Latest news with #Coveware
Al Bawaba
13-08-2025
- Business
- Al Bawaba
Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts
Coveware by Veeam®, the leading authority in ransomware response and cyber extortion trends, today unveiled its Q2 2025 ransomware report, spotlighting a dramatic escalation in targeted social engineering attacks and a surge in ransom payments driven by sophisticated data exfiltration tactics.'The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook,' said Bill Siegel, CEO of Coveware by Veeam. 'Attackers aren't just after your backups – they're after your people, your processes, and your data's reputation. Organizations must prioritize employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought,'Key Q2 2025 findings from Coveware by Veeam include:• Social Engineering Drives the Biggest Threats: Three major ransomware groups – Scattered Spider, Silent Ransom, and Shiny Hunters – dominated the quarter, each leveraging highly targeted social engineering to breach organizations across sectors. These groups abandoned mass opportunistic attacks for precision strikes, using novel impersonation tactics against help desks, employees, and third-party service providers.• Ransom Payments Soar to New Highs: Both the average and median ransom payments rocketed to $1.13 million (+104% from Q1 2025) and $400,000 (+100% from Q1 2025), respectively. This spike is attributed to larger organizations paying out after data exfiltration-only incidents, even as the overall rate of organizations paying ransoms held steady at 26%.• Data Theft Overtakes Encryption as Primary Extortion Method: Exfiltration was a factor in 74% of all cases, with many campaigns now prioritizing data theft over traditional system encryption. Multi-extortion tactics and delayed threats are on the rise, keeping organizations in the crosshairs long after an initial breach.• Professional Services, Healthcare, and Consumer Services Hit Hardest: Professional services (19.7%), healthcare (13.7%), and consumer services (13.7%) bore the brunt of attacks. Mid-sized companies (11 – 1,000 employees) comprised 64% of victims, a sweet spot for attackers balancing payout potential against less mature defenses.• Attack Techniques Evolve, Human Factor Remains Key Vulnerability: Credential compromise, phishing, and exploitation of remote services continue to dominate initial access, with attackers increasingly bypassing technical controls via social engineering. Groups regularly exploit vulnerabilities in widely-used platforms (Ivanti, Fortinet, VMware), and 'lone wolf' attacks by seasoned extortionists using generic, unbranded toolkits are on the rise.• New Entrants Reshape Ransomware Rankings: Q2's top ransomware variants were Akira (19%), Qilin (13%), and Lone Wolf (9%), while Silent Ransom and Shiny Hunters entered the top five for the first by Veeam has helped thousands of cyber extortion victims and developed industry leading software and services that enable rapid forensic triage, extortion negotiation and remediation, cryptocurrency settlements and decryption services with a singular goal and outcome - data recovery from ransomware attacks. Through these incidents, Coveware by Veeam has gathered data and insights on threat actor patterns that provide an unrivaled view of the current threat landscape. These valuable findings are shared with customers to help educate and reduce risks, improve security posture, and ensure rapid recovery. Select Coveware by Veeam capabilities are incorporated into Veeam offerings including Veeam Data Platform and the Veeam Cyber Secure Program, delivering the insights and capabilities to a broader set of customers. Coveware by Veeam's quarterly report is based on firsthand data, expert insights and analysis from the ransomware and cyber extortion cases that they manage each quarter. Utilizing real-time incident response, proprietary forensic tools (including Recon Scanner), and comprehensive documentation of threat actor behavior, attack vectors, and negotiation outcomes. By aggregating and analyzing case-specific data – rather than relying on third-party sources – Coveware by Veeam is able to identify emerging trends, track tactics, techniques, and procedures (TTPs), and provide actionable, experience-based intelligence on the rapidly evolving ransomware landscape. To learn more on this latest report from Coveware by Veeam, read the blog post. For more information on Veeam, visit
Yahoo
12-08-2025
- Business
- Yahoo
Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts
