Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
Resouce Banner

Resources

How to Leverage the SLCGP Grant Program to Provide Dark Web Solutions

By Patrick Mullan on Nov 4, 2024 11:28:22 AM

As the digital landscape grows more complex, the threats facing state and local governments have multiplied. Traditional cybersecurity measures alone may not be sufficient to protect sensitive information from a broad array of cyber threats. To help manage these risks, the U.S. Department of Homeland Security (DHS) has allocated nearly $280 million through the Fiscal Year 2024 State and Local Cybersecurity Grant Program (SLCGP). This funding is designed to empower states and territories to bolster their cybersecurity programs, equipping them to identify vulnerabilities, detect emerging threats, and respond more effectively to incidents.

Several of our State and Local government customers have leveraged the SLCGP program to implement a digital risk program to protect their and their constituent's infrastructure. One State surveyed its municipal partners and found that the majority were looking for dark web visibility and digital risk support.

Digital Risk Protection provides state cybersecurity teams with deeper insights into external threats by monitoring illicit online spaces where threat actors often exchange or sell stolen data, discuss vulnerabilities, and share tactics.

Topics: Insider Blog dark web digital risk

Utilizing AI to Improve Table Top Exercise Outcomes

By Kurtis Minder on Oct 10, 2024 1:38:14 PM

Tabletop exercises (TTXs) are an essential tool in building an organization’s resilience to cyber threats, providing a controlled environment to simulate potential incidents. These exercises allow teams to test their responses, evaluate procedures, and identify gaps in their crisis management plans. However, simply going through the motions isn’t enough to ensure preparedness—effective TTXs must strike a balance between realism, adaptability, and learning outcomes.

In one of my recent TTX sessions, I introduced a new dynamic by priming AI to provide real-time injects, adding a level of unpredictability and immersion to the exercise. The result was a more engaging and challenging experience for the participants, ultimately improving their response planning. In this blog, I’ll discuss the elements that make a TTX effective and highlight the benefits of using AI for injects in real-time scenarios.

Topics: Insider Blog Case Study Ransomware

HUMINT: A Critical Component of Digital Risk

By Editorial Team on Sep 12, 2024 6:24:08 PM

Automation is a key tool in defending organizations from digital threats, but it has its limitations. Even with advanced technology, up to 80% of security alerts can still be false positives. This is where Human Intelligence (HUMINT) becomes essential in Digital Risk Protection Services (DRPS). HUMINT provides the context and insight that automated systems often miss, turning raw data into actionable intelligence. By combining automation with human expertise, DRPS can more effectively respond to current threats and stay ahead of evolving risks, creating a balanced and proactive approach to digital security.

Topics: Insider Blog

Kurtis Minder to Keynote 2024 Western Colorado Economic Summit

By Editorial Team on Mar 28, 2024 12:01:34 PM

GroupSense CEO Kurtis Minder is thrilled to be keynoting this year's Western Colorado Economic Summit. The event will take place on Tuesday, April 16th at Colorado Mesa University. You can view the full agenda and register here.

Topics: Webinar Events

GroupSense Awarded Patent for Systems & Methods for Detecting and Remedying Theft of Data

By Editorial Team on Mar 27, 2024 9:00:00 AM

Removing stolen data at the source reduces the risk of data being used to harm an organization.

Topics: Press Releases

The Clowns and Fools Behind Ransomware Attacks

By Editorial Team on Mar 11, 2024 9:39:56 AM

Cybersecurity professionals have been keeping a close eye on the shake-ups in ransomware over the past few weeks. While many ransomware victims believe they are dealing with highly sophisticated threat actors, these cyber criminals are often one argument away from collapse. CEO Kurtis Minder was featured in the Axios Codebook Newsletter last week discussing the ongoing ransomware attack carried out by ALPHV on healthcare giant Change Healthcare. Learn more from the excerpt below or read the full article here.

Topics: News Ransomware

UnitedHealth Hack Could Take Months for Full Recovery

By Editorial Team on Mar 8, 2024 12:15:17 PM

Healthcare giant UnitedHealth could take months to get their data back after being attacked by ransomware gang ALPHV. With such a large amount of data, it can be very difficult to get decryption keys working—especially if you're dealing with a tough threat actor group. CEO Kurtis Minder was featured in Reuters speaking on GroupSense's experience negotiating with ALPHV in the past. Check out the excerpt below or view the full article here

Topics: News Ransomware

ALPHV Goes Dark After Ransomware Attack

By Editorial Team on Mar 7, 2024 9:24:32 AM

Ransomware gang ALPHV, also known as BlackCat, went dark after attacking Change Healthcare with ransomware. They asked for a $22 million payment from the healthcare organization, and then posted a seemingly fake FBI seizure notification on their website. Fishy, right? GroupSense CEO Kurtis Minder was featured in an article on CyberScoop talking about the high ransom and its impact on organizations trying to get operational after an attack. Check out the excerpt below or read the full article here.

Topics: News Ransomware

LockBit Re-Emerges After Take Down

By Editorial Team on Feb 28, 2024 9:43:35 AM

Just one week after the takedown of the LockBit ransomware group, it appears their servers are back online. While law enforcement seized their shame site, they appear to have missed LockBit's backup servers, allowing the group to be operational quickly. GroupSense CEO was featured in DarkReading to speak on the group's leader. Read the excerpt below or get the full article here.

Topics: News Ransomware

Law Enforcement Targets LockBit After Take Down

By Editorial Team on Feb 28, 2024 9:17:08 AM

Law enforcement's seizure of the LockBit ransomware site caused quite the stir last week. In the aftermath of the news, ransomware experts like GroupSense's Kurtis Minder and Analyst1's Jon DiMaggio think that law enforcement is intentionally baiting the leader of the ransomware group to incriminate himself. The experts were quoted in CyberScoop speaking on the tactic. Check out the excerpt or read the full article here.

Topics: News

Protecting Pharmaceutial IP

By Editorial Team on Feb 27, 2024 9:30:08 AM

Pharmaceutical intellectual property (IP) is highly sought after by threat actors and cyber criminals. How can pharmaceutical companies protect their most valuable asset? GroupSense's Taylor Banks was featured in Pharma Manufacturing speaking on how we have protected pharma IP for our clients and how other organizations can approach cyber protection. Read the excerpt below or jump to the full article here.

Topics: News

AI in the Election Cycle

By Editorial Team on Feb 27, 2024 9:04:10 AM

GroupSense's own Taylor Banks was featured in SC Magazine recently speaking on how AI will be used in the upcoming election cycle. Throughout the byline, Taylor discusses how threat actors will use AI to spread mis- and disinformation as well as how people are still key to detecting AI. Check out the excerpt below, and read the full article here.

Topics: News

Safeguarding SLED: Unveiling Dark Web Fraud Threats

By Editorial Team on Feb 21, 2024 1:47:34 PM

According to a report by the Identity Theft Resource Center, the government and education sectors accounted for 12.3% of all reported data breaches in 2020. Increased connectivity has benefitted state and local government and education (SLED) since its inception, increasing efficiency, information sharing, and more. As the internet has developed and threat actors become more savvy, it has introduced more risk to state and local organizations. The dark web, also known as the hidden internet, is a part of the internet that is not indexed by traditional search engines. It is estimated that the dark web is 500 times larger than the surface web, making it a haven for illegal activities such as fraud and cyber crime.

Topics: Whitepapers

K-State Suffers Cyber Breach

By Editorial Team on Jan 19, 2024 9:59:22 AM

Kansas State University suffered a cybersecurity breach this week. School officials are investigating the incident. GroupSense CEO Kurtis Minder provided commentary to The Mercury on the incident, lending his expertise on the results of most cyber incidents. Check out the excerpt below or read the full article here.

Topics: News

Election Day: Proactive Monitoring for Cyber Threats

By Editorial Team on Jan 17, 2024 3:05:21 PM

With increasing reliance on technology in the electoral process, the threat of cyberattacks and digital interference looms large. This blog post aims to shed light on the urgency of election cybersecurity, exploring the common cyber threats faced by election officials and voters alike on Election Day. By understanding these risks and implementing proactive threat monitoring measures, we can safeguard the integrity of our elections and maintain public confidence in the democratic process. Additionally, we will discuss important post-election security measures and strategies to promote public trust in the electoral system.

Topics: Blog Elections

The Rise of Dual Ransomware Attacks

By Editorial Team on Jan 12, 2024 10:23:42 AM

In the ever-evolving landscape of cyber threats, a new type of attack has emerged: dual ransomware attacks. This malevolent technique involves cyber criminals launching not one, but two ransomware attacks on a single target. The first attack serves as a distraction, often relatively easy to detect, while the second attack remains hidden and wreaks havoc behind the scenes. This double-edged approach presents a significant challenge to organizations, as it requires them to not only identify and respond to the initial ransomware attack but also uncover the covert second attack. The rise of dual ransomware attacks highlights the need for organizations to bolster their cybersecurity defenses and adopt a multi-layered approach to protect against sophisticated and relentless threats.

Topics: News Ransomware

Cybersecurity Lessons from Past Election Interference

By Editorial Team on Jan 12, 2024 9:46:02 AM

The integrity of elections is under constant threat from sophisticated cyber attacks. Foreign adversaries, criminal groups, and even individuals with malicious intent can launch cyber attacks to manipulate election results, undermine public trust in the democratic process, and sow discord within society. It is crucial for governments, election officials, and technology companies to take proactive measures to safeguard democratic processes and protect critical election infrastructure from cyber threats. This article explores the persistent threat of election interference, the role of foreign adversaries in such attacks, and the importance of cybersecurity collaboration, information sharing, and citizen education in mitigating these risks. By learning from past instances of election interference, we can strengthen our defenses and ensure the integrity of our democratic institutions.

Topics: Blog Elections

Unveiling the Dark Web Threat: Safeguarding State and Local Governments Against Fraud

By Editorial Team on Jan 9, 2024 2:36:10 PM

The dark web, a hidden corner of the internet, poses a significant threat to state and local governments, making them vulnerable to a wide range of fraud schemes. This article aims to shed light on the dark web's potential to facilitate fraud, the vulnerabilities in government systems that can be exploited, and the importance of proactive cybersecurity measures. We will explore real-world case studies to illustrate the impact of dark web fraud on government entities and present successful strategies for prevention, drawing from the experiences of government agencies that have effectively thwarted dark web fraud attempts.

Topics: Blog

Combating Disinformation in the Election Cycle

By Editorial Team on Jan 4, 2024 2:05:22 PM

With the rise of social media and the rapid spread of information online, disinformation has become a serious threat to the integrity of elections. Disinformation campaigns can manipulate public opinion, undermine trust in democratic institutions, and even influence the outcome of elections. In the upcoming election cycle, it is more important than ever to be aware of the dangers of disinformation and to take steps to protect yourself from it. This blog post will provide you with the information you need to spot disinformation, combat it, and protect yourself from its harmful effects.

Topics: Blog Elections

Cybersecurity: The Key to Preserving Election Integrity

By Editorial Team on Dec 21, 2023 11:49:58 AM

In the digital age, elections are increasingly vulnerable to cyber attacks. As technology becomes more sophisticated, so do the methods used to compromise it. Safeguarding the integrity of elections is a complex task, but one that is essential to preserving democracy. This article will explore the importance of cybersecurity in election integrity, common cybersecurity vulnerabilities in elections, best practices for securing election systems, the role of international cooperation in election cybersecurity, and the future of election cybersecurity.

Topics: Blog Elections

Securing the Last Mile: Cybersecurity Considerations for Year-End Deliveries

By Editorial Team on Dec 20, 2023 1:21:53 PM

During the holiday season, e-commerce businesses are preparing for a surge in deliveries. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities in the last-mile delivery process. This blog post will explore the cybersecurity risks associated with last-mile deliveries and provide best practices for securing sensitive information during transit. We will also discuss emerging technologies that are helping to improve last-mile cybersecurity and provide recommendations for businesses to enhance their security measures.

Topics: Blog

Misinformation vs Disinformation: What's the Difference?

By Editorial Team on Dec 15, 2023 9:52:54 AM

The spread of false information is a major concern throughout the media. Misinformation and disinformation are two terms that are often used interchangeably, but they have distinct differences. Understanding these differences is crucial for individuals, media outlets, and policymakers alike. In this article, we will explore the disparities between misinformation and disinformation and delve into their impact on election security. We will also assess the role of social media in perpetuating these issues and discuss strategies for combatting misinformation and disinformation in the election cycle.

Topics: Blog Elections

5 Cybersecurity Issues Your Board Cares About at Year-End

By Editorial Team on Dec 13, 2023 1:53:00 PM

As the year-end approaches, the shipping and logistics industry faces a unique set of challenges. Cybersecurity and physical security are two of the most important issues that boards of directors must consider. In this blog post, we'll discuss five key cybersecurity issues your board should be aware of, how proactive monitoring can help prevent cyber issues, and how to build a reporting structure to keep the board informed. Read on to learn more about how to protect your business from potential cyber threats.

Topics: Blog

Securing Your Supply Chain: Year-End Shipping Considerations for CISOs

By Editorial Team on Dec 5, 2023 3:43:46 PM

As we approach the end of the year, CISOs need to secure their supply chain. With the seasonal demand comes an increased risk of malicious actors attempting to exploit vulnerabilities in the supply chain. In this article, we will discuss the security challenges associated with year-end shipping and provide a comprehensive guide on addressing potential cybersecurity threats, building trust with supply chain cybersecurity, creating a secure year-end shipping plan, and preparing for the new year. By taking proactive steps to ensure your supply chain’s security, you can protect your clients and business from data breaches and other malicious threats.

Topics: Blog

Uncovering the Unknown: Cyber Risks in the Year-End Shipping Process

By Editorial Team on Nov 30, 2023 9:34:56 AM

As businesses prepare for the year-end shipping process, it is essential to consider potential cyber risks that could compromise your data and disrupt operations. To protect your business from these threats, you need to understand the challenges associated with peak season shipping and invest in digital risk protection services. This blog post will outline the potential cyber threats that may arise during the year-end shipping process, as well as solutions available to mitigate these risks. With the right security measures in place, businesses can ensure their year-end goals are achieved safely and securely. Find out how to identify cyber threats before they damage your business – and whether Digital Risk Protection Services is right for your organization.

Topics: Blog

Securing Election Infrastructure: An Election Security Checklist

By Editorial Team on Nov 20, 2023 9:20:00 AM

In recent years, the security of election infrastructure has become a paramount concern. With the rise of cyber threats and the potential for interference, it is crucial to examine and strengthen the critical systems that underpin our democratic process. This article will delve into the various aspects of election infrastructure security and provide a comprehensive checklist for ensuring that our elections remain secure and free from external manipulation.

Topics: Blog Elections

Securing Voter Data

By Editorial Team on Nov 14, 2023 1:37:17 PM

In recent years, the increasing integration of technology in our democratic processes has opened up new opportunities for citizens to engage in the elections and make their voices heard. However, this digital transformation has also brought certain risks and vulnerabilities, particularly when it comes to securing voter data. Cyber attacks targeting voter information are a serious concern and can have far-reaching consequences. In this article, we will explore how voter data is vulnerable to cyber attacks and how it can be exploited. We will also delve into successful data protection strategies, recommendations for improving data security, and the challenges involved in ensuring voter data protection.

Topics: Blog Elections

Kurtis Minder Featured in One Big Thing

By Editorial Team on Nov 7, 2023 1:43:13 PM

GroupSense CEO Kurtis Minder was featured in the Tuesday, November 7 issue of the Axios Codebook Newsletter. The "1 big thing" section is focused on the government's statement on not paying ransoms. Check out the excerpt below, and check out the full newsletter here.


Driving the news: A group of 48 governments, as well as the European Union and Interpol, signed a pledge last week to not pay hackers if their systems are hit with a ransomware attack.

  • The commitment, which was made as part of last week's U.S.-led Counter Ransomware Initiative meeting, also strongly discouraged "anyone from paying a ransomware demand," including private sector organizations and organizations responsible for critical infrastructure.

The intrigue: In some cases, the larger ransomware volumes are working to victims' advantage, Minder said.

  • In a handful of cases, Minder said, he's seen some ransomware gangs target so many companies that they forget who they're extorting and never return to negotiations over a payment and never leak the data they stole.

Yes, but: Without some larger enforcement mechanism or incentive program, banning ransom payments across the private sector is never going to work, Minder said.

  • "Even if you made this illegal, the ransom would still be made," he said. "They just would be largely swept under the rug, or underground. It wouldn't achieve your goal."
Topics: News Blog Ransomware

The Growing Threat: Understanding Election Cybersecurity Risks

By Editorial Team on Oct 27, 2023 10:02:25 AM

Elections are a fundamental pillar of our democracy, ensuring that the voice of the people is heard and counted. However, in today's digital age, the integrity of elections can be compromised by cyber threats. Understanding and addressing election cybersecurity risks is crucial in safeguarding the democratic process. In this article, we will explore the evolving threats to election security, examine historical examples of election-related cyber attacks, underscore the importance of proactive cybersecurity measures, and assess the potential impact of election hacking.

  1. Overview of election threats
  2. Recent election-related attacks
  3. Proactive cybersecurity measures
  4. Potential impacts
  5. Conclusion
Topics: Blog Elections

Kurtis Minder on Ransomware Anonymity

By Editorial Team on Oct 17, 2023 9:19:48 AM

Ransomware threat actors have followed certain plans of action since the beginning of ransomware attacks, including declaring their identity in ransom notes. But recently, GroupSense ransomware negotiators noticed an interesting trend: threat actors are becoming anonymous. In his most recent byline, GroupSense CEO Kurtis Minder was featured in BetaNews discussing the new development in ransomware. See below for a snippet of the article. 

Topics: News

Why Cyber Attacks on SMBs Are a National Security Concern

By Kurtis Minder on Oct 1, 2023 11:30:00 AM

From the Dry Cleaner to the Defense Industrial Base

By Kurtis Minder, CEO, GroupSense

Topics: Blog

Threat Data Feeds and Threat Intelligence Are Not the Same Thing

By Editorial Team on Sep 27, 2023 3:15:12 PM

Staying ahead of threats is crucial, and to do that, organizations often turn to two key sources of information: threat data feeds and threat intelligence. But here's the thing: they're not the same thing. In an insightful article by Kurtis Minder, GroupSense CEO, he delves into the differences between these two sources and why understanding their distinctions is vital for effective threat management.

Topics: News

How Threat Actors Steal Pharmaceutical Intellectual Property

By Editorial Team on Sep 27, 2023 9:00:00 AM

Intellectual property theft is a serious problem, especially within the pharmaceutical industry. From cyberattacks to supply chain thefts, there are many ways that malicious actors can attempt to steal valuable intellectual property from pharmaceutical companies. In this article, we'll outline the different attack vectors used by threat actors to target pharma companies and discuss how organizations can protect themselves from these threats. We'll also provide practical advice on how to mitigate the risk of IP theft and safeguard your organization's valuable assets.

Topics: Blog

How Pharma Organizations Can Combat Third Party Cyber Attacks

By Editorial Team on Sep 20, 2023 9:00:00 AM

The digital age has enabled pharma organizations to open up new opportunities and make processes more efficient. However, it’s also increased the risk of third-party cyber attacks, which can have serious impacts on data security and organizational systems. In this article, we explore the various types of third party cyber attacks that pharma organizations face, the potential implications of a successful attack, and how organizations can take steps to identify and mitigate such risks. We will look at engaging a digital risk protection provider, conducting regular assessments of third-party vendors, implementing security protocols, and creating a culture of vigilance within pharma organizations. With these strategies in hand, pharma organizations can protect themselves from cyber threats posed by malicious third parties.

Topics: Blog

Kurtis Minder Keynotes LogicON

By Editorial Team on Sep 19, 2023 1:24:43 PM

GroupSense is excited to announce that our co-founder and CEO Kurtis Minder will be the keynote speaker of LogicON this year. Our partners at Logically will hold their first annual event focused on cybersecurity.

Topics: Events

Understanding the Killchain: A Comprehensive Guide

By Editorial Team on Sep 13, 2023 12:23:24 PM

In today's highly connected world, cybersecurity has become a critical concern for individuals, businesses, and governments alike. With cyber threats constantly evolving and becoming more sophisticated, it is essential to understand the strategies and processes employed by attackers. One such concept that has gained prominence is the Killchain. In this comprehensive guide, we will explore the various stages of the Killchain, its real-world examples, and how to detect and disrupt it.

Topics: Blog

Combating Insider Threat in the Pharmaceutical Industry

By Editorial Team on Sep 13, 2023 9:00:00 AM

The pharmaceutical industry holds an immense amount of sensitive information, making it a prime target for malicious insider threats. From confidential company data to proprietary drug formulas, the potential losses from such a breach can be catastrophic. In order to protect against this risk, pharma companies must understand the potential risks posed by insiders, know how to identify and mitigate these threats, and develop best practices for prevention. This article will provide an overview of all these topics, as well as discuss the tools available to combat insider threat in the pharmaceutical industry and address any challenges that may arise. By understanding the risks posed by insider threats and taking proactive steps to protect against them, pharma companies can ensure their data remains safe.

Topics: Blog

GroupSense Makes Security Intelligence Available to Service Providers

By Editorial Team on Sep 12, 2023 9:00:00 AM

Company’s Tracelight Fuse subscription service gives MSPs and MSSPs powerful security intelligence for their customers to provide advanced cybersecurity services to the midmarket

Topics: News Press Releases

GroupSense Report: Cybersecurity Threats to the Pharmaceutical Industry

By Editorial Team on Sep 8, 2023 12:40:36 PM

Cyber criminals are looking for ways to steal pharmaceutical intellectual property. Third party cyber risk and insider threat are two ways that threat actors can infiltrate pharma companies to cause damage. In our report, you will:

Topics: Whitepapers

The Pharmaceutical Cybersecurity Landscape

By Editorial Team on Sep 6, 2023 9:00:00 AM

The pharmaceutical industry is a major target for cyber criminals due to the large amount of sensitive data that must be kept secure and confidential. With the rapid advancement in technology, the threats posed by these malicious actors have only increased. Companies in this sector must take proactive measures to protect themselves from cyberattacks, and it all starts with having a comprehensive security strategy. In this article, we’ll discuss the current state of cybersecurity in the pharmaceutical industry, common threats these companies face, and best practices for strengthening their cybersecurity. Ultimately, businesses should enlist the help of a third-party security partner to ensure their data remains secure. Download the Pharma Threat Brief today for mitigation strategies.

Topics: Blog

Safeguarding Your Company’s Data: The Importance of  Risk Management

By Editorial Team on Aug 17, 2023 9:00:00 AM

The digital era is upon us, and we find ourselves living in a world that's driven by technology. From social media to online stores, everything is accessible with just a click. Companies are no exception, and most organizations have already transitioned to digital platforms to streamline their operations. 

Topics: Blog

What Is Spoofing and How Can You Protect Yourself?

By Editorial Team on Aug 15, 2023 9:00:00 AM

Spoofing is a deceptive practice used by cybercriminals to trick individuals and organizations into believing that their messages or actions are coming from a trusted source. In this article, we will explore the concept of spoofing, its different types, and the potential consequences it can have on individuals and businesses. We will also provide tips and strategies to help you protect yourself from falling victim to spoofing attempts.

Topics: Blog

Understanding Business Email Compromise

By Editorial Team on Aug 10, 2023 11:41:33 AM

What You Need to Know

Email is an essential communication tool for businesses, allowing us to connect with colleagues, clients, and vendors across the globe. However, with this convenience comes the risk of cyber threats, one of the most prevalent being Business Email Compromise (BEC). In this article, we will explore what BEC is, its impact on businesses, how it works, and how to recognize and prevent it.

Topics: Blog

What is Phishing and How to Protect Yourself From It

By Editorial Team on Aug 9, 2023 9:00:00 AM

Phishing is a cybercrime technique that is used to deceive individuals into providing sensitive information, such as passwords, credit card numbers, or social security numbers, by impersonating a trustworthy entity. This article aims to provide a comprehensive understanding of phishing, how it works, its impact, and most importantly, how to protect yourself from falling victim to these attacks. By familiarizing yourself with the various aspects of phishing and implementing the suggested security measures, you can significantly reduce the risk of becoming a victim.

Topics: Blog

Kurtis Minder on Cyber Insurance

By Editorial Team on Aug 1, 2023 9:26:39 AM

Contrary to popular belief, a new report out of the UK shows that cyber insurers don't drive up the cost of ransom payments. The report by RUSI states that cyber insurance is not fueling the ransomware epidemic or instilling any ransom discipline. 

Topics: News Ransomware

How to Respond to Ransomware Attacks

By Editorial Team on Aug 1, 2023 9:00:00 AM

Ransomware attacks have become increasingly prevalent in today's digital landscape. These malicious attacks can have devastating consequences for individuals and organizations alike. In this article, we will explore the various aspects of ransomware attacks and provide valuable insights on how to effectively respond in the event of an attack.

Topics: Blog

Understanding the Difference Between a Security Incident and an Event

By Editorial Team on Jul 31, 2023 9:00:00 AM

In the world of risk management, it is crucial to understand the distinction between an incident and an event. While these terms are often used interchangeably, they have distinct meanings and implications. By differentiating between incidents and events, organizations can better respond to and mitigate risks.

Topics: Blog

Exploring the Deep Web

By Editorial Team on Jul 27, 2023 9:00:00 AM

A Comprehensive Guide

The internet is a vast and ever-expanding network of information. While most of us are familiar with the surface web, which includes popular search engines, social media platforms, and websites accessible through traditional means, there is another realm beneath the surface waiting to be explored. This hidden part of the internet is known as the deep web. In this comprehensive guide, we will take a closer look at the deep web, its architecture, why cybersecurity researchers use it, and how to navigate its unique landscape.

Topics: Blog

Understanding Traffic Light Protocol

By Editorial Team on Jul 26, 2023 9:46:00 AM

Traffic Light Protocol (TLP) is a standardized framework that classifies and protects sensitive information. It is widely used in various domains, including cybersecurity, intelligence agencies, and law enforcement. By using color codes, the TLP ensures that information is shared appropriately and securely among organizations and individuals.

Topics: Blog

How to Start an Intelligence Team

By Editorial Team on Jul 24, 2023 9:00:00 AM

A Step-by-Step Guide

Intelligence teams play a crucial role in organizations by gathering and analyzing information to provide valuable insights and support decision-making. Whether you are starting a new intelligence team from scratch or revamping an existing one, this step-by-step guide will help you navigate the process effectively.

