2831: Rethinking Ransomware With Rapid7

[00:00:00] Are we truly understanding the depth and complexity of ransomware threats in today's digital

[00:00:07] landscape? While in today's episode, we're going to delve into the intricate world of

[00:00:12] cyber threats and the evolving tactics of ransomware actors because today I'm going to be joined

[00:00:18] by the Senior Vice President and Chief Scientist at Rapid Seven, a name synonymous with cutting

[00:00:24] edge cyber security research and insights. And my guest today brings a wealth of experience

[00:00:29] from his involvement in the law, with law enforcement agencies as a special adviser to the European

[00:00:35] Cybercrime Centre EC3 in the Hague, and we're going to uncover the real challenges behind

[00:00:41] ransomware attacks. Maybe the misconception about the importance of their frequency and

[00:00:47] why the focus should arguably be instead on the capabilities of these malicious actors.

[00:00:53] So today I want you to join me in exploring the dark web trends, the rise of zero-day

[00:00:58] vulnerabilities and how the cybercrime landscape is shifting in ways we might not be fully

[00:01:04] prepared for. Now before I get today's guest, son, it's time for me to mention the sponsors

[00:01:10] of Tech Talks Daily and in an era where digital security is non-negotiable. Legacy

[00:01:16] managed file transfer tools, they simply don't cut it now. So that's where Kiteworks comes

[00:01:22] in. Revolutionising the MFT landscape with unparalleled security credentials including

[00:01:28] the much-coverted FedRAMP moderate authorisation. This isn't just about compliance though,

[00:01:33] it's about offering a secure, efficient platform for today's remote workforce. So with

[00:01:38] Kiteworks you can benefit from advanced file sharing, email security and customizable

[00:01:44] integrations all within a platform designed to safeguard your most sensitive data. So

[00:01:49] don't let outdated technology compromise your security, step into the future of secure

[00:01:55] managed file transfer, get started today by going to kiteworks.com, that's kiteworks.com

[00:02:02] where security meets sophistication. But now it's time to get today's guest on. So

[00:02:07] buckle up and hold on tight as I beam your ears all the way to London here in the UK where

[00:02:12] today's guest is weighing a joiners. So a massive welcome to the show. Can you tell

[00:02:19] everyone listening a little about who you are and what you do?

[00:02:23] Yeah, hi, I'm Rajasthan Money, Senior Vice President and Chief Scientist of Rapid Seven.

[00:02:28] So what does that do? Well so it's quite a broad role. Some of you may have heard of the

[00:02:34] likes of Metasploit. So Metasploit is one of the things that I look after but also

[00:02:40] is for research, vulnerability research, tracking, malicious actors gathering intelligence,

[00:02:46] making sure that goes inside our products to protect customers. Basically a really fun

[00:02:50] job. We've had a couple of people from Rapid Seven over the years. It was Jason Hart,

[00:02:56] a bunch of A's still there and I think it was Gadi now as well. I appreciate you to

[00:03:02] complete it. Do you know any of those? Yeah, Jason and I are very close friends. So he's

[00:03:09] great. He talks a lot about operationalizing security which I think is often overlooked.

[00:03:14] We focus on the tracking nation states and the headlines but actually how a company

[00:03:21] applies its security is something that's often overlooked. So yeah, Jason really takes

[00:03:27] that good fight forward. That's it and one of the things I try and do every day on this

[00:03:31] podcast is try and demystify some of those big tech buzz words that we hear about and everything

[00:03:36] across the threat landscape to one of the reasons I was excited to get you on the show today

[00:03:41] is giving you perspective that the sheer number of ransomware attacks is actually less significant

[00:03:47] than the capabilities of the attackers. Can you elaborate on that? School of Thought and how they

[00:03:52] shift in understanding could impact the way organizations should prepare for an ultimately

[00:03:58] respond to ransomware threats. So we've been dealing with ransomware for many years well over

[00:04:05] I mean, I think you know the really the advent of it's kind of over a decade old and you know

[00:04:11] of course it kind of came about many years before that and I remember like when it first

[00:04:17] starts to become an issue predominantly who is a consumer problem. For example, the average ransomware

[00:04:22] payment was a couple hundred bucks. I mean it wasn't something that businesses needed to worry about

[00:04:28] and the volume was enormous but around about kind of 2015-16 we saw a shift where it started

[00:04:36] to go after healthcare and I remember there was a case in the US where a hospital was held to

[00:04:41] ransom and the story was hey people are now having this having to be turned away from hospitals

[00:04:48] effectively somebody opened an email. I mean that sounds ridiculous but somebody clicked on a

[00:04:52] link and of course you know what what we're dealing with now is a scenario in which actually

[00:04:59] that's just expanded and what used to be a ransomware payment of about you know two two hundred

[00:05:05] dollars ran about two three bitcoins because Bitcoin wasn't working a lot then we're now dealing

[00:05:12] with a scenario in which well I think last year I get twenty three the number of ransomware

[00:05:18] payments track exceeded a billion dollars and the average ransomware demand is six figures

[00:05:25] and it's because actually the threat actors have got really really good and you know we kind of

[00:05:31] in 2016 I co-founded an initiative called No More Ransom where we tried to at least provide

[00:05:38] another option for people to not have to just pay a ransom but of course we're dealing with a

[00:05:43] scenario whereby it's very very organized and in some cases potentially even kind of backed by

[00:05:50] by nation states and so that's the issue we're dealing with we're dealing with a multi-billion

[00:05:55] dollar industry and when researching you before you came on the show I was reading how you've

[00:06:00] highlighted many times the increasing exploitation of zero-day vulnerabilities but I wrapped somewhere

[00:06:06] of actors so on that side of things anything you could share around the implications of this trend

[00:06:11] for cyber security fences and ultimately how organizations might be able to better protect themselves

[00:06:17] against such unfathomable threats well and and that's the you know that's the holy grail

[00:06:24] of cybersecurity or certainly some of threat actors is to break into a company

[00:06:30] using something that nobody else knows about because of course you know potentially unless there's

[00:06:35] what we call compensating controls there is no real defense against that because you don't know

[00:06:41] that you've got a you know for one of a better word like a like an open window and what we saw I

[00:06:49] think kind of last year it was kind of at may time was there was an attack against a file transfer

[00:06:56] software or rather there was there was a vulnerability against a file transfer software and

[00:07:00] you know we got called into an incident a few days before the advisory came out and it turned out

[00:07:07] that actually what we were dealing with was criminals had broken in using a vulnerability against

[00:07:12] a piece of software that nobody really had in their radar and you know a few days passed and of course

[00:07:19] you know the advisory came out and you know we were quoted in the advisory because we'd already

[00:07:24] done a consider about analysis but it was like a few days later what you know we were actually

[00:07:30] sitting and talking about this because we we were dealing with I think three major vulnerabilities

[00:07:34] what we call an emergent threat at the same time and and I asked the team and said look you know

[00:07:39] what do we know about this particular attack and they said look everything seems to point to a ransom

[00:07:44] work group and I remember kind of questioning it afterwards then