This week saw the emergence of a new group calling themself “Pay or Grief.” Or maybe they call themselves “Grief” or “Grief_List.” I really am not sure because they haven’t responded to simple questions like “What do we call you?”
In any event, DataBreaches.net noted two of their attacks and now SuspectFile was able to get an actual statement from the threat actors that may help us predict their behavior.
First, SuspectFile got them to state on the record that they will not target the health care sector. Their reasons, however, are not altruistic at all:
We know some players like it, but there are a lot more interesting sectors to make money. Some things like plastic surgery or pharma sector have almost nothing with health but have lot of money – so they will come to our lists too.
Significantly, they informed SuspectFile:
Who are we? We are the new generation… No more Discounts, time of long-term negotiations with brainwashing and tons of proofs is finished. The game is over for companies who like long negotiations, pay or grief come to you. We have all leaked files… On our website What about GDPR? Everyone just talks about GDPR. Nobody obeys this law. Plenty of hacked companies that leaked files including id, confidential information, scans etc wasn’t sanctioned for leak. We could stay inside the companies for weeks. It is enough for downloading confidential information, mails, id and other We have analyzed many ransomware groups and we are not like they. Companies are spending a lot of money hiring company-negotiatiors. Where is the result? Nothing. They spend money and time while the documents are publishing. Who won? Company-negotiatiors/Insurance companies. Now we define the rules of the game, fuck discounts, fuck negotiations, fuck time wasting… Pay or Grief. This is our statement
There’s a lot to unpack there. Read SuspectFile’s commentary on their interactions with these threat actors. Marco also has a write-up on another one of this group’s victims: Mobile County, Alabama. You can read that on SuspectFile, too.