Topics: Blog

Best Practices for Effective Incident Response

By Editorial Team on Jul 20, 2023 9:00:00 AM

In today's digital landscape, incidents and security breaches are a common occurrence. Organizations are facing the pressing need to implement effective incident response practices to mitigate potential risks and ensure operational continuity. This article explores the best practices for effective incident response, helping businesses understand the importance of incident response and outlining the key elements of an incident response plan. Additionally, we delve into some best practices to adopt and examine a real-life case study highlighting the successful implementation of incident response strategies.

Topics: Blog

Exploring the Dark Web

By Editorial Team on Jul 19, 2023 9:00:00 AM

What You Need to Know

The Dark Web is often shrouded in mystery and intrigue, but understanding its concept and infrastructure is essential for anyone in the cybersecurity industry. In this article, we will delve deep into the world of the dark web, discussing its definition, its differences from the deep web, and the underlying technology that makes it work.

Topics: Blog

Considerations for Choosing a Managed Attack Surface Monitoring Service Provider

By Editorial Team on Jul 17, 2023 9:00:00 AM

In today's increasingly digital world, organizations face a growing number of online threats that can compromise their data, reputation, and customer trust. To mitigate these risks, many businesses are turning to managed attack surface monitoring services. But with so many service providers to choose from, how do you find the right one for your organization? In this article, we will explore the key considerations you should keep in mind when selecting a managed attack surface monitoring service provider.

Topics: Blog

Key Benefits of Managed Attack Surface Monitoring

By Editorial Team on Jul 13, 2023 1:20:58 PM

Managed Attack Surface Monitoring is an essential component of any robust cybersecurity strategy. By continuously monitoring and assessing the attack surface, businesses can effectively detect and mitigate threats, enhance their security posture, and ultimately safeguard their digital assets. In this article, we will explore the key benefits of implementing a managed attack surface monitoring solution, the need for such services in today's rapidly evolving threat landscape, and provide some insightful case studies to highlight the success stories of organizations that have embraced this approach. We will also discuss factors to consider when selecting a managed attack surface monitoring service and highlight some of the top providers in the market.

Topics: Blog

The SANS Summit Recap

By Editorial Team on Jul 10, 2023 3:27:47 PM

Moving beyond encryption is a huge part of what GroupSense ransomware negotiators do during a ransomware incident. A successful negotiation has many complex elements. The trickiest part of ransomware incidents is usually threat actor engagement. 

GroupSense Director of Intelligence Operations Bryce Webster-Jacobsen and Senior Intelligence Analyst Sean Jones presented at this year's SANS Ransomware Summit. During their session, "Beyond Encryption: Exploring the Tactics Ransomware Operators use During Negotiations and their Impact," Bryce and Sean explore the specifics of what makes threat actor engagement so complex. 

Topics: Blog Ransomware

Buyer's Guide for Ransomware Negotiation Services

By Editorial Team on Jun 22, 2023 1:47:32 PM

Ransomware attacks have become increasingly common in today's digital landscape. The threat posed by these attacks can be severe, ranging from the loss of sensitive data to enormous financial burdens. It's essential to understand the importance of ransomware negotiation services and how they help organizations that have fallen victim to these attacks. This article presents a comprehensive buyer's guide for ransomware negotiation services to help you make informed decisions about these critical services.

Topics: Blog Ransomware

The All-New Ransomware Negotiation Guide

By Editorial Team on May 26, 2023 1:20:44 PM

GroupSense has been negotiating with threat actors on the underbelly of the internet for years, so we are uniquely suited to assist in ransomware negotiations. In this brand-new version of our Ransomware Negotiation Guide, we teamed up with our partners at Mindful Negotiating to bring you a step-by-step guide to ransomware response. 

Topics: Whitepapers

Maximizing Security with Managed Attack Surface Monitoring

By Editorial Team on May 26, 2023 10:01:02 AM

In today's digital world, organizations are constantly under threat of cyber attacks. With more advanced and sophisticated threats emerging every day, it is critical for businesses to stay ahead of the curve in terms of security measures. Managed Attack Surface Monitoring (MASM) is a security approach that is gaining significant popularity, as it promises enhanced visibility, control, and protection against cyber threats. This article will explore what managed attack surface monitoring is, its benefits, and best practices for implementing it to maximize security.

Topics: Blog

Data Feeds vs Threat Intelligence

By Editorial Team on May 12, 2023 12:25:12 PM

In the world of cybersecurity, data feeds and threat intelligence are two terms that are often used interchangeably but are actually quite different. Both are important tools for staying ahead of potential cyber attacks, but they have different strengths and use cases. In this article, we will explore the differences between the two, and help you to choose the right solution for your needs.

Topics: Blog

A Comprehensive Guide to Digital Forensics and Incident Response

By Editorial Team on May 8, 2023 4:18:52 PM

In the world of cybersecurity, digital forensics and incident response (DFIR) play a crucial role in identifying, investigating, and mitigating cyber threats. DFIR involves the collection, preservation, and analysis of digital evidence to uncover the source and extent of an attack. In this comprehensive guide, we’ll take a deep dive into the world of digital forensics and incident response and explore the key components of the DFIR process, incident response process, and the tools and techniques used by DFIR professionals.

Topics: Blog

Understanding Your External Attack Surface

By Editorial Team on May 8, 2023 4:02:41 PM

How to Identify and Mitigate Potential Threats

The threat landscape for organizations today is continually evolving, putting their data and assets at risk. To ensure the robustness of your organization's security posture, it's integral to have an in-depth understanding of your external attack surface. This article provides a comprehensive guide to help organizations identify potential threats and mitigate risks proactively.

Topics: Blog

Understanding the Intelligence Cycle: A Comprehensive Guide

By Editorial Team on May 8, 2023 10:44:52 AM

In today's world, the importance of intelligence cannot be overstated. The ability to gather and analyze information, and to use that information to make informed decisions, is critical in both private and public sectors. In government, intelligence is a key component of national security, and its value extends to all other areas of society. In this comprehensive guide, we will explore the intelligence cycle - its importance, phases, key components, and the critical role it plays in supporting decision-making, crisis management, and achieving national security objectives.

Topics: Blog

Beyond Encryption: 2023 SANS Ransomware Summit

By Editorial Team on May 5, 2023 12:41:23 PM

SANS Ransomware Summit | Friday, June 23 | Register

Beyond Encryption: Exploring the Tactics Ransomware Operators Use During Negotiation and Their Impact.
Presented by Bryce Webster-Jacobsen & Sean Jones
4:20 pm - 4:55 pm ET

 

Topics: Events

The Ultimate Guide to Cyber Threat Intelligence for Service Providers

By Editorial Team on May 3, 2023 9:41:01 AM

Dark Web Intelligence for Security Operations

As a cybersecurity service provider, you constantly battle the evolving threat landscape. Cyber criminals are always on the lookout for new ways to infiltrate your client’s systems, steal your data, and cause harm to your organization, impacting your bottom line.

Topics: Blog

Five Ideas That Can Make the National Cybersecurity Strategy Stronger

By Editorial Team on Apr 27, 2023 4:11:28 PM

Article originally posted on SC Media

Topics: News

Webinar: Ask Me Anything

By Editorial Team on Apr 18, 2023 9:26:59 AM

Are you concerned about the rise of ransomware attacks and the potential impact they could have on your organization? Do you feel like you're not prepared to handle a ransomware negotiation if one were to occur? If so, you won't want to miss the upcoming webinar presented by our partners at Zyston titled "Ransomware Negotiator: Ask Me Anything" on May 4 at 11am CST.

Topics: Webinar Events

Inside Cyber Criminal Organizations: Why Size Matters

By Editorial Team on Apr 17, 2023 9:29:59 AM

In a recent article published in SC Magazine, author Jon Gold explores why the size of a cyber criminal organization is a key factor in determining its success. Gold cites GroupSense CEO Kurtis Minder, who believes that the larger the organization, the more successful it will be due to its ability to specialize and delegate tasks.

Topics: News

Dark Web Monitoring Increases Cyber Resiliency

By Editorial Team on Apr 5, 2023 9:00:00 AM

Increasing cyber resiliency in critical infrastructure (CI) is a monumental challenge for many reasons. In past blogs and reports, we’ve covered some of the biggest cyber threats that CI organizations face and the implications of cyber attacks against CI, which can endanger our national security and emergency response, and put people in harm’s way. The recent national cybersecurity strategy released by the Biden administration places a strong emphasis on CI agencies, which has spurred directives from agencies like the TSA (Transportation Security Agency) to meet the strategic objectives.

Topics: Blog

Twitter Urges Court to Find Data Leaker

By Editorial Team on Mar 30, 2023 11:04:50 AM

Kurtis Minder, GroupSense CEO, was featured in a March 27 article by the Washington Post. The article reports that some of Twitter's source code has been leaked online by a user known as "FreeSpeechEnthusiast," according to a legal filing by Twitter that is seeking to identify the leaker.

Topics: News

The Role of Cyber Insurance Carriers in Incident Response

By Editorial Team on Mar 23, 2023 10:07:45 AM

GroupSense CEO Kurtis Minder was featured in TechTarget's article, "Cyber insurance carriers' expanding role in incident response." The article discusses the growing importance of cyber insurance carriers and notes that cyber insurance carriers are increasingly playing a more active role in helping their clients respond to cyber incidents. This includes providing access to incident response (IR) experts, as well as offering risk management advice and tools to help prevent future incidents.

Security Clearance Insecurity

By Editorial Team on Mar 20, 2023 9:45:57 AM

Ransomware attacks and other cybersecurity threats are hitting companies across the federal supply chain, leaving businesses and government agencies vulnerable to major data breaches and financial losses. In this episode of "Security Clearance Insecurity," host Lyndy Kyzer speaks with GroupSense CEO, Kurtis Minder, about the latest cyber threats and best practices for protecting against them.

Topics: Blog Ransomware Podcast

Panel: The Evolving Threat of Ransomware

By Editorial Team on Mar 16, 2023 9:00:00 AM

Join our partner NTT Data Services for their upcoming webinar panel, "The Evolving Threat of Ransomware," this March 29. GroupSense CEO Kurtis Minder will join industry experts to talk about the rapidly changing world of ransomware threats. The panelists will dissect modern ransomware attacks that jeopardize businesses across various sectors. Register here to save your spot.

Discover how a new generation of cybercriminals and their ransomware-as-a-service schemes are putting SME/SMBs in the crosshairs, launching the effectiveness and volume of ransomware to unprecedented heights. Learn how these cunning operators exploit the primal fears of data loss and exposure to create a sense of urgency, driving their victims to act impulsively.

Ransomware operators prey on the fear of data loss which sparks emotions that drive their targets to react right away. The fear of embarrassment and their sensitive data being exposed to the world increases the stakes of every ransomware attack.

Know the panelists:
Haroon Malik: Director – NTT Data
Kurtis Minder: CEO - GroupSense
Morgan Wright: Chief Security Advisor - SentinelOne
Brian Stockbrugger: Sr. Cloud Security Architect - Microsoft
Mike Landeck: Director of Security Services - NTT DATA Services
Salvatore Perlangeli: Heart of Threat Defense Practice - NTT DATA Italia

Topics: Webinar Events

One Big Thing

By Editorial Team on Mar 15, 2023 9:00:00 AM

GroupSense CEO Kurtis Minder was featured in the Tuesday, March 14 issue of the Axios Codebook Newsletter. The "1 big thing" section is focused on the increasing threat posed by ransomware gangs and their extreme blackmail tactics. These cyber criminals have been fine-tuning their strategies to maximize their profits and inflict more damage on their victims. Ransomware attacks involve the use of malware that encrypts a victim's files, making them inaccessible until a ransom is paid. The attackers typically demand payment in cryptocurrency, making it difficult to track the money and identify the criminals.

Ransomware gangs have evolved their tactics, not only encrypting victims' files but also stealing sensitive data before locking it down. This technique is called "double extortion," where the criminals threaten to publish or sell the data if the ransom is not paid. The gangs are also targeting larger organizations and demanding higher ransoms, with some demanding payments of up to $50 million.

The section also highlights Kurtis' contributions to the fight against ransomware. He has been a vocal advocate for proactive measures to prevent ransomware attacks, including monitoring networks for signs of an attack and training employees to recognize phishing and social engineering tactics commonly used by ransomware gangs. For many organizations, these measures can prevent cyber attacks and ransomware attacks.

Kurtis' expertise in ransomware has led him to create a "Ransomware Task Force" that includes experts from both the public and private sectors. The task force's goal is to develop a comprehensive strategy to combat ransomware, including prevention, response, and recovery measures. The task force has already published a report with recommendations for improving ransomware defenses, and Kurtis has been actively promoting these recommendations to policymakers and business leaders. Check out the full newsletter here.

Topics: News Blog Ransomware

New National Cybersecurity Strategy Forgets Small Businesses

By Editorial Team on Mar 14, 2023 9:00:00 AM

At first glance, Biden’s recently released National Cybersecurity Strategy appears comprehensive and forward-thinking. It focuses on a number of areas such as strengthening the Cybersecurity and Infrastructure Security Agency (CISA), developing new technologies to detect threats, and increasing international cooperation to fight transnational cybercrime. However, the strategic initiatives laid out in the document are not funded, and in many cases, are not possible without fundamental changes to organizations and their systems. In this blog, we will focus on strategic initiatives 1.4, 2.2, 2.3, and 3.3.

Protect Your Organization From Cyber Threats

By Editorial Team on Mar 3, 2023 10:13:27 AM

Cybercriminals are opportunistic by nature. Repeatable methods like ransomware and business email compromise (BEC) attacks are a quick and easy way for criminals to make money. Fortunately, there are steps your organization can take to prevent these attacks from happening that focus on simple, proactive methods of cybersecurity. Download our guide to get actionable advice today.

Topics: Whitepapers

BBC 4 You and Yours

By Editorial Team on Mar 1, 2023 11:19:53 AM

Last week, GroupSense CEO Kurtis Minder was featured on the BBC 4 news program You and Yours. The presenter, Winifred Robinson, spoke about the effect of the Royal Mail ransomware attack with UK citizens and discussed the severity of the attack with Kurtis.

Topics: News Blog Podcast

The Evolution of Pro-Russian Hacktivism in One Year of War Report

By Editorial Team on Feb 24, 2023 1:52:49 PM

The Russo-Ukrainian War: A Year in Review
One year after Russia's full-scale invasion of Ukraine, we are providing this report summarizing what we have learned while observing the cyber dynamics of this latest stage in the Russo-Ukrainian War.

While experts expected Russia to unleash its full arsenal of cyber capabilities, much of the publicly-known cyber activity associated with the war has come from hacktivist activity among ideologically-motivated actors who have taken the side of Russia or Ukraine. 

The report summarizes what we have learned in the past year, highlights the evolution of pro-Russian hacktivism as a significant factor in the cyber realm and provides recommendations for all organizations to consider as this conflict wages on. 

Topics: Whitepapers

Cybersecurity: Anyone Can Be Prey

By Editorial Team on Feb 7, 2023 9:00:00 AM

Cybersecurity isn't just for big business. Organizations of all sizes, shapes, and industries can fall prey to cyberattacks. CEO Kurtis Minder was featured on the "C-Suite Blueprint" podcast to talk about the evolution of cybersecurity since Kurtis entered the industry and the things that executives should take seriously when it comes to cybersecurity.

Topics: Blog Podcast

Schools Don't Pay, but Ransomware Attacks Still Increasing

By Editorial Team on Feb 2, 2023 9:00:00 AM

Ransomware gangs have increasingly focused their attacks on the K-12 education sector, even though most school districts do not pay the ransom. But how long will that last? GroupSense CEO Kurtis Minder was featured in a recent TechTarget article exploring the trend of ransomware attacks on education institutions. 

Topics: News Blog Ransomware

Is President Biden's Cybersecurity Strategy a Good Idea?

By Editorial Team on Feb 1, 2023 9:13:36 AM

This week, GroupSense CEO Kurtis Minder was featured in Help Net Security's video series. In the video, Kurtis reviews the proposed changes to the US national cybersecurity strategy. In the forthcoming strategy, President Biden recommends a more offensive cybersecurity posture, stating that the US will proactively attack threat actors. Kurtis believes that these changes, while "exciting", are not as effective as a defensive cybersecurity strategy. Watch the full video and check out the article here

Topics: Blog Video

GroupSense Launches New, Individualized VIP Monitoring Service

By Editorial Team on Jan 31, 2023 9:00:00 AM

Standalone Service Offering Enables Enterprises to Proactively Protect Executives, Aiming to Shrink Overall Attack Surfaces

ARLINGTON, Va. – January 31, 2023GroupSense, a digital risk protection services (DRPS) company, today announced an individualized VIP Monitoring service. The new service assesses and monitors high-profile individuals, executive identities, and their extended personal networks to detect exposure and threats, helping to proactively prevent identity theft, fraud, ransomware and other cyber-attacks.

Topics: Press Releases

How to Prevent Ransomware in Critical Infrastructure

By Editorial Team on Jan 26, 2023 9:00:00 AM

Ransomware attacks plagued 14 of the 16 critical infrastructure sectors over the last several years. Cyber criminals are well aware of the emergencies that are caused by a shutdown of critical infrastructure organizations, and they know ransoms will be paid to get operations up and running again. Ransomware attacks represent 28% of the attacks on critical infrastructure, and attacks are on the rise throughout the world in 2022. 

Topics: Blog

When Leaders Talk

By Editorial Team on Jan 25, 2023 9:00:00 AM

This week, GroupSense CEO Kurtis Minder was featured on the first episode of the "When Leaders Talk" podcast. The new podcast focuses on success stories, failures, and what is needed to be a good leader. Host Stefano Calvetti pulls on his years in the Italian navy to get down to what makes certain leaders impactful. 

Topics: Blog Podcast

The Ransomware Economy

By Editorial Team on Jan 18, 2023 9:00:00 AM

CEO Kurtis Minder was featured on an episode of the "Where Humanity Meets Technology," podcast with host Maurice Hamilton. During the episode, "The Ransomware Economy & Prevention," Kurtis and Maurice cover threat actor profiling, the ransomware economy, and mitigation strategies for organizations to employ. 

Topics: Blog Podcast

Killnet Increases Attacks on US Organizations

By Editorial Team on Dec 20, 2022 9:34:13 AM

Throughout the Russian invasion of Ukraine, the pro-Russian hacktivist group Killnet has captured the attention of cybersecurity experts. Killnet originally began as a DDoS botnet service. In January 2022, a threat actor posted an advertisement for the Killnet botnet in Duplikat, a dark web forum for carding, botnets, and other illegal activities. According to the ad, the botnet allowed users to direct traffic without the target’s knowledge. It also claimed that the botnet uses the latest WEB3 technology and that the data is stored throughout the Blockchain. Since January, the nationalist group has targeted pro-Ukrainian countries and organizations in a slew of attacks and experienced organizational shake-up after their leader left

Topics: Blog

Third-Party Attacks on Critical Infrastructure

By Editorial Team on Dec 15, 2022 9:27:18 AM

Third-party and supply chain attacks have plagued organizations for years, and the attacks keep on coming. These attacks happen when threat actors gain access to your organization’s systems through a third-party, such as a supplier or vendor. Just a few weeks ago, we saw a third-party cyber attack on LastPass that affected GoTo, a remote access and collaboration organization. As a security-focused organization, it may have surprised many that they were impacted, but third-party attacks don’t discriminate.

Topics: Blog

Inside the Mind of a Cyber Criminal

By Editorial Team on Dec 14, 2022 9:00:00 AM

Cyber criminals have a longstanding reputation of being loners who work out of their mom's basement with hoodies on, but cyber analysts know this isn't the case. Over the last decade, cyber experts have observed an uptick of cyber crime-as-a-service, in which criminals operate in larger, business-like crime units. But what if cyber criminals have a personality profile that organizations can look out for?

Topics: News Blog

GroupSense Recognized by Gartner® in 2022 Emerging Tech Impact Radar: Security Report

By Editorial Team on Dec 13, 2022 9:00:00 AM

Report Notes Digital Risk Protection Services Market is Driven by Increasing Need to Have Visibility Into External-facing Assets to Help Prioritize Mitigation and Remediation Efforts

ARLINGTON, Va. – December 13, 2022GroupSense, a digital risk protection services (DRPS) company, today announced that Gartner, a company that delivers actionable, objective insight to executives and their teams, has recognized the company as a Sample Vendor in the 2022 Emerging Tech Impact Radar: Security report. This specific report aims to track some of the more impactful emerging technologies and trends driving innovation in the security market, including DRPS. 

Topics: News Press Releases

Mitigating ICS and SCADA Vulnerabilities

By Editorial Team on Nov 30, 2022 9:10:12 AM

Our nation’s critical infrastructure is vital to our day-to-day lives. Encompassing 16 sectors, critical infrastructure spans transportation, manufacturing, utilities, and more. When we think of threats to infrastructure, natural disasters immediately come to mind, but cybersecurity incidents have the same potential for destruction, including interrupting manufacturing, supply chain availability, and other vital functions. Manufacturing currently contributes $2.7 trillion to the US economy, contributing heavily to GDP (gross domestic product), job growth, and more. Manufacturers are one of the main user groups of ICS (industrial control systems) and SCADA (supervisory control and data acquisition) technologies.

Topics: Blog

Cyber Experts Buckle Up for the Holidays

By Editorial Team on Nov 22, 2022 10:23:12 AM

The GroupSense team is preparing for the inevitable increase in attacks during the holiday season along with the threat actors perpetrating the attacks. This year, CEO Kurtis Minder spoke with Politico's John Sakellariadis about threat actors playing the Grinch in the Politico cybersecurity newsletter.

Topics: News Blog

GroupSense Announces Partnership with Colley Intelligence

By Editorial Team on Nov 17, 2022 9:00:00 AM

Partnership Expands the Reach of Digital Risk Protection and Intelligence Services to the Legal and Corporate Sectors

Topics: News Press Releases

Election Security in the Midterms

By Editorial Team on Nov 15, 2022 9:34:21 AM

During the midterm elections, national news was seemingly quiet about election interference from foreign powers, but that doesn’t mean there were no incidents. Election interference, especially the cyber variety, doesn’t always come on the day of the election. Whether counties or localities suffered DDoS attacks, wi-fi outages, or other cybersecurity attacks, it can all be chalked up to election interference. Here are a few of the incidents that GroupSense analysts were tracking during last Tuesday's election monitoring.

Topics: Blog Elections

Hacking Humans Podcast with Kurtis Minder

By Editorial Team on Nov 10, 2022 2:07:41 PM

GroupSense CEO and chief ransomware negotiator Kurtis Minder was featured on the Hacking Humans podcast. During the episode, Kurtis speaks with host Dan Bittner about how legislation leaves small businesses out of the discussion of ransomware response. 

Topics: Blog Video Podcast

Brick Church Men's Association Breakfast Series

By Editorial Team on Nov 7, 2022 2:25:52 PM

GroupSense CEO Kurtis Minder will be presenting to the Brick Church Men's Association in New York City this November 16 as part of their breakfast series. During the session, Kurtis will talk about preventing ransomware attacks and improving cybersecurity at the personal and organizational levels.

Topics: Events

GroupSense Report: Cybersecurity Threats to Critical Infrastructure

By Editorial Team on Nov 3, 2022 9:00:00 AM

With threats coming from APTs, state-sponsored actors, hacktivists, and cyber criminals, critical infrastructure organizations need to be prepared to defend their assets from all angles. In this report, GroupSense covers the top threats that critical infrastructure agencies are facing and recommended mitigations.


Topics: Whitepapers

Hitting the Moving Target

By Editorial Team on Nov 2, 2022 9:12:25 AM

On October 31, CEO Kurtis Minder was honored to present on the panel, "Hitting the Moving Target: cyber, data privacy and artificial intelligence (AI) compliance and governance," at this year's International Bar Association Annual Conference in Miami, FL. 

Topics: Blog Events

Just. Stop. Clicking.

By Editorial Team on Oct 25, 2022 9:16:38 AM

October has been a busy month for GroupSense. During three speaking opportunities including the Trellix Cybersecurity Summit, NVTC’s Capital Cyber Summit, and the Wisconsin Governor’s Cybersecurity Summit, Kurtis Minder has one important takeaway for employees of your organization: Just. Stop. Clicking. Just stop! 

Topics: Blog Events

GroupSense Report: The Cyber Warfare Report

By Editorial Team on Oct 20, 2022 9:00:00 AM

Modern warfare isn't just fought with boots on the ground. Throughout Russia's invasion of Ukraine, there have been volleys of cyber attacks designed to make each side weaker. As different countries declare allegiances, state agencies and other critical infrastructure organizations are in the crossfire. GroupSense analysts have spent the duration of the invasion closely monitoring the changing cyber landscape.

Topics: Whitepapers

GroupSense Delivers New Ransomware Negotiation Training Service

By Editorial Team on Oct 19, 2022 9:00:00 AM

Training Service Prepares Ransomware Response Team for Successful Threat Actor Engagement to Mitigate Damage, Protect Brand Reputation, Anticipate Emerging Threats and More

Topics: News Press Releases

Cybersecurity Tips from GroupSense Analysts

By Editorial Team on Oct 5, 2022 9:14:23 AM

This October, GroupSense is celebrating Cybersecurity Awareness Month (CSAM). As a CSAM champion, it’s our duty to pass on lessons learned and practical advice that will make you and your organization more secure. This year, Stay Safe Online, CISA, and CSAM champions are exploring four key behaviors: 

Topics: Blog

NVTC Capital Cybersecurity Summit

By Editorial Team on Oct 4, 2022 9:00:00 AM

GroupSense CEO Kurtis Minder is honored to participate in the panel, "Cyber Hacking: Stories from the Front Line," at the NVTC Capital Cybersecurity Summit on October 19th. The panel will explore assessing cyber risk and adequate defense measures to prevent malware, ransomware, and phishing through panelists' stories from the field. Kurtis will share the stage with experts from industry and Federal agencies. 

Topics: Events

IBA Annual Conference

By Editorial Team on Sep 29, 2022 3:55:48 PM

The International Bar Association (IBA) Annual Conference is the leading conference for legal professionals worldwide to meet, share knowledge, build contacts and develop business.

It serves to advance the development of international law and its role in business and society to provide members with world-class professional development opportunities to enable them to deliver outstanding legal services.

Topics: Webinar Events

Calling in the Ransomware Negotiator

By Editorial Team on Sep 27, 2022 10:12:47 AM

This week, GroupSense CEO Kurtis Minder was featured on the Lock and Code podcast. During his episode, "Calling in the Ransomware Negotiator," Kurtis and host David Ruiz discuss the intricacies of ransomware negotiation. "In his experience, Minder has also learned that the current debate over whether companies should pay the ransom has too few options. For a lot of small and medium-sized businesses, the question isn't an ideological one, but an existential one: Pay the ransom or go out of business."

