Ransomware Group

Grief

Also known as: Pay or Grief, DoppelPaymer 2.0

Status: inactive • First seen 2021-05100+ known victims

Grief was a renamed version of an older ransomware gang. They stole data before encrypting it and threatened to leak it publicly. Unusually, they warned victims not to hire professional negotiators or they would destroy the data.

Overview

Grief was a rebrand of DoppelPaymer that emerged in 2021. The group used double extortion tactics and threatened organizations that the data would be destroyed if they engaged third-party negotiators.

Target Industries

Retail, Manufacturing, Government, Non-profit

How They Attack

  • Phishing campaigns
  • Cobalt Strike beacons
  • Double extortion
  • Data leak threats

Notable Victims

NRA (2021), Multiple US school districts

Is your business exposed?

How to Protect Against Grief

  1. 1.

    Deploy endpoint detection and response (EDR)

  2. 2.

    Monitor for Cobalt Strike indicators

  3. 3.

    Develop incident response plan

MITRE ATT&CK Techniques

T1566, T1219, T1486, T1567

Related Groups

Doppelpaymer, Evil Corp

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices