70-employee company
By External Author on Jun 2, 2021 11:00:00 AM
At GroupSense, there’s such a demand for ransomware remediation services they’ve added a hotline that’s featured prominently on the frontpage of their website. No one escapes this form of cyberthreat, Minder told Insider.
Topics: News Ransomware
Meet the ransomware negotiators you hope you'll never need
By External Author on Jun 1, 2021 9:30:00 AM
Kurtis Minder has some advice about how to negotiate with criminals who extort millions of dollars by crippling companies’ computer systems and stealing their data: Don’t call them “bad guys.”
Topics: News Ransomware
How to Negotiate with Ransomware Hackers
By External Author on May 31, 2021 8:00:00 AM
A few days after Thanksgiving last year, Kurtis Minder got a message from a man whose small construction-engineering firm in upstate New York had been hacked. Minder and his security company, GroupSense, got calls and e-mails like this all the time now, many of them tinged with panic. An employee at a brewery, or a printshop, or a Web-design company would show up for work one morning and find all the computer files locked and a ransom note demanding a cryptocurrency payment to release them.
Topics: News Ransomware
Podcast: Ransomware Negotiators Step In When Companies Are Hacked
By External Author on May 25, 2021 8:45:00 AM
Ransomware attacks that lock up a victim's systems have become more common. So have people who negotiate with the hackers on behalf of the victims. Kurtis Minder, co-founder of the cyber reconnaissance startup GroupSense, discusses what those negotiations are like, and cybersecurity reporter David Uberti discusses how this approach is viewed within the cyber community. Christopher Zinsli hosts...
Topics: News Ransomware Podcast
Ransomware Boom Forces More Companies to Cut Deals With Criminals
By External Author on May 20, 2021 8:45:00 AM
Kurtis Minder got into the ransomware negotiation business by accident early last year.
Topics: News Ransomware
Brace for ransomware attacks, Midsize Pharma
By External Author on May 19, 2021 9:00:00 AM
“Industrywide, there is a lack of attention to some of the common things that cause breaches and open companies up to ransomware,” Maley says. “We’re becoming immune to these types of things, as they happen more frequently. We’re seeing the same things across sectors. It’s a lack of attention to the basics.”
Topics: News Ransomware
GroupSense Unveils Ransomware Response Readiness Assessment
By Editorial Team on May 19, 2021 8:45:00 AM
Since the publishing of this blog post, GroupSense has rebranded the R3A into the Ransomware Response Readiness Subscription (R3S). You can find more information on the R3S service here.
________________________________________________________________________________________________
ARLINGTON, Va., May 19, 2021 /PRNewswire/ -- GroupSense, a digital risk protection services company, today announced its Ransomware Response Readiness Assessment (R3A) service offering.
GroupSense's threat intelligence team, including experts who have extensive experience remediating ransomware attacks, will provide three core functions as part of this new service: a readiness assessment, to identify gaps in ransomware response capabilities; a response playbook, to provide a step-by-step action plan should an attack occur; and a tabletop exercise, to test and validate the playbook.
Topics: News Press Releases
Webcast: Ransomware in the Remote Work Era
By External Author on May 10, 2021 4:30:00 PM
Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
- The rise in ransomware under the cloak of the pandemic
- Why email continues to be the channel of choice
- The difference between fully automated and human-operated campaigns
- How to decide whether or not to pay or not to pay the ransom
- Why your backups may not be immune to ransomware
- Addressing the threat with best practices
Speakers
- Nicole Hoffman, Intelligence Analyst, GroupSense
- Courtney Radke, CISO for National Retail, Fortinet
- Patrick Lee, Senior Incident Response Consultant, Rapid7
Topics: Blog Video Webinar Ransomware
SIM Swapping: What Is It and How to Protect Yourself From It
By Editorial Team on Apr 27, 2021 12:15:57 PM
Recently, a hacker known as PeteRepete leaked over 533 million Facebook users’ personal information online. There were no passwords in the database, but it did contain full names, phone numbers, email addresses, employer information, and a few other pieces of information from Facebook users’ profiles. GroupSense confirmed only a small portion of the records contained email addresses, but almost all of the records contained a phone number.
Topics: Blog
Cyber insurance companies need to focus more on risk profiles - and less on security ratings scores
By External Author on Apr 23, 2021 8:30:00 AM
Security ratings services have become a popular way for companies to assess their own cybersecurity posture, as well as that of their partners. And, while they are useful for establishing a data baseline of competence, they are often relied on as something more than that. For example, they’re used in boardrooms as “eye candy” to portray the state of company cyber-risk, with supply chain partners to manage third-party risk and, even more frightening, by insurance companies to create risk profiles for cyber-insurance policies.
Topics: News Blog
Punishing the victim won't stop ransomware
By External Author on Apr 8, 2021 8:45:00 AM
Imagine, for a moment, that you own a small business -- say, a regional dairy farm producing milk, ice cream, yogurt, and other products. And, like so many companies in the food manufacturing sector, you get hit by ransomware. You can’t access any of the data you need to run your business -- so you don’t know which products to ship, where to ship them, what prices you’ve negotiated, who’s paid and who hasn’t… everything is locked up. And, the clock is ticking -- you can’t tolerate extended downtime or products will spoil and customers will defect to other vendors.
Topics: News Ransomware
Ransomware negotiations: An inside look at the process
By External Author on Mar 29, 2021 8:45:00 AM
As ransomware attacks continue to surge across the globe, the demand for negotiation services has also increased -- and been hard to fill.
Topics: News Blog Ransomware
Big Game Hunting: CARBON SPIDER and SPRITE SPIDER Target ESXI Servers
By External Author on Mar 16, 2021 8:45:00 AM
Big Game Hunting, the targeted large-scale ransomware campaign, is now regarded as the primary cyber threat to organizations across all sectors including financial, healthcare, and government in 2021. Leaking stolen data in an effort to pressure victims into paying is part of a broader trend across the BGH ecosystem. In the recent headlines, the ransomware operators go beyond the traditional dominance of Windows operating systems and now target VMware ESXi hypervisor. In this Ransomware Battleground, let’s look at how SPRITE SPIDER(Defray777 Ransomware) and CARBON SPIDER (Parkside Ransomware) operate in volume tactics. How do Cybercrime actors now back to use Linux variants of ransomware configured specifically to affect ESXi hosts?
In this talk, we will cover:
- What are Big Game Hunting tactics? And what did ransomware operator behavior change during Covid-19? (from POS to ESXi)
- How do you defend encrypting virtual infrastructure in your corporate network? Credential harvesting and payload ingesting?
- Why is Agentless Zero Trust Isolation and Ransomware Kill Switch the answer to stop Hypervisor "Jackpotting"?
Topics: Video Webinar Ransomware
Dropbox Security Concerns
By Editorial Team on Mar 9, 2021 9:00:00 AM
Users quickly adopted the cloud storage tool Dropbox at the start of the COVID-19 pandemic to alleviate file sharing issues and facilitate group work. Updates to Dropbox Spaces, a project management tool, reflect this shift, easing communications for remote work.1 The file-sharing company seeks to enhance collaboration and information-sharing within a distributed workforce, both now and in the future.