Topics: Blog Podcast

EDR Misses 80% of Threats

By Editorial Team on Sep 22, 2022 9:08:02 AM

If you work in the cybersecurity field, you’ve seen an explosion of EDR (endpoint detection and response) tools in the last few years. There are EDR, MDR (managed detection and response), and XDR, (extended detection and response) tools everywhere, covering cyber threats in your network. That market expansion won’t be slowing down anytime soon— the global market size is expected to grow from $2.6 billion this year to $5.6 billion by 2027. 

Topics: Blog

GroupSense Significantly Expands its Partner Ecosystem

By Editorial Team on Sep 21, 2022 9:00:00 AM

Service Providers Including Abacode, BreachBits, Cynergistek, Palladium GmbH and ProVelocity Sign on to Integrate Digital Risk Protection Services into Their Customer Offerings Worldwide

Topics: News Press Releases

Local Elections Are Now More Hostile for Candidates

By Editorial Team on Sep 15, 2022 9:46:34 AM

Local elections are an essential part of our democratic process. Smaller offices typically have a much larger impact on constituents' day-to-day lives, but what happens when those candidates don't feel safe enough to run? Recently, Bloomberg City Lab wrote about the hostility directed at candidates in local elections rising over the last couple of years. GroupSense Director of Intelligence Operations, Bryce Webster-Jacobsen, was featured in the article, commenting on threats to candidates in cyber space.

Topics: News Blog

How Cyber Identity Fraud Impacts the Government

By Editorial Team on Sep 7, 2022 9:00:00 AM

When you think of security in a government agency, lots of images might come to mind: key card scanners, color-coded security clearances, and complex access management systems. If you’ve ever worked for a government agency or contractor, you probably recall the hours of training modules on security protocols. When it comes to controlling access to information, these agencies have things locked down, but much like third-party data breaches or security incidents, there are weak links in the system. 

Topics: Blog

What Recent Phishing Attacks Can Teach You About Suspicious Domains

By Editorial Team on Aug 18, 2022 9:34:31 AM

Over the past few months, threat actors carried out highly targeted SMS phishing attacks against Twilio, CloudFlare, and Cisco. With security or cybersecurity practices of their own, threat actors were particularly bold in carrying out these attacks, and they achieved varying levels of success. One thing that threat actors can count on, however, is that people will click on links no matter how much security training they go through— human error caused 82% of breaches in 2021.

Topics: Blog

Prevent a Ransomware Attack on Your Business

By Editorial Team on Aug 11, 2022 10:07:56 AM

GroupSense CEO Kurtis Minder was honored to present at the Metroport Chamber Membership Luncheon on August 10. The Metroport Chamber brings seven business communities together to connect and build lasting partnerships that strengthen the Texas business community. 

Topics: Blog Events

Small Businesses Often Left Hanging by Ransomware Scourge

By Editorial Team on Aug 4, 2022 1:51:15 PM

Ransomware is hitting small businesses hard. But most of the legislation, regulations, and headlines focus on large businesses. The math is simple -- large businesses impact many end-users, and they have lots of money to pay lobbyists, so they wind up stealing the show when it comes to ransomware. But what about the local print shop, deli, or accounting office? Even though small businesses are suffering from ransomware 70 percent more often than large businesses (according to the Cyber Edge 2022 Cyberthreat Report), government regulations haven’t changed to accommodate them.

Topics: News Blog

Helping Organizations Protect Themselves

By Editorial Team on Aug 4, 2022 10:03:41 AM

GroupSense COO Kelly Milan was featured on eChannelNews speaking on GroupSense's new MSP partnership program with Provelocity. In the video interview, Kelly and host Julian talk about the challenges that many organizations face when it comes to cybersecurity: looking beyond detection and response. With GroupSense's MSP program, organizations can cost-effectively monitor the cyber crime underground for risk. Because GroupSense operates outside of the firewall, our analysts can be on the same forums where cyber criminals conduct their business. This allows us to monitor for all of the things that a firewall can miss, and creates a more proactive cybersecurity posture.

Topics: Blog Video

Killnet Founder Leaves Hactivist Group

By Editorial Team on Jul 29, 2022 9:00:00 AM

Pro-Russian hacktivist group Killnet has kept very busy since Russia invaded Ukraine. After declaring war against organizations in Ukraine-allied countries, Killnet carried out attacks in Lithuania, Norway, and Italy, to name a few. These attacks have left many wondering if their organizations will be next.

During the week of July 18, GroupSense analysts noted an announcement from Killnet. The group claimed that they would attack Lockheed Martin, a US defense contractor, with a new cyber tool. This attack would be different than most others that Killnet carries out: they will not be using a DDoS (distributed denial of service) attack. GroupSense analysts believe that Killnet continue shifting away from DDoS attacks, and instead carry out hack-and-release attacks. GroupSense analysts provided screenshots and translations from hacking forums with evidence supporting the move from DDoS to hack-and-release.

On July 12, a Killnet affiliate group called Zarya Squad posted six files to Telegram they claim to have stolen from the State Archival Service of Ukraine.

Topics: News Blog

OpSec for Employee Travel

By Editorial Team on Jul 26, 2022 9:00:00 AM

Our last blog, “The OpSec Conversation You Haven’t Had,” highlighted the often-forgotten side of cybersecurity: operational security, or OpSec. The increase in remote work won’t stop anytime soon—research estimates that 36.2 million Americans will work from home by 2025. That’s an 87% increase from pre-pandemic levels. If your organization is starting to reevaluate its cybersecurity policies, a factor worth considering is the work-from-anywhere trend. Since employees can work from anywhere, they can protect your organization from anywhere. 

Topics: Blog

Malicious Life Podcast with Ransomware Negotiator Kurtis Minder

By Editorial Team on Jul 21, 2022 9:43:38 AM

GroupSense CEO and chief ransomware negotiator Kurtis Minder was featured on the Malicious Life podcast. During the episode, Kurtis speaks with host Ran Levi about the ransomware negotiation process and how GroupSense's negotiation practice was formed over the past several years. 

Topics: Blog Video Podcast

Kurtis Minder at Metroport Chamber

By Editorial Team on Jul 19, 2022 9:38:32 AM

GroupSense CEO Kurtis Minder is honored to present at the Metroport Chamber Membership Luncheon this August 10 in Texas. The Metroport Chamber brings seven business communities together to connect and build lasting partnerships that strengthen the Texas business community. 

Topics: Webinar Events

The OpSec Conversation You Haven't Had

By Editorial Team on Jul 13, 2022 9:00:00 AM

As a digital risk protection company, GroupSense finds information in all kinds of places it shouldn’t be. If data has a monetary value, cyber criminals will do everything in their power to attain and sell that information on the dark web. Most security professionals expect to find data on the dark web or cyber crime forums, but they forget about another avenue: the outside world. With employees working from home, at the coffee shop, and in between flights at the airport, it’s not so hard for threat actors to overhear your conversation with a colleague about an important deal or personnel issues. With each bit of information said aloud, a malicious actor gets one more piece of your organization’s puzzle.

Topics: Blog

GroupSense Announces New Managed Service Provider Partnership with Provelocity

By Editorial Team on Jul 12, 2022 12:58:10 PM

Partnership delivers enterprise-grade digital risk protection services to the mid-market


ARLINGTON, Va., July 12, 2022 /PRNewswire/ -- GroupSense, a digital risk protection company, today announced a new Managed Service Provider (MSP) partnership with Provelocity. The partnership will expand the reach of GroupSense's digital risk protection services, including ransomware readiness and response and recovery, to Provelocity's robust client base.

Topics: Press Releases

The Insider Threat Now Lives Outside the Office

By Editorial Team on Jul 6, 2022 3:50:53 PM

GroupSense CEO and Co-Founder Kurtis Minder was recently featured in SC Media with his article, "The Insider Threat Now Lives Outside the Office." In the article, Kurtis reviews the top ways that employees can help protect your organization's data. 

Topics: News Blog

Webinar: How to Protect Your Data-Operational Security in Remote Work

By Editorial Team on Jun 28, 2022 9:00:00 AM

The days of sitting in your cubicle and overhearing colleagues discuss the latest deals, investment rounds, or client information are long gone, but those conversations are still happening. As the workforce—including your employees—distributes into coffee shops, airports, and co-working spaces, how are you protecting your organization’s private information? 

Topics: Webinar Events

What You Need to Know About Ransomware

By Editorial Team on Jun 21, 2022 9:51:19 AM

As Americans, our civic duties include voting, sitting on juries, and paying taxes—but those aren't the only duties that promote American values. GroupSense CEO Kurtis Minder believes that cyber hygiene is your civic duty, too. Last weekend, Kurtis had the honor of presenting at TedX Grand Junction. During his talk, "What You Need to Know About Ransomware," Kurtis spoke about the actions we can all take to protect our nation and its critical infrastructure: small businesses.

Topics: News Blog Events

The Role of Cryptocurrency in Ransomware Negotiations &  Cybercrimes

By Editorial Team on Jun 17, 2022 9:00:00 AM

This week, Senior Threat Intelligence Analyst Samira Pakmehr and Director of Intelligence Operations Bryce Webster-Jacobsen presented their talk, "The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes," at the virtual SANS Ransomware Summit. Packed with a full day of sessions, attendees come away from the summit with deeper insight into today's ransomware landscape and its inner workings. 

Topics: Blog Events

The Allies and Enemies of Killnet

By Editorial Team on Jun 16, 2022 9:00:00 AM

Note: This content was updated on June 29 with updates on Killnet's activity in Lithuania. 

Impacts of the Russia-Ukraine conflict keep coming, and the Russian military isn’t the only actor fighting to defend their country against adversaries. Nationalist hacking groups are launching geopolitically charged cyber attacks against perceived adversaries, including the hacktivist group called Killnet. Their main focus in the past few weeks are nations providing support to Ukraine.

Topics: Blog

Combatting Ransomware in Critical Infrastructure

By Editorial Team on Jun 14, 2022 9:00:00 AM

GroupSense CEO Kurtis Minder presented at last week's Colorado Airport Operators Association (CAOA) Spring Conference in Grand Junction, CO. As part of our nation's critical infrastructure, the aviation industry is prone to ransomware and cyber attacks, just like utilities, state governments, and schools. Members of the CAOA have the opportunity to take action against ransomware in their industry by taking a few small steps.

Topics: Blog Events

RSAC 2022 In Review

By Editorial Team on Jun 10, 2022 9:15:00 AM

After a two-year hiatus, RSA Conference returned to the Moscone Center in San Francisco for another exciting week. GroupSense’s CEO, Kurtis Minder, and Director of Intelligence Operations, Bryce-Webster Jacobsen, presented their talk, “Dissecting the Ransomware Killchain: Why Companies Need It,” to a packed audience. Kurtis was also interviewed by Jax S. of Outpost Gray. 

Topics: Blog Video Events

How to Talk to Threat Actors

By Editorial Team on May 26, 2022 10:15:00 AM

When faced with ransomware, revenue loss and damage to your organization’s reputation aren’t the only things to worry about. To reach the best-case scenario after an attack, your ransomware response team must understand how to talk to threat actors. With the right people on the team, you’re already off to a good start.

Topics: Blog Ransomware Panel

Responding and Recovering from Ransomware

By Editorial Team on May 26, 2022 10:10:27 AM

Ransomware is one of the most dynamic, constantly changing forms of cryptocurrency-based crime. As of February 2022, we’ve identified just over $720 million worth of ransomware payments in 2021 and that number keeps growing. But what happens when a business encounters ransomware?

Topics: Blog Events

The Forgotten Art Project Podcast with Kurtis Minder

By Editorial Team on May 16, 2022 10:34:00 AM

GroupSense CEO Kurtis Minder was featured on Episode 14 of the Forgotten Art Project Podcast. During the episode, Kurtis and host David Weaver discuss Kurtis’s journey in entrepreneurship, how and why he got into the work he is doing, along with how GroupSense's company culture, values & leadership shaped who he is today.

Topics: Podcast

Building a Ransomware Response Bench

By Editorial Team on May 12, 2022 10:30:00 AM

Old misconceptions of lone hackers sitting in dark basements are long gone and are replaced by the new wave of cybercrime-as-a-service models marking a new era. With operations like many other businesses, ransomware and other cybercrime gangs have a business structure, “customer” support, and an org chart. How can organizations communicate effectively with the threat actors that are attacking their systems with ransomware? 

Topics: Blog Ransomware

Cyber Security Matters Podcast with Kurtis Minder

By Editorial Team on May 4, 2022 12:15:04 PM

This week, GroupSense CEO Kurtis Minder was featured on episode 126 of the Cybersecurity Matters Podcast with hosts Dominic Vogel and Christian Redshaw. During his episode, "Dealing with a Ransomware Attack," Kurtis and the hosts discussed:

Topics: Podcast

Colorado Aiport Operators Association's Spring Conference

By Editorial Team on May 2, 2022 12:19:29 PM

GroupSense CEO Kurtis Minder will be speaking at the Colorado Airport Operators Association's Spring Conference taking place June 8-10, 2022 in Grand Junction, CO. The annual event will be held at the Grand Junction Convention Center. 

Topics: Webinar Events

Webinar: How to Stop the Impact of Ransomware

By Editorial Team on Apr 30, 2022 10:46:11 AM

Ransomware attacks have increased significantly.

It’s no longer “good enough” to do the bare minimum to prevent ransomware. The FBI's Internet Crime Complaint Center reported a 62% increase in ransomware reports from 2020 to 2021 – and that’s probably not even scratching the surface when you consider how many attacks aren’t reported every day. 

Topics: Webinar Events

The Software Won't Save You

By Editorial Team on Apr 29, 2022 10:30:00 AM

GroupSense CEO Kurtis Minder spoke at Colorado Mesa University’s Entrepreneurship Day on April 27. During his keynote, “The Software Won’t Save You,” he spoke about the genesis of GroupSense’s Ransomware practice, how attackers carry out ransomware attacks, and how each of us can help protect our own computer systems with simple cyber hygiene.

Topics: Blog

Ransomware Survival Guide

By Editorial Team on Apr 28, 2022 10:15:00 AM

Cybersecurity professionals now think of ransomware as inevitable for organizations of all shapes and sizes. With a relatively quick payoff, ransomware provides cyber criminals with a fast, reliable revenue stream. If your organization is facing an attack, it’s vital to get the first few decisions right. 

Topics: Blog Ransomware

Good Cyber Hygiene is a Civic Duty

By Kurtis Minder on Apr 20, 2022 10:30:00 AM

This article was originally published on INC.com

Topics: Blog

Trellix Cybersecurity Summit

By Editorial Team on Apr 18, 2022 10:23:10 AM

The cyber threats public sector organizations face continue to evolve. And all too often, agencies and institutions are focused on securing against the threats of the past rather than planning for the next sophisticated attack. However, with the emergence of security tools built on machine learning, AI, predictive analytics and extended detection and response, that no longer has to be the case.

Topics: Webinar Events

SANS Ransomware Summit 2022

By Editorial Team on Apr 13, 2022 11:01:15 AM

Ransomware attacks are more prevalent each day. Join GroupSense Director of Intelligence Operations Bryce Webster-Jacobsen and Senior Threat Intelligence Analyst Samira Pakmehr at this year's SANS Ransomware Summit on June 16, 2022 to learn more about how to stop your organization from becoming a ransomware horror story. Bryce and Samira will present on The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes on June 16 at 1:10-1:45pm ET. 

Topics: Webinar Events

TedX Grand Junction

By Editorial Team on Apr 12, 2022 11:09:00 AM

Join Kurtis Minder, GroupSense CEO, on Saturday, June 18 for TedX Grand Junction. Positioned as a cultural leader in Western Colorado, Grand Junction challenges the region in powerful ways.

TedX Grand Junction encourages creativity, innovation, cultural awareness, and social impact through the power of big ideas. This year, the event will focus around the theme Reimagine. Buy tickets for the event at the Avalon Theater box office >

Topics: Webinar Events

Lexology: Social Links: Behavioral Targeting Under Scrutiny from Lawmakers

By Editorial Team on Apr 6, 2022 7:37:38 AM

Recently Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, was featured in Lexology's "Social Links: Behavioral Targeting Under Scrutiny from Lawmakers" article. Bryce was quoted from his Axios feature: Activist Movements Drive Misinformation Mayhem. The Lexology highlight is below. 

Topics: News

Operational Security Best Practices Webinar with IrishAngels

By Editorial Team on Apr 4, 2022 7:12:01 AM

On Wednesday, April 6th Kurtis Minder, GroupSense CEO, will provide an overview of Operational Security and best practices to institute in hybrid work environments to the IrishAngels.

Topics: Webinar Events

Chainalysis Links New York

By Editorial Team on Apr 3, 2022 4:07:44 PM

Kurtis Minder, GroupSense CEO, will speak at Chainalysis Links in New York. The conference is being held May 18-19th 2022. The expanded event will feature 3 tracks of amazing content over 2 full days. Learn more about the event >

Topics: Events

Outpost Gray Podcast: Ransomware Prevention

By Editorial Team on Apr 3, 2022 1:12:09 PM

Recently Kurtis Minder, GroupSense CEO, was a guest on Outpost Gray’s podcast. Kurtis did a Q&A with Jax, Outpost Gray founder and Cybersecurity Manager from Grant Thornton. They talked about ransomware prevention and negotiations.

Topics: Podcast Events

GroupSense Report: State of the Ransomware Market

By Editorial Team on Apr 1, 2022 5:16:46 PM

Ransomware is a big business. It has been prominent since the mid-2000s, with Ransomware-as-a-Service emerging in 2016. A company impacted by ransomware could suffer devastating financial and reputational losses. We've compiled information on the ransomware market and what you need to know.

Topics: Whitepapers

Dark Reading: What the Conti Ransomware Group Data Leak Tells Us

By Editorial Team on Mar 24, 2022 10:45:28 AM

Recently Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, was featured on Dark Reading's "What the Conti Ransomware Group Data Leak Tells Us".

Topics: News

How to Negotiate with a Cyber Threat Actor Podcast

By Editorial Team on Mar 23, 2022 2:11:49 PM

Join Kurtis Minder, GroupSense CEO, on March 31 at 3:30PM ET for a podcast with Outpost Gray on "How to Negotiate with a Cyber Threat Actor." 

Topics: Podcast

Cryptocurrency and Security On-Demand Webinar with Bace Cybersecurity

By Editorial Team on Mar 22, 2022 12:46:34 PM

⁠Recently Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, joined Bace Cybersecurity Institute for a webinar on Cryptocurrency and Security. The webinar walked through cryptocurrencies and the promise it delivers as a secure and efficient anonymous monetary transaction.

Topics: Webinar Events

Ransomware Groups are Getting More Sophisticated

By Editorial Team on Mar 16, 2022 2:00:00 PM

Ransomware attacks have exploded over the past few years, and ransomware groups have reinvested their earnings into their malicious businesses.

Threat actor groups have discovered a significant opportunity within the market to provide Ransomware-as-a- Service (RaaS). Much like the Software-as-a-Service (SaaS) offerings we are all familiar with, RaaS operations have employees, customer service, and a business structure to lean on. It paves the way for inexperienced threat actors to utilize the expertise of more advanced threat groups, ultimately expanding the effects of ransomware to a broader breadth of targets.

One RaaS group, Conti, became prolific over the last several years, with attack numbers above 1,000. The ransomware group is having a pretty bad month. After aligning themselves with Putin’s invasion of Ukraine, assumed Ukrainian members took the liberty of leaking months’ worth of internal chat logs and documents, revealing their internal business structure, office politics, and pay scales. GroupSense analysts have been translating and digesting the information, corroborating the intelligence with data that they have already collected on Conti through threat investigations.

Conti

Conti has successfully targeted and impacted significant players from the financial sector to the software industry, such as the Japanese electronics supplier JVCKenwood, London-based high society jeweler Graff, and the Irish health system. Last year, GroupSense threat analysts observed Conti’s tactics, techniques, and procedures (TTPs) when the group breached a client’s network and demanded ransom.

In a recent chat log leak, GroupSense learned that Conti has upper and middle management with entry-level employees that do the leg work. The separation of roles within Conti enables the employees to focus on specific parts of the cyber kill chain. Gaining initial access to the system is the most time-consuming part of the attack. It requires reconnaissance and planning, which “initial access brokers” work on over weekends. This leg work allows for more attacks and ultimately more revenue for the ransomware group.

Conti typically deploys their ransomware through targeted spear-phishing and broader phishing campaigns that contain malicious attachments or links. The attachments serve as vessels for deploying other malware that utilizes more advanced techniques. These vessels are typically called “loaders” or “downloaders,” and they will do their best to mask the actual malware such as TrickBot, or in this case, Conti ransomware.

When our client was hit with Conti last year, they hired GroupSense for our Ransomware Negotiation Services. As part of the service, GroupSense confirms that the actor returns the decrypted data before the client pays the ransom. After providing sufficient proof that the actor returned the data, our negotiator helped our client pay the ransom. Unfortunately, the story doesn’t end here.

Conti Again?

Months later, the client’s customers started receiving phishing emails on the same thread that Conti used to communicate with the client, meaning the actor had access to the old email thread. This method, called email chain hijacking, allows the threat actor(s) to send phishing emails by replying to old email threads, which tricks victims into thinking the email is
legitimate. Access to the original email thread strongly indicates that Conti could be behind a repeat attack.

The phishing emails were riddled with typos, grammar mistakes and had other pronounced signs of phishing, including mismatched sender names and addresses with a badly spoofed email domain. Typically, when Conti uses phishing as a vector, they are careful to cover their tracks and make the email look as legitimate as possible. Email chain hijacking increases the likelihood of success for phishers. Furthermore, Conti was not known to use email chain hijacking in previous attacks. With these conflicting pieces of evidence, our analyst dove deeper to find out if the phishing attack was coming from Conti or a second and unrelated actor.

Connecting the Bots

The GroupSense analyst started an investigation to compile a list of threat actors who had
historically used the email chain hijacking technique within previous campaigns. During this investigation, the analyst identified the following groups:

  • TrickBot Gang
  • The newly revived Emotet
  • TA 551 (Shatak)
  • IcedID campaigns
  • QakBot campaigns

In November 2021, the intelligence community discovered that the TrickBot Gang teamed up
with TA551 to deploy Conti ransomware. In January 2022, SANS found that Emotet had reemerged with help from the TrickBot group. In February 2022, AdvIntel discovered that the Conti group had taken over the TrickBot operations.

Knowing several roads lead back to the Conti Group, the analyst deployed the malicious link in a sandbox environment. The link downloaded several pieces of malware to the device, including the IcedID loader operated by TA 551. GroupSense assessed with high confidence that the Conti ransomware syndicate was actively targeting our client’s customer base using stolen email threads.

Below are the hashes gathered upon detonation and the IP addresses that the payload contacted.

IP Addresses:

  • 208.95.112[.]1
  • 23.21.43[.]186
  • 54.225.179[.]233
  • 82.221.103[.]243
SHA-256 Hashes
00c62ed42795f996b5f963c69ce918c2623d72896ebb628dfd9bc800514900ce
086a7e44de35a235bc258bf1107e22a7dc27932cb4d7e3ebcd1f368acc000caa
0cd5b187ffad353e52c996c8f5bb1f5499d42e3525a56d1787a587a00b67b491
0f8ced5f44da7acf761d497fbffd203cc8d213d837ca76e0c63d90bf914d2f76
10d8b828af4080ab9d7a4943a64960bf047637a95ac3aac046b9e7b7232943b6
31fc706ae4bd5093aecb6a0b7f9d3b686feb284076b1122aaff978779612dc06
51980490612ad901964738ab28951c55b2140e71e460a43bd4bc3ef80cd626b2
5a0b7495f961d70b1e9a5a41aaae77748f9fb042110b66ea76ef7c5757e61fa1
5e872715109b381c99aa19e2435628640505794e09a1998de7b92c2a5aea38e1
61acd6e7405fad348433f8de4b12ed97b42caccbcf28fe0e4ba4b4a5d2ea707e
68e37eed2e04830fce9f735d8a2ecebb19a651394f5d590581370ac5d7754d90
This one matches a ruleset for the IcedID payload
6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
6cce352f8426a6cb2d41d5d108658cfa1244f0142d6f60bc96e3c4c2904913c3
aa5daecee872ca7c079b5363c2ffb0a6bbb335414ac3ce2006bc18015fcd45e4
bc05a98d03525d3255d0e2d55edd6afb93e4b5ef7db2ff17609b541a5fce3d7d
bdd5111162a6fa25682e18fa74e37e676d49cafcb5b7207e98e5256d1ef0d003
d1b9d32702d7d7a184ab4654c204e6d385a9499fde63e0b06bda60f8077a7862
dfc98ccf84f4551aae0f4ac0334df103e2cfeb7a55af486b68c0392fc78a5fa4
e39d6a57d2f16e60c4075d07741dadd6a2742a85aceb250083d7ab103279f737
e5a870dda2bca2b632f9aa3eee7768b5dd1498046d53af5fb6b5d5920debe27a
f6006f75b9c9f94761370e6810cdf9bc1d2794f7a3513a9bfe119606d76d2992
261fcca4a1177c03c7aff8b3bcdbf4016c2a3da6674e6afb4c8a885d9784064b

 

Repeat Attacks

It’s rare for ransomware groups to attack the same target twice. Because RaaS groups run like businesses, they work on similar reputational rules as legitimate companies. If a RaaS group says they will return stolen data from their victims, they are expected to keep their word. If they return the data to the victims, they can only cash out on the data once.

In this case, Conti was trying to cash out twice on the same set of stolen data. Our analysts have not seen such a brazen attack that would damage a threat actor’s reputation before.

Wider Implications

This investigation suggests that the Conti ransomware syndicate is rapidly increasing its sophistication and standing in the initial access ecosystem. This increased sophistication means that they can hit larger, more complex systems and demand even higher ransoms in the future.

Topics: Blog

GroupSense and CynergisTek Strategic Partnership Aimed at Helping Healthcare Organizations

By Editorial Team on Mar 16, 2022 11:16:14 AM

CynergisTek strengthens its service portfolio by partnering with GroupSense to provide enhanced and proactive cyber reconnaissance services and incident response services.

Austin, Texas & Arlington, Va. --CynergisTek (NYSE American: CTEK), leading cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, announces a new agreement with GroupSense to provide organizations with vital threat intelligence to identify and mitigate attacker activity. This partnership offers CynergisTek’s customer base ransomware negotiation services and provides increased capabilities around incident response (IR) training and tabletop exercises.