Spike in Targeted Attacks Highlights Critical Role of Data Resilience in Current Ransomware Landscape SEATTLE, August 12, 2025--(BUSINESS WIRE)--Coveware by Veeam®, the leading authority in ransomware response and cyber extortion trends, today unveiled its Q2 2025 ransomware report, spotlighting a dramatic escalation in targeted social engineering attacks and a surge in ransom payments driven by sophisticated data exfiltration tactics. "The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook," said Bill Siegel, CEO of Coveware by Veeam. "Attackers aren't just after your backups – they're after your people, your processes, and your data's reputation. Organizations must prioritize employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought." Key Q2 2025 findings from Coveware by Veeam include: Social Engineering Drives the Biggest Threats: Three major ransomware groups – Scattered Spider, Silent Ransom, and Shiny Hunters – dominated the quarter, each leveraging highly targeted social engineering to breach organizations across sectors. These groups abandoned mass opportunistic attacks for precision strikes, using novel impersonation tactics against help desks, employees, and third-party service providers. Ransom Payments Soar to New Highs: Both the average and median ransom payments rocketed to $1.13 million (+104% from Q1 2025) and $400,000 (+100% from Q1 2025), respectively. This spike is attributed to larger organizations paying out after data exfiltration-only incidents, even as the overall rate of organizations paying ransoms held steady at 26%. Data Theft Overtakes Encryption as Primary Extortion Method: Exfiltration was a factor in 74% of all cases, with many campaigns now prioritizing data theft over traditional system encryption. Multi-extortion tactics and delayed threats are on the rise, keeping organizations in the crosshairs long after an initial breach. Professional Services, Healthcare, and Consumer Services Hit Hardest: Professional services (19.7%), healthcare (13.7%), and consumer services (13.7%) bore the brunt of attacks. Mid-sized companies (11 – 1,000 employees) comprised 64% of victims, a sweet spot for attackers balancing payout potential against less mature defenses. Attack Techniques Evolve, Human Factor Remains Key Vulnerability: Credential compromise, phishing, and exploitation of remote services continue to dominate initial access, with attackers increasingly bypassing technical controls via social engineering. Groups regularly exploit vulnerabilities in widely-used platforms (Ivanti, Fortinet, VMware), and "lone wolf" attacks by seasoned extortionists using generic, unbranded toolkits are on the rise. New Entrants Reshape Ransomware Rankings: Q2's top ransomware variants were Akira (19%), Qilin (13%), and Lone Wolf (9%), while Silent Ransom and Shiny Hunters entered the top five for the first time. Coveware by Veeam has helped thousands of cyber extortion victims and developed industry leading software and services that enable rapid forensic triage, extortion negotiation and remediation, cryptocurrency settlements and decryption services with a singular goal and outcome - data recovery from ransomware attacks. Through these incidents, Coveware by Veeam has gathered data and insights on threat actor patterns that provide an unrivaled view of the current threat landscape. These valuable findings are shared with customers to help educate and reduce risks, improve security posture, and ensure rapid recovery. Select Coveware by Veeam capabilities are incorporated into Veeam offerings including Veeam Data Platform and the Veeam Cyber Secure Program, delivering the insights and capabilities to a broader set of customers. Coveware by Veeam's quarterly report is based on firsthand data, expert insights and analysis from the ransomware and cyber extortion cases that they manage each quarter. By utilizing real-time incident response, proprietary forensic tools (including Recon Scanner), and comprehensive documentation of threat actor behavior, attack vectors, and negotiation outcomes, Coveware by Veeam delivers unparalleled visibility into the threat landscape. By aggregating and analyzing case-specific data – rather than relying on third-party sources – Coveware by Veeam is able to identify emerging trends, track tactics, techniques, and procedures (TTPs), and provide actionable, experience-based intelligence on the rapidly evolving ransomware landscape. To learn more on this latest report from Coveware by Veeam, read the blog post. For more information on Veeam, visit About Veeam Software Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it. Veeam calls this radical resilience, and we're obsessed with creating innovative ways to help our customers achieve it. Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data portability, data security, and data intelligence. With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 67% of the Global 2000, that trust Veeam to keep their businesses running. Radical resilience starts with Veeam. Learn more at or follow Veeam on LinkedIn @veeam-software and X @veeam. Frequently Asked Questions: What are the biggest ransomware threats facing organizations in 2025? According to the latest report from Coveware and Veeam, the main threats are targeted social engineering attacks and data exfiltration, led by groups like Scattered Spider, Silent Ransom, and Shiny Hunters. Which industries and company sizes are most impacted by ransomware attacks? The latest report from Coveware and Veeam found professional services, healthcare, and consumer services firms are most targeted. Mid-sized companies (11–1,000 employees) make up 64% of victims due to less mature defenses. How have ransomware techniques evolved in 2025? The latest report from Coveware and Veeam found that attackers now focus on credential compromise, phishing, and exploiting remote services. Social engineering is a key weakness, and there's a rise in "lone wolf" attacks using generic toolkits and vulnerabilities in platforms like Ivanti, Fortinet, and VMware. How can organizations strengthen their defenses against ransomware? Coveware by Veeam advises boosting employee security awareness, hardening identity controls, and urgently addressing data exfiltration risks. Using Veeam's resilience and recovery solutions helps reduce risk and maintain business continuity. Recent Veeam News Veeam Positioned as a Leader in the 2025 Gartner® Magic Quadrant™ for Backup & Data Protection Platforms for the Ninth Consecutive Time HPE and Veeam Deepen strategic partnership to deliver superior data resiliency and recovery Veeam and CrowdStrike Partner to Bring Data Resilience to Customers View source version on Contacts For Veeam media inquiries, contact
Yahoo
10-03-2025
- Business
- Yahoo
Kept in the Dark: Inside the Somerset, Mass., School Cyberattack
Kept in the Dark is an in-depth investigation into more than 300 K-12 school cyberattacks over the last five years, revealing the forces that leave students, families and district staff unaware that their sensitive data was exposed. Use the search feature below to learn how cybercrimes — and subsequent data breaches — have played out in your own community. Here's what we uncovered about a massive attack on the school district in Somerset, Massachusetts. When a ransom note landed in the inboxes of high school leaders in Somerset, Massachusetts, the district hired consultants to negotiate — unsuccessfully — with the hackers. The district wound up paying a ransom to resolve the July 2020 cyberattack, according to documents obtained by The 74 through public records requests. In the eyes of the cybersecurity company brought in to consult, the school system got a good deal. Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter The hacker, who used an encrypted email service and the name Kristina D Holm, threatened to leak 50 gigabytes of data if Somerset school officials didn't hand over 60 bitcoin which, at the time, was worth about $660,000. 'If we don't reach an agreement we will start leaking your private data,' the hacker wrote, noting that for bitcoin they would also offer 'a list of security measures' to prevent future breaches. The note also provided documents to prove the writer had infiltrated district servers. Emails reveal that Coveware, a cybersecurity company that specializes in negotiating with hackers, got the ransom down to $200,000 after the firm made a $170,000 counteroffer. An invoice obtained by The 74 describes the ransom payment as being for 'technical consultant services and remediation.' 'Typically in situations where they drop very significantly and within range of our budget, we would recommend accepting the offer as we have seen these groups take offers away if they think we are nickel and diming them on the price,' Coveware incident response director Garron Negron wrote in a July 30 email ahead of the payment. The district didn't respond to requests for comment for this story. Records show that Beazley, the school district's cybersecurity insurance provider, approved the ransom payment and was a key player in selecting third-party vendors like Coveware for Somerset Berkeley's incident response. Six days after the attack, school officials contacted lawyers with the firm BakerHostetler to assess the cyberattack's impact and its data breach reporting obligations, but it wasn't until November — four months later —that the firm told them a 'programmatic review of the files' had been completed. 'Baker reviewed a sample of documents for each of the largest hit counts and helped narrow the scope for manual review,' staff attorney Damon Durbin wrote, adding that the preliminary review uncovered at least two Social Security numbers. Once the district approved a statement of work, Durbin wrote, consultants would 'conduct the review and produce a notification list that Baker will review with the District in order to determine notification obligations.' The school district reported the hack to local and federal law enforcement, records show, but not until after lawyers were on the scene. William Tedford, then the Somerset Police Department's technology director, requested in a July 31 email that the district furnish the threat actor's bitcoin address 'as soon as possible,' so he could share it with a Secret Service agent who 'offered to track the payment with the hopes of identifying the suspect(s).' 'There will be no action taken by the Secret Service without express permission from the decision-makers in this matter,' Tedford wrote, adding that officials with the state police cybersecurity program had also offered to help. 'All are aware of the sensitive nature of this matter, and information is restricted to only [the officers] directly involved,' said Tedford, who was promoted to department chief in August 2024. While law enforcement seemed willing to follow the school district's lead, the incident did open Somerset Berkeley to police scrutiny. In early August, Tedford pressed school officials about sexual misconduct allegations that the threat actor claimed to have stumbled upon and attempted to use as leverage during ransom negotiations. The hacker wrote: 'I am somewhat shocked with the contents of the files because the first file I chose at random is about a predatory/pedophilia incident described by young girls in one of your schools. This is very troubling even for us. I hope you have investigated this incident and reported it to the authorities, because that is some fucked up stuff. If the other files are as good, we regret not making the price higher.' Tedford asked if the accusation was legitimate and if the police had been notified. 'I need to cover these bases now that we have been made aware of this claim,' Tedford wrote in an Aug. 3 email. 'It's clear the attorneys don't want law enforcement involved, and that's fine, but this is a different issue.' In an emailed response, district Superintendent Jeffrey Schoonover said the police department is 'well aware of that situation,' which was related to an incident during an out-of-town show choir event. 'After a thorough investigation, no charges were filed,' Shoonover wrote, adding in a later email that an officer 'interviewed dozens of kids' in response to 'this entire unfortunate event.' In August 2020, the district was working on its talking points to the public and it's clear the consultants weren't far away. The 74 obtained a draft FAQ in which school officials were crafting their answer to the question: Why was the community not advised when this cyberattack first happened? They answered that they would 'have preferred to notify the public earlier' but couldn't 'to ensure the privacy of student records,' that they were unsure what, if any, records may have been compromised and that they were encouraged to 'wait to release any information until the investigation' was further along. In red italics next to the text are the words: Pending revisions from consultants. Somerset Berkley was 'unable to provide any further information' about whether the district paid a ransom, the document also notes. The public wasn't notified of the July attack until September, when Schoonover wrote in a letter that data breach victims would be contacted once its investigation was finalized — but he didn't divulge the $200,000 ransom payment. The district submitted a breach notice to Massachusetts regulators in December 2020 — five months after the incident — and disclosed that 85 commonwealth residents had their information exposed. Stolen records include Social Security, driver's license and credit card numbers.
