Coveware: Ransomware Recovery First Responders
Cart 0
Blog Quarterly Reports
Report an attack
Ransomware Incident Response Retained Services Unidecrypt Recon - Forensic Triage
About Us Press Industry News
Cart 0
Products & Services Ransomware Incident Response Retained Services Unidecrypt Recon - Forensic Triage About About Us Press Industry News Blog Quarterly Reports
Coveware: Ransomware Recovery First Responders
Report an attack
 
Ransomware Blog

Ransomware Recovery Blog

The Coveware team prides itself on keeping up-to-date, 24/7 with every aspect of ransomware and its possible threat to your business.

If you need immediate help with a specific ransomware strain, or are curious about the threat landscape of your industry, then let us know.

Learn more →
 
 
 
The organizational structure of ransomware threat actor groups is evolving before our eyes
The organizational structure of ransomware threat actor groups is evolving before our eyes

The Ransomware-as-a-service (RaaS) model has not recovered from law enforcement disruption, and the entrance of novice actors along with non-Russian state-linked cybercriminals has led to uncertain outcomes for victims.

Read More
Bill SiegelMay 1, 2025Quarterly Report
Will Law Enforcement success against ransomware continue in 2025?
Will Law Enforcement success against ransomware continue in 2025?

2024 was a banner year for Law enforcement agency actions against ransomware and cybercrime groups. Will the new administration ensure this momentum continues?

Read More
Bill SiegelFebruary 4, 2025Quarterly Report
Misleading Metrics: Unraveling Ransom Payment Statistics in Australia
Misleading Metrics: Unraveling Ransom Payment Statistics in Australia

A recent Australian Financial Review (AFR) article contained statistics about ransomware payment trends that require some deeper inspection.

Read More
Bill SiegelDecember 3, 2024
Law enforcement doxxing raises risk profile for threat actors
Law enforcement doxxing raises risk profile for threat actors

In Q3 2024 Law enforcement actions disrupted infrastructure and publicized the identity of several prolific ransomware threat actors

Read More
Bill SiegelNovember 1, 2024Quarterly Report
Ransomware actors pivot away from major brands in Q2 2024
Ransomware actors pivot away from major brands in Q2 2024

Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks as they attempt to obfuscate their identity in Q2 2024.

Read More
Bill SiegelJuly 30, 2024Quarterly Report
RaaS devs hurt their credibility by cheating affiliates in Q1 2024

RaaS developers were caught cheating their affiliates, shaking the trust in the RaaS model following several high profile law enforcement actions.

Read More
Bill SiegelApril 17, 2024Quarterly Report
New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying
New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying

A lower percentage of ransomware victims are paying, as new regulations begin to elicit more and more public disclosure of ransomware incidents.

Read More
Bill SiegelJanuary 26, 2024Quarterly Report
Scattered Ransomware Attribution Blurs Focus on IR Fundamentals
Scattered Ransomware Attribution Blurs Focus on IR Fundamentals

In Q3 2023 a series of ransomware attacks by similar threat actors created headlines and blurred the lines of attribution.

Read More
Bill SiegelOctober 30, 2023Quarterly Report
Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments
Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments

As ransomware affiliates are paid less frequently, they have adapted their strategies to compensate for the shifting dynamics of cyber extortion.

Read More
Bill SiegelJuly 21, 2023Quarterly Report
Big Game Hunting is back despite decreasing Ransom Payment Amounts
Big Game Hunting is back despite decreasing Ransom Payment Amounts

Ransomware threat actors are moving back up-market in search of lost profits as the cyber extortion economy seeks to halt its contraction. 

Read More
Bill SiegelApril 28, 2023Quarterly Report
Improved Security and Backups Result in Record Low Number of Ransomware Payments
Improved Security and Backups Result in Record Low Number of Ransomware Payments

Only 37% of ransomware victims paid a ransom in Q4, a record low as security and backup continuity investments pay off.

Read More
Bill SiegelJanuary 20, 2023Quarterly Report
Uber Verdict Raises New Risks for Ransom Payments
Uber Verdict Raises New Risks for Ransom Payments

The conviction of a high profile security executive who paid to suppress a data leak has created a new dimension of risk for security executives.

Read More
Bill SiegelOctober 26, 2022Quarterly Report
Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022
Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022

Ransomware actors became more fluid in Q2 2022 as attribution becomes harder, and fewer victims succumb to paying cyber criminals.

Read More
Bill SiegelJuly 28, 2022Quarterly Report
HSGAC Hearing Recap: Ransomware Attacks and Ransom Payments Enabled by Cryptocurrency
HSGAC Hearing Recap: Ransomware Attacks and Ransom Payments Enabled by Cryptocurrency

During a recent HSGAC hearing, Coveware had the opportunity to provide testimony on how ransomware attacks are impacting US companies, and the importance mandatory reporting.

Read More
Bill SiegelJune 14, 2022
Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting
Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting

Less Victims of Ransomware are Paying, even as Cybercriminals Shift from Big Game to Big Shame Hunting

Read More
Bill SiegelMay 3, 2022Quarterly Report
How the Russian/Ukraine war may lead to an explosion in Ransomware attacks
How the Russian/Ukraine war may lead to an explosion in Ransomware attacks

The long term impact of sanctions on Russian unemployment has the potential to increase the volume of future Ransomware attacks.

Read More
Bill SiegelMarch 25, 2022
Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021
Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021

Ransomware as a service groups are shifting their tactics as enterprises become harder targets, and law enforcement pressure mounts.

Read More
Bill SiegelFebruary 3, 2022Quarterly Report
Ransomware as a Service Innovation Curve
Ransomware as a Service Innovation Curve

As the Ransomware attacks continue, the direction and growth of the RaaS model is following a traditional innovation trajectory.

Read More
Bill SiegelJanuary 27, 2022
Ransomware attackers down shift to 'Mid-Game' hunting in Q3 2021
Ransomware attackers down shift to 'Mid-Game' hunting in Q3 2021

Ransomware attacks continued to proliferate in Q3 as governments and law enforcement ratchet up the pressure of the cyber extortion economy

Read More
Bill SiegelOctober 21, 2021Quarterly Report
Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority
Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority

Ransomware payment amounts declined in Q2 as several high profile attacks escalated the attention of the US government and law enforcement.

Read More
Bill SiegelJuly 23, 2021Quarterly Report
Older
Hours
What We Do
Ransomware Incident Response Ransomware Analytics Retained Services
Industry News
Ransomware By Industry Coveware Blog Press
Who We Are
About Contact Us Careers
Legal
Privacy Policy Terms of Service
 

PO Box 621 - 275 Post Road E STE 10 - Westport CT, 06881 Copyright 2025 Coveware, Inc. All Rights Reserved.