“In order for healthcare organizations to more successfully anticipate where cyber attackers are likely to be present, they need a clearer picture of their risk and a better understanding of their environment,” said Mac McMillan, President & CEO of CynergisTek. “Incorporating GroupSense’s capabilities into our Risk and Incident Response services enables us to assist our clients in performing better reconnaissance, thereby enhancing their resilience. Just as important as being able to anticipate the threat, so is being able to execute more precisely when adverse situations arise. Incorporating ransomware negotiation and deeper awareness into client IR immersive exercises and incident response further enhances the value of our support to our clients,” he says.

“I am excited about the launch of our partnership with CynergisTek,” said Kurtis Minder, founder and CEO of GroupSense. “Given the increased attack surface, especially in the healthcare industry, organizations need solutions, not an increase in alerts or data feeds. The combined digital risk and attack surface capability of GroupSense, with the solution expertise of CynergisTek, solves IT risk problems while reducing operational overhead.”

This partnership marks CynergisTek’s focus on building cyber resiliency by helping businesses become proactive against threats and develop effective incident response procedures. CynergisTek and GroupSense are providing customers with threat intelligence capabilities that allow for healthcare specific insight on where organizations should prioritize remediation efforts based on their specific risk profile. CynergisTek clients will have access to additional threat monitoring and foot printing capabilities that help expose unknown gaps that organizations may have with the use of GroupSense’s cyber reconnaissance platform and team of highly trained analysts.

About GroupSense

GroupSense is a digital risk protection services company that delivers customer-specific intelligence that dramatically improves enterprise cybersecurity and fraud-management operations. Unlike generic cyber-intelligence vendors, GroupSense uses a combination of automated and human reconnaissance to create finished intelligence that maps to each customer's specific digital business footprint and risk profile. This enables customers and partners to immediately use GroupSense's intelligence to reduce enterprise risk, without requiring any additional processing or management by overstretched security and fraud-prevention teams. GroupSense is based in Arlington, Va., with a growing customer base that includes large enterprises, state and municipal governments, law enforcement agencies and more.

About CynergisTek, Inc.

CynergisTek is a top-ranked cybersecurity consulting firm helping organizations in highly-regulated industries, including those in healthcare, government, and finance navigate emerging security and privacy issues. CynergisTek combines intelligence, expertise, and a distinct methodology to validate a company's security posture and ensure the team is rehearsed, prepared, and resilient against threats. Since 2004, CynergisTek has been dedicated to hiring and retaining experts who bring real-life experience and hold advanced certifications to support and educate the industry by contributing to relevant industry associations.

Original Press Release: https://www.businesswire.com/news/home/20220316005363/en

Topics: News

Colorado Mesa University's E-Day with Kurtis Minder

By Editorial Team on Mar 10, 2022 10:05:29 PM

Entrepreneurship Day is back at Colorado Mesa University. Join GroupSense CEO, Kurtis Minder, as he gives the keynote on Wednesday, April 27th, 2022. 

Topics: Events

HIMSS Conference: GroupSense & CynergisTek

By Editorial Team on Mar 10, 2022 9:53:13 AM

Kelly Milan, GroupSense, will attend HIMSS with our friends at CynergisTek on Tuesday, March 15th and Wednesday, March 16th. He will give two demos on Tuesday and Wednesday in CynergisTek's booth (#4942) on Hacking and Healthcare.

Topics: Events

The Inner Workings of the Conti Ransomware Group

By Editorial Team on Mar 4, 2022 2:24:16 PM

Earlier this week, a Ukrainian security researcher with insights into the Conti ransomware group leaked almost two years’ worth of internal chat logs. Conti is responsible for a number of high profile ransomware attacks.

Topics: Blog

ModernCTO Podcast: Ransomware Readiness, Defense, and Negotiation

By Editorial Team on Mar 4, 2022 10:35:28 AM

Adam Bregenzer, GroupSense's CTO, was a guest on the ModernCTO podcast. He spoke to Joel Beasley about ransomware readiness, defense, and negotiation. Below are a few of our favorite clips, as well as the full episode! 

Topics: Podcast

WEM Event: Wisconsin Under Attack: Responding to Cyber Criminals

By Editorial Team on Mar 3, 2022 5:26:39 PM

On Wednesday, March 9th, GroupSense CEO, Kurtis Minder, will co-present "Wisconsin Under Attack: Responding to Cyber Criminals" at the 54th Annual - Wisconsin Governor's Conference on Emergency Management and Homeland Security with LTC Sarah Frater. 

Topics: Events

Task Force 7 Radio: Lessons from a Ransomware Negotiator

By Editorial Team on Mar 3, 2022 4:55:41 PM

Kurtis Minder, CEO of GroupSense, was a guest on Episode #209 of Task Force 7 Radio's podcast. Kurtis talked to co-host Andy Bonillo about lessons from a ransomware negotiator, why small businesses need cybersecurity resources, as well as how cyber criminals may be shifting their focus during the Russia/Ukraine conflict. Below are a few highlights from the interview.

Topics: Podcast

CHIME Focus Session: GroupSense & CynergisTek

By Editorial Team on Mar 3, 2022 4:07:07 PM

Kurtis Minder, GroupSense CEO, will speak at a CHIME focus session with Mac McMillan, CynergisTek CEO on Monday March 7th. Kurtis and Mac will have an active discussion around the sophistication of cyberattacks affecting healthcare institutions across the country and around the globe.

Topics: Events

Innovate Springfield: Dialogue with GroupSense Co-Founder, Kurtis Minder

By Editorial Team on Mar 3, 2022 10:32:04 AM

Join Kurtis Minder, GroupSense CEO, on Thursday, April 7, 2022 from 5:00 PM - 6:00 PM CT for Innovate Springfield.

Topics: Webinar Events

Report: Most Active 2021 Ransomware Groups

By Editorial Team on Mar 1, 2022 5:00:00 PM

2021 was another pivotal year for ransomware attacks. Cybercrime was expected to hit $6 trillion and is expected to grow by 15% annually during the next five years. 

Topics: Whitepapers

GroupSense Logs Record Customer and Revenue Growth in 2021

By Editorial Team on Mar 1, 2022 10:50:14 AM

GroupSense Adds Nearly 50 Fortune 1000 Companies and Governments to its Roster, Delivering Customer-Specific Intelligence to Help Them Significantly Reduce Digital Risk

ARLINGTON, Va., March 1, 2022 /PRNewswire/ -- GroupSense, a digital risk protection services company, today announced several notable achievements from 2021, including 75 percent year-over-year subscriber growth, adding nearly 50 new customers and 6 new partnerships, among many other impressive milestones. The company has successfully helped its customers reduce risk from data breaches, ransomware, election security, disinformation, fraud and more.

Topics: Press Releases

Ransomware Negotiation Guide

By Editorial Team on Mar 1, 2022 10:07:00 AM

GroupSense has been negotiating with threat actors on the underbelly of the internet for years, so we are uniquely suited to assist in ransomware negotiations. We often get the question, what does a ransomware negotiator do? A ransomware negotiator acts as a mediator between a ransomware victim and the ransomware operator. This role is an important one, providing an objective view of the situation, empowering the victim with enough information to make an informed business decision on whether to pay a ransom, and providing a layer of operational security between the victim and the ransomware operator.

Topics: Whitepapers

Asharq News: Russian Ukraine Conflict

By Editorial Team on Feb 25, 2022 9:54:16 AM

As Russia unleashes war on Ukraine, many are asking about a possible Russian cyber-attack. Asharq News interviewed Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, about the Russian Ukraine Conflict and its impact on the cyber nexus.

Topics: News

TV Globo: Hacker attacks double this year in the US

By Editorial Team on Feb 23, 2022 9:45:42 AM

TV Globo interviewed GroupSense's CEO and Ransomware Negotiator, Kurtis Minder, about how ransomware attacks have doubled in the US because of the pandemic. Below is a translated transcript of the article. Watch the clip in the article to hear Kurtis talk about the topic. 

Note: Article and video clip linked is in Portuguese. 

Topics: News

CyberNews: Businesses should understand – it’s not a matter of ‘if’, but ‘when’ they’ll face an attack

By Editorial Team on Feb 9, 2022 2:42:32 PM

CyberNews interviewed GroupSense's Director of Intelligence Operations, Bryce Webster-Jacobsen, about cyber attack landscape and its business impact. Below is a transcript of Bryce's interview with CyberNews. 

Topics: News

Cryptocurrency and Security Webinar with Bace Cybersecurity

By Editorial Team on Feb 4, 2022 1:07:39 PM

⁠Join Bace Cybersecurity Institute for a webinar on Cryptocurrency and Security. Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, will join David Rosenthal, formerly at Sun Microsystems and Nvidia, to discuss the reality of cryptocurrencies on Wednesday, February 16th, 2022 at 11am PT / 2pm ET⁠. Learn about the event >

Topics: Webinar Events

Takeaways from Defendify's Cyber Crystal Ball Panel

By Editorial Team on Feb 2, 2022 4:51:39 PM

Earlier this week, Kurtis Minder, CEO at GroupSense, joined Defendify's Cyber Crystal Ball panel with Lori Sussman, Professor at University of Southern Maine and Antoinette King, Founder at Credo Cyber Consulting.

Topics: Webinar Ransomware Events

VICE Media: I Stop Multimillion Dollar Cyberattacks

By Editorial Team on Jan 31, 2022 4:43:45 PM

Kurtis Minder, GroupSense CEO, was featured in VICE Media's "I Stop Multimillion Dollar Cyberattacks." Kurtis spoke to VICE about his experience as a ransomware negotiator and what happens during and after a ransomware attack. 

Topics: News Ransomware

NBC News: Ransomware hackers' new tactic: Calling you directly

By Editorial Team on Jan 28, 2022 5:00:32 PM

Hackers have increasingly roped in everyday people whose information is stored in computers that have been breached, pestering them by phone and email.

Topics: News Ransomware

Cyber Crystal Ball

By Editorial Team on Jan 25, 2022 11:40:36 AM

On January 27th, Kurtis Minder, CEO of GroupSense, will join Defendify's Cyber Crystal Ball panel to reflect on 2021. IT professionals and organizations were dealt some difficult cards, and "the cards don't lie, Honey". You don't have to be psychic to predict more of the same coming in 2022.

Topics: Webinar Events

Search Tool For CISA’s Log4j Database

By Editorial Team on Jan 24, 2022 6:00:00 AM

GroupSense's CTO, Adam Bregenzer, and Cybersecurity and Infrastructure Security Agency's Senior Advisor, Beau Woods, have developed a new open-source search tool to help cybersecurity professionals navigate the ever-growing list of software products impacted by Log4j. "Beau and I wanted to make the vast list of software organizations sortable and searchable. By default it's just a very large web page," Adam Bregenzer. 

Topics: News

Squid Games Ransomware Cyber Drill

By Editorial Team on Jan 19, 2022 11:24:05 AM

Earlier this week, GroupSense's CEO, Kurtis Minder, participated in *AIMA's APAC Webinar: Cyber Security x Ransomware: Squid Games Edition.

*Note: An account is needed to view the replay.

Topics: News Blog Ransomware

Security Analytics & XDR Demo Forum

By Editorial Team on Jan 12, 2022 10:10:05 AM

GroupSense’s CTO, Adam Bregenzer, participated on the Security Analytics & XDR Demo Forum with Richard Stiennon, as well as BlackCloak, Cyberint, and Digital Shadows. They discussed Digital Risk Protection around intel collection strategy, initial access brokers, and threat intel SOC integration.

Topics: Webinar Events

New Wave of Jan. 6 Conspiracy Theories

By Editorial Team on Jan 6, 2022 5:45:02 PM

Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, was quoted in Axios' article, "New Wave of Jan. 6 Conspiracy Theories". Bryce spoke to Sara Fischer, Media Reporter at Axios, about conspiracy theories surrounding the January 6th attack on the U.S. Capital. 

Topics: News

The Top 5 Cybersecurity Tools Companies Need to Implement Right Now

By Editorial Team on Jan 3, 2022 4:46:25 PM

Kurtis Minder, GroupSense CEO, started 2022 off on the right foot with a feature on Infosecurity. He shared his top five cybersecurity tools that companies need to implement right now. While these items may be considered “cybersecurity 101,” you’d be surprised how many organizations don’t have these measures in place. Below is a snippet from the article. 

Topics: News

Whitepaper: WhatsApp Security Risks - What You Need to Know

By Editorial Team on Jan 1, 2022 10:41:00 AM

WhatsApp is a popular social messaging platform used worldwide. With such a large audience, threat actors use it to spread disinformation, distribute malware and carry out many more cyber attacks. Read our white paper to understand the threats you or your colleagues can face from using the messaging app.

Topics: Whitepapers

Seven Tips for Negotiating with Hackers (or Anyone for that Matter)

By Editorial Team on Dec 30, 2021 12:47:57 PM

Kurtis Minder, GroupSense CEO and cofounder, sat down with Joe Meadows, Partner at Gordon & Rees, and talked about seven tips for negotiating with hackers (or anyone for that matter!). Here are a few highlights of that conversation:

Topics: News Blog Ransomware

GroupSense to Speak at CactusCon in Two Ransomware Sessions

By Editorial Team on Dec 28, 2021 3:03:16 PM

GroupSense CEO and co-founder, Kurtis Minder, Intelligence Analyst, Nicole Hoffman, and Director of Intelligence Operations, Bryce Webster-Jacobsen, are speaking at CactusCon February 4-5, 2022. 

Topics: Webinar Events

Ask Me Anything Webinar with Abacode

By Editorial Team on Dec 28, 2021 11:30:04 AM

Ransomware attacks have increased significantly over the past year. On Tuesday, February 22nd, join Jeremy Rasmussen, Chief Technology Officer at Abacode, and renowned ransomware negotiator and CEO of GroupSense, Kurtis Minder, to get behind the scenes exclusive access and insight into what happens after a ransomware attack.

