Coveware censors post after ransomware actors use it for promotion
Sam Varghese reports:
Incident response firm Coveware has deleted a small portion of an article it had posted online in 2019, after the actors behind the REvil ransomware group — also known as Sodinokibi — used it to promote the efficiency of their own decryptor over that of the one used by rival ransomware actor, Ryuk.
Security researcher Vitali Kremez, who works for a company known as Advanced Intelligence, pointed to the use of the material from a Coveware article, which originally said: “In Q2 2019, victims who paid for a decryptor recovered 92% of their encrypted data. This statistic varied dramatically depending on the ransomware type. For example, Ryuk ransomware has a relatively low data recovery rate, at ~87%, while Sodinokibi was close to 100%.”
Read more on ITWire.
While Coveware responded by removing the statement and noting that they did not condone criminals using the firm’s findings to advertise their criminal services, they note that the situation was an unintended — and unwelcome — byproduct of transparency in sharing their findings.