SuspectFile Exclusive: Grief ransomware group changes the rules of negotiation
SuspectFile Exclusive: Grief ransomware group changes the rules of negotiation
Marco A. De Felice aka amvinfe June 1, 2021 No Comments GDPR Grief Ransomware Ransomware SuspectFile.com
Facebook Twitter
Grief is a new ransomware group that hit the headlines a few days ago when it started listing the names of its first victims on its Tor site and uploading the first exfiltrated data.
At the moment Grief has made public the names of 5 affected entities, although it is now known that there is a sixth: Clover Park School District . Dissent ( @PogoWasRight ) talked about it in his article on DataBreaches.net on May 26th.
The other entities affected are:
Home Decor GB Ltd , a British company that produces high quality furniture (Grief does not specify, at the moment, the total amount of stolen data)
Municipality of Porto Sant'Elpidio , Italian municipality in the province of Fermo - Marche Region (8 GB of stolen data)
La Concha , a Mexican company operating in the field of confectionery and food (about 1 GB of data exfiltrated)
Puntacana Group , a company group in the Dominican Republic that operates in the field of services (approximately 10 GB of stolen data)
Mobile County , County in the US state of Alabama (approximately 7GB of data is in Grief's hands)
In recent days SuspectFile has tried, and succeeded, to establish contact with Grief, a frank, loyal conversation was born. We did not ask, for example, what were the methods used during the attacks on IT systems, just as we never asked the extent of the ransoms requested from the victims.
We wanted to ask different questions. We initially asked for dates relating to intrusions into the systems of the affected entities. This is to understand whether or not the companies had complied with the legal obligations in force in their respective countries regarding the protection of sensitive data.
We asked if among the data in their possession there were also health documents, or in any case sensitive documents of employees of companies or private citizens. None of the questions we asked have been answered.
Just as we were not answered when we asked if they were still inside the hacked systems.
Another question we wanted to ask Grief, among all the one we were most interested in having an answer, was that relating to attacks on hospital entities. We asked him if hospitals were among his goals.
We were given an answer that reassured us in substance, less so in the form they wanted to use.
Here is their answer:
We aren’t going to target health sector. We know some players like it, but there are a lot more interesting sectors to make money. Some things like plastic surgery or pharma sector have almost nothing with health but have lot of money – so they will come to our lists too.
When we asked further questions we were answered with a real statement.
SuspectFile has chosen to publish it in its entirety, aware that this will trigger criticism from many parts against us. But we made this decision because we believe that what the Grief said could help shed light on new extortion methods that many other cybercriminals are likely to implement soon.
Grief in the document underlines some of its cornerstones to which they will refer and which they will concern
the method of action
negotiation
the timing
In one part of their declaration the index is "pointed" at companies guilty of not paying, in terms of law, for the lack of protection and protection of data. Grief refers to the European law on the General Data Protection Regulation ( GDPR ) also on its site within the Tor networks.
It also blames companies for unnecessarily spending money to pay for consultants' consultations and those given to insurance companies.
They end the press release with a slogan also present on their website "Pay or Grief" declaring, finally, that they will not allow discounts, negotiations or waste of time.
Marco A. De Felice aka amvinfe June 1, 2021 No Comments GDPR Grief Ransomware Ransomware SuspectFile.com
Facebook Twitter
Grief is a new ransomware group that hit the headlines a few days ago when it started listing the names of its first victims on its Tor site and uploading the first exfiltrated data.
At the moment Grief has made public the names of 5 affected entities, although it is now known that there is a sixth: Clover Park School District . Dissent ( @PogoWasRight ) talked about it in his article on DataBreaches.net on May 26th.
The other entities affected are:
Home Decor GB Ltd , a British company that produces high quality furniture (Grief does not specify, at the moment, the total amount of stolen data)
Municipality of Porto Sant'Elpidio , Italian municipality in the province of Fermo - Marche Region (8 GB of stolen data)
La Concha , a Mexican company operating in the field of confectionery and food (about 1 GB of data exfiltrated)
Puntacana Group , a company group in the Dominican Republic that operates in the field of services (approximately 10 GB of stolen data)
Mobile County , County in the US state of Alabama (approximately 7GB of data is in Grief's hands)
In recent days SuspectFile has tried, and succeeded, to establish contact with Grief, a frank, loyal conversation was born. We did not ask, for example, what were the methods used during the attacks on IT systems, just as we never asked the extent of the ransoms requested from the victims.
We wanted to ask different questions. We initially asked for dates relating to intrusions into the systems of the affected entities. This is to understand whether or not the companies had complied with the legal obligations in force in their respective countries regarding the protection of sensitive data.
We asked if among the data in their possession there were also health documents, or in any case sensitive documents of employees of companies or private citizens. None of the questions we asked have been answered.
Just as we were not answered when we asked if they were still inside the hacked systems.
Another question we wanted to ask Grief, among all the one we were most interested in having an answer, was that relating to attacks on hospital entities. We asked him if hospitals were among his goals.
We were given an answer that reassured us in substance, less so in the form they wanted to use.
Here is their answer:
We aren’t going to target health sector. We know some players like it, but there are a lot more interesting sectors to make money. Some things like plastic surgery or pharma sector have almost nothing with health but have lot of money – so they will come to our lists too.
When we asked further questions we were answered with a real statement.
SuspectFile has chosen to publish it in its entirety, aware that this will trigger criticism from many parts against us. But we made this decision because we believe that what the Grief said could help shed light on new extortion methods that many other cybercriminals are likely to implement soon.
Grief in the document underlines some of its cornerstones to which they will refer and which they will concern
the method of action
negotiation
the timing
In one part of their declaration the index is "pointed" at companies guilty of not paying, in terms of law, for the lack of protection and protection of data. Grief refers to the European law on the General Data Protection Regulation ( GDPR ) also on its site within the Tor networks.
It also blames companies for unnecessarily spending money to pay for consultants' consultations and those given to insurance companies.
They end the press release with a slogan also present on their website "Pay or Grief" declaring, finally, that they will not allow discounts, negotiations or waste of time.
