Grief ransomware has emerged with a new look and the same modus operandi as DoppelPaymer ransomware. Ransomware groups adopt this tactic of changing names to try to evade the radar of authorities.
The old DoppelPaymer ransomware was active until May, some time after one of the largest attacks made against a US company, the attack made by the Darkside ransomware on the Colonial Pipeline company.
That attack led to diplomatic problems between the United States and Russia, the country in which the group was likely operating.
In the face of this great attention caused by the attack on Colonial Pipeline, the DoppelPaymer ransomware has ceased its activities, not with an official note, the group simply stopped updating its Dark Web site, this is an indication that the group has ceased its activities.
And now it seems that the group has not completely stopped its activities, just dressed in a new outfit, adopted a new name and continued with the attacks, now under the name of ransomware Grief.
The group operates using the RaaS tactic (Ransomware as a service) is an affiliate program of cybercriminals, they advertise their ransomware on forums selling their services to people interested in making the attacks.
This type of tactic is highly advantageous for the groups and makes virtually every company in the world a viable target for their attacks.
The Grief ransomware encryption, like the vast majority of ransomware, is virtually impossible to break without the decryption key.
Therefore, the group threatens the victim not to seek expert help, if the victim does, the decryption key is deleted and the files can never be decrypted, the stolen files will be leaked.
Still in this scenario Digital Recovery is able to recover the encrypted data, we have our own technology, called Tracer, which enables us to have good results in this type of recovery.
Surely we have helped our customers save millions by not paying the ransom.
During the whole process, the client is accompanied by one of our specialists who will clarify any doubts about the process.
All our processes are done in accordance with the GDPR (General Data Protection Regulation) so that there is total protection for the company.
Count on Digital Recovery’s exclusive approaches to recover encrypted data.