New York Times
14-02-2025
- Entertainment
- New York Times
She Asked Him On a Second Date 20 Minutes Into the First One
Nina Alexandra Niles reached out to John William Hanifin IV on Hinge in a burst of spirited camaraderie. 'Hell yeah I went to Comic-Con this year as Batgirl of Burnside,' she said, noticing the last of his profile photos in October 2021: He was wearing a sparkly gold Daft Punk robot costume. Mr. Hanifin, 31, who goes by Billy, was then wowed by one of her photos in full Zombie makeup, and eager to see her Batgirl creation. 'Do you have pics?' asked Mr. Hanifin, who graduated with a bachelor's degree in computer science and a master's degree in cybersecurity from Fordham. He is now a development operations security engineer at Coveware, a ransomware remediation company. He found the Batgirl photos through her Instagram link on Hinge, and was dazzled by eight other costumes, particularly a green Scottish Highlands-style gown she wore as Merida from Disney's 'Brave' to the Renaissance Faire in Tuxedo, N.Y., in September. 'I like making elaborate costumes,' said Ms. Niles, 35, who has been hand sewing since high school. She graduated with a bachelor's degree in mechanical engineering from Northwestern, and is now a business control manager at JPMorgan Chase. To their amazement, they each had been to Comic-Con in October, and the Renaissance Faire, one day apart. But, a date had to wait. 'We're both Halloween nuts,' she said, and it was peak season. He had three parties and was hosting one at his apartment in Astoria, Queens. She was scrambling to finish her 1930s floor-length gown for the annual University Club Halloween dinner dance. After work, two weeks later, they met at Break Bar and Billiards in Astoria, a game bar he chose in case they ran out of things to say. He was intrigued by her rant on female superheroes in the Marvel film universe, but 20 minutes into the date was caught off-guard when she nonchalantly invited him to see the latest, 'Shang-Chi and the Legend of Ten Rings,' which he had already seen with his college buddies, like every Marvel release since 2012. 'You're asking me on a second date?' said Mr. Hanifin, teasing her for being so bold, and agreed to see it again. [Click here to binge read this week's featured couples.] They parted with a hug before she took the subway home to NoHo in Manhattan, and the next week, they saw the movie at a Midtown Manhattan theater with cushy seats, and halfway through it, snuggled. They then gushed over Awkwafina's supporting role at Tir Na Nog, a nearby pub, and later kissed good night. During their third date, in November, at a cocktail bar in Chinatown, they discussed becoming exclusive. She was game, but he needed a little more time. 'I'm ready,' he said, in December as they stopped under the lights while at New York Botanical Garden's holiday train night. 'Let's make this a thing.' He joined her for her parents' Christmas party at their Upper West Side brownstone, where she grew up. They then spent two weeks apart preparing for the holidays and while he visited his family in Boston, where he grew up. He then quarantined another two weeks with Covid in Astoria. She made two trips there to drop off Covid tests, but became miffed when he barely acknowledged her. To apologize, he sent her a dozen roses, and an electric blanket — she's always cold at bedtime. 'He is so clever, so brilliant, so thoughtful,' she recalled thinking, and they began dating seriously. In March she joined him and friends on a trip to Walt Disney World Resort in Florida, and on the flight home they sketched out ideas to re-create the Haunted Mansion. 'It was ridiculous, impractical, and entirely us,' she said. 'That's when we knew,' he said. In summer 2022, they dressed up for their first 1920s jazz age lawn party on Governors Island — she in a purple drop waist dress; he in pinstriped pants, suspenders and arm garters. Later that year, Ms. Niles joined Mr. Hanifin and his Renaissance Faire pals as medieval nomads and for Comic-Con he updated his Daft Punk costume and she went as Ginny Weasley from 'Harry Potter' in a Quidditch outfit. 'We were trying to fit our hobbies into one apartment,' he said, as he moved into hers in January 2023. 'Plus we rented a storage locker in the basement.' That October, during their second annual trip to Sleepy Hollow, he proposed. 'It feels amazing to get proposed to,' she said, and then proposed to him in December. 'It's not as much about feminism, but equality.' On Feb. 1, Kelty Niles, the bride's sister, who received a one-day marriage officiant license from the Office of the City Clerk of New York, officiated before 192 guests at the University Club in Manhattan. Ms. Niles wore a white Duchess satin gown she made based on a 1950s Vogue pattern. Mr. Hanifin gave a nod to his Scottish roots in a MacNeil tartan kilt, and changed into a tuxedo for the reception, where the couple glided across the floor in a choreographed first dance with lifts and twirls to Elton John's 'Your Song.' 'We're already planning for our next Jazz Age lawn party,' she said.