Topics: News Webinar Ransomware Events

AIMA APAC Webinar: Cyber security x Ransomware

By Editorial Team on Dec 27, 2021 2:13:08 PM

On January 18th, Kurtis Minder, GroupSense CEO, will join AIMA for their APAC Webinar: Cyber security x Ransomware: Squid Games Edition.

Topics: Webinar Events

NYLIB: Cyber Security Panel Discussion

By Editorial Team on Dec 27, 2021 1:46:16 PM

GroupSense CEO Kurtis Minder, will join NYLIB as a keynote speaker highlighting his experience in the cyber security space. Afterwards, NYLIB will host a panel discussion focused on cyber security risks facing banks, current trends, and best practices.

Topics: Webinar Events

Five Ransomware Predictions for 2022

By Editorial Team on Dec 22, 2021 9:30:00 AM

In 2021, we saw a steady rise in the number of ransomware attacks. It’s projected that global ransomware damage costs will reach $20 billion by the end of 2021. Nearly every week, you hear of a new high-profile catastrophic breach, but organizations of all sizes have been critically impacted by ransomware and cyber threats.

Topics: Blog Ransomware

GroupSense's Kurtis Minder and Bryce Webster-Jacobsen to Speak at RSA

By External Author on Dec 21, 2021 5:33:49 PM

GroupSense CEO and co-founder, Kurtis Minder, and Director of Intelligence Operations, Bryce Webster-Jacobsen, are speaking at the RSA Conference June 6-9, 2022.

Topics: Webinar Events

The Bad Actors – The Extortion Economy

By Editorial Team on Dec 17, 2021 2:53:29 PM

Kurtis Minder, Ransomware Negotiator and GroupSense CEO, was featured on MIT Technology Review & ProPublica's: The Bad Actors – The Extortion Economy podcast. This series is hosted by Meg Marco and produced by Emma Cillekens, Tate Ryan-Mosley and Anthony Green. The podcast dives into the criminal world where the stakes are high, but the methods are increasingly business-like and meet the people who interact with the ransomware hackers.

Topics: News Ransomware Podcast

Impact of CVE-2021-44228 Apache Log4j Vulnerability

By Editorial Team on Dec 16, 2021 3:42:30 PM

GroupSense performed a deep and dark web investigation into the critical remote code execution (RCE) zero-day impacting the Apache Java-based logging utility Log4j (CVE-2021-44228). This high severity vulnerability is already being actively exploited in the wild, per numerous public reports. The attack vector is extremely trivial for threat actors to exploit, requiring only a single string of code, and impacts software products from numerous vendors. The US Cybersecurity and Infrastructure Security Agency is maintaining an updated list of affected vendors.

Topics: Blog

CynergisTek's Healthcare Ransomware Bootcamp Recap

By Editorial Team on Dec 13, 2021 1:19:21 PM

On December 9th, Kurtis Minder, GroupSense CEO, presented at the CynergisTek Healthcare Ransomware Bootcamp.

Cyber Resilience is like muscle – training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies. 

CynergisTek, Lockton Companies, and GroupSense provided insider insights on how to stay ahead of the curve and protect yourself from being the next target.

"The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019," SafeAtLast.

Elissa Doroff, Managing Director & Cyber Technical Leader at Lockton Companies, presented "Cyber Insurance - The Effects of Ransomware". Ransomware attacks accounted for 41% of all filed cyber insurance claims in the first half of 2020, according to a report by Coalition. To keep up with the cost, and rise in claim occurrence, cyber insurance providers are implementing compliance requirements that, depending on compliance capability, might increase your coverage cost or deem you ineligible to be insured at all.

Elissa Doroff covered the following in her session:
  • Background of the always-evolving cyber insurance industry. Once deemed an organizational “nice to have”, finds itself in a pivotal point that may change the insured’s coverage decision forever.
  • A walkthrough of the top 10 cybersecurity compliance standards, and a deep dive into why they are important, and what they mean.
  • What happens once you become insured. Including best practices to work with your insurance company, how cyber insurance works, a look into filing a claim, and a broker’s perspective on breach response.

Kurtis Minder followed Elissa and presented "Real Life Perspectives from a Ransomware Negotiator". No one ever expects it to happen to them, but with ransomware and cybercrime on the rise, it’s more likely than ever to discover that ransomware has locked down your system and cybercriminals are holding your data hostage. 

"2020 Healthcare attacks involved the theft or exposure of the protected health information of at least 18,069,012 patients," HIPPA Journal.

Kurtis Minder covered the following in his session:
  • What most people don’t realize about ransomware and the cybercriminals that run these exploits
  • Immediate do’s and don’ts if your systems are being held captive
  • How to limit potential damage like data loss, overpaying threat actors, tarnished brand reputation, and compliance violations
  • Notable stories from the field
Below are some interesting healthcare specific stats/issues from Kurtis's session:
  • Connected IoMT: There are 430 million connected medical devices worldwide. The number rises every day, creating an expanded attack surface.
  • Mergers and Acquisitions (M&A): It is not uncommon for healthcare organizations to have many mergers and acquisitions. An organization might be more vulnerable if the acquired organization doesn’t have up-to-date records of all its assets.
  • 2020 Healthcare Ransomware: More than a third of healthcare organizations were hit by a ransomware attack in 2020 and of those, 65% said the cybercriminals were successful in encrypting their data.
  • Unpatched Systems: Many health care institutions use unpatched or outdated hardware devices and software, which are prone to ransomware attacks.

Mac McMillan, President & CEO at CynergisTek closed out the event by highlighting the crucial need for organizations to shift towards cybersecurity resilience, and away from a compliance/preparation-only mindset. Mac discussed key findings from Elissa and Kurtis’s sessions and tied it all together.

Download the Guide Now >


About Kurtis Minder:

Kurtis Minder is the CEO and co-founder of GroupSense, a leading provider in Digital Risk solutions. Kurtis built a robust cyber reconnaissance operation protecting some of the largest enterprises and government organizations. Kurtis has been the lead negotiator at GroupSense for ransomware response cases. He has successfully navigated and negotiated some of the largest ransomware, breach, and data extortion cases world-wide. With over 20 years in the information security industry, Kurtis brings a unique blend of technical, sales and executive acumen.

Topics: News Webinar Ransomware Events

The Rise of the Geopolitical Hack

By Editorial Team on Dec 10, 2021 9:39:28 AM

The residue of ransomware is infiltrating our psychology and pocketbooks. Is politics next?

Earlier this year, GroupSense spoke to Erika Hellerstein, Senior Reporter at Coda, about connecting links between disinformation and ransomware, as well as GroupSense's backstory on how they became ransomware negotiators.

Topics: News

Activist Movements Drive Misinformation Mayhem

By Editorial Team on Dec 3, 2021 10:50:27 AM

Bryce Webster-Jacobsen, Director of Intelligence Operations at digital risk protection / ransomware negotiators GroupSense, was a featured in Axios' article "Activist Movements Drive Misinformation Mayhem. Bryce spoke to Sara Fischer about anti-vaccination conspiracy theories and how they are becoming dangerous spreaders of misinformation.

Topics: News

Prioritizing Cybersecurity: Tips to Better Protect Your Data

By Editorial Team on Dec 1, 2021 3:49:00 PM

GroupSense does some of the largest negotiations for ransomware. Ransomware is a quick and easy path to revenue for criminals. Unfortunately, ransomware isn’t always the first play in a criminal’s playbook. They usually have been in your network for a while and deploy ransomware after they’ve accessed all your data. GroupSense’s team of experienced negotiators developed cybersecurity tips to help reduce your risk.

Topics: Whitepapers

CynergisTek's Ransomware Bootcamp

By Editorial Team on Dec 1, 2021 12:00:00 PM

Cyber Resilience is like muscle – training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies. 

Topics: News Webinar Ransomware Events

As the cyber insurance bubble begins to burst, the market scrambles for a new approach

By Editorial Team on Nov 24, 2021 3:47:22 PM

Bryce Webster-Jacobsen, Director of Intelligence Operations at digital risk protection / ransomware negotiators GroupSense, was a featured on SC Media. Bryce spoke to Joe Uchill about the cyber insurance bubble bursting and how organizations need to take a different approach.

Topics: News

SafetyDetectives - Digital Risk Protection Q&A with Kurtis Minder

By Editorial Team on Nov 19, 2021 5:05:52 PM

Earlier this week, Kurtis Minder, GroupSense CEO & Co-founder, was interviewed by Aviva Zacks, Cybersecurity Expert and Writer at SafetyDectives. During the interview they discussed GroupSense's backstory, how GroupSense serves their clients, what makes GroupSense so unique, and the worst cyberthreat out there today. Below are a few highlights from the interview.

Topics: News

GroupSense Presents at BSidesDFW

By Editorial Team on Nov 3, 2021 1:53:41 PM

Join Nicole Hoffman, GroupSense Intelligence Analyst, on Saturday, November 6th (12PM CT) at BSidesDFW! Nicole is presenting The Cognitive Stairways of Analysis.

Topics: Events

A Mysterious Network of Twitter Bots Promote Alleged NRA Hack

By External Author on Nov 2, 2021 12:00:00 PM

When a mysterious Russian hacking gang announced last week that it had assaulted the National Rifle Association with a ransomware attack, the NRA was quiet on whether the claim was true. But a network of hundreds of Twitter trolls were far from mute—they lapped up the news and went to town amplifying it across Twitter.

Topics: News Ransomware

As demo’d with NRA, ‘information operations’ may be new way to give ransomware victims Grief

By External Author on Nov 1, 2021 11:30:00 AM

After the notorious Grief ransomware group added the National Rifle Association to its public list of victims, messages of the breach was reportedly amplified by a network of fake Twitter accounts. While it's still unclear if the network is connected to Grief, experts worry it could mark the beginning of information campaigns being added to the ransomware arsenal.

Topics: News Ransomware

4th Cybersecurity Conference: How to Negotiate with Ransomware Hackers

By Editorial Team on Oct 28, 2021 3:30:00 PM

On Thursday, October 28th, GroupSense's CEO, Kurtis Minder, spoke at Convent's 4th Annual Cybersecurity Conference. Kurtis spoke to Andreas Horchler, Founder & Managing Partner of podcon.de, about his experiences as a Ransomware Negotiator and how to negotiate with ransomware hackers.

Topics: News Video Webinar Ransomware Events

GroupSense Spoke About Ransomware Prevention at The Fairfax County's Department of Information Technology Event

By Editorial Team on Oct 28, 2021 2:32:52 PM

On Friday, October 15th, GroupSense's CEO, Kurtis Minder, spoke at The Fairfax County's Department of Information Technology event for Cyber Security Awareness Month. Kurtis spoke about reducing ransomware — from prevention through recovery.

Topics: Events

Cybercrime Magazine Podcast: Ransomware Negotiation

By Editorial Team on Oct 27, 2021 10:00:00 AM

Cybercrime Radio, host Hillarie McClure spoke with Kurtis Minder, a ransomware negotiator and CEO of GroupSense, a leading provider in Cyber Reconnaissance.

Topics: News Ransomware

SC Media Ransomware Kill Chain Feature

By Editorial Team on Oct 22, 2021 12:00:00 PM

Ransomware needs its own kill chain framework

GroupSense's Intelligence Analyst, Nicole Hoffman, is featured in SC Media. Nicole explains the evolution of the Cyber Kill Chain developed by Lockheed Martin and argues that the industry needs a kill chain specifically for ransomware.

Topics: News Blog Ransomware

Cover Story: The dark web rises

By External Author on Oct 18, 2021 10:15:00 AM

The dark web is often seen as a virtual back alley — a shady place where underground deals are made and criminal gangs plot their next heist. While most law-abiding citizens tend to steer clear of the dark web, the growing number of ransomware attacks and cybercriminal cases has made it far too dangerous to ignore. 

Topics: News Ransomware

The Ransomware Pandemic that COVID Started

By Kurtis Minder on Oct 15, 2021 9:45:00 AM

By Kurtis Minder, CEO, GroupSense

Topics: News Blog Ransomware

Couple use peanut butter sandwich to trade nuclear secrets for crypto

By External Author on Oct 12, 2021 9:30:00 AM

A husband and wife espionage team could face up to 10 years in prison after investigators discovered their alleged attempts to hide — and sell — top-secret military information in ordinary items such as a peanut butter sandwich and a stick of chewing gum.

Topics: News Ransomware

WIRED Security Virtual Event: Top Priorities to Protect the Future of Business

By External Author on Oct 12, 2021 9:15:00 AM

WIRED Security will explore current issues and top priorities for security experts to protect the digital and physical future of business. The event gathers the innovators, disruptors and leaders in security for a day of eye-opening and inspirational stories, case studies and workshops that cover new cybersecurity threats, deal with disruptive technologies and build resilience in a world that’s constantly changing.

Topics: News Webinar Ransomware Events

Hello Show by Orange Silicon Valley- October 5 to 7, 2021

By External Author on Oct 5, 2021 9:30:00 AM

9:15 a.m. (PDT) — No More Yelling in the Boardroom: How Companies Misunderstood Ransomware Response — Talk by Kurtis Minder, CEO, GroupSense, and moderated Q&A with Alex Chitea, Principal, Technology Group, Orange Silicon Valley

Topics: News Video Webinar Ransomware Events