💰

Proven Data Recovery Security Incident

2017-2018 3021 days ago Resolved

Incident Overview

Situation Description

Two U.S. data recovery firms, Proven Data Recovery and MonsterCloud, claimed to offer ethical ransomware solutions but instead paid ransoms and charged victims extra fees.

Event Types

Ransomware Extortion (non-ransomware)

Industry Sector

Other

Geographic Scope

Global

Response Actions

Paid a Ransom Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Ransomware Extortion (non-ransomware)

Financial Impact

$30,000,000 USD

Records Affected

Data Types Compromised

Operational / System Data

Primary Impacts

Financial Loss Operational Disruption Reputational Damage

Key Decisions Made

Proven Data Recovery made ransom payments to SamSam hackers over more than a year.; Proven Data Recovery stopped dealing with SamSam hackers after the U.S. government took action against them.; Proven Data Recovery's policy on disclosing ransom payments to clients evolved over time, with past practices being less transparent than current ones.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

SamSam

Additional Information

As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra. From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the U.K. It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlantas online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldnt be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom. You just have 7 days to send us the BitCoin, read the ransom demand to Newark. After 7 days we will remove your private keys and its impossible to recover your files. At a press conference last November, then- Deputy Attorney General Rod Rosenstein announced that the U.S. Department of Justice had indicted two Iranian men on fraud charges for allegedly developing the strain and orchestrating the extortion. Many SamSam targets were public agencies with missions that involve saving lives, and the attackers impaired their ability to provide health care to sick and injured people, Rosenstein said. The hackers knew that shutting down those computer systems could cause significant harm to innocent victims. In a statement that day, the FBI said the criminal actors were out of the reach of U.S. law enforcement. But they werent beyond the reach of an American company that says it helps victims regain access to their computers. Proven Data Recovery of Elmsford, New York, regularly made ransom payments to SamSam hackers over more than a year, according to Jonathan Storfer, a...

... (truncated for display)

Quick Facts

Company:: Proven Data Recovery
Date:: 2017-2018
Status:: Resolved
Decision Maker:: Victor Congionti
Position:: chief executive
Published:: nan

Source Information

Original Query

analysis of stock price recovery time for companies disclosing ransomware payments vs non-payment

View Original Source

Timeline

Information Published

nan

Incident Occurred

2017-2018 (3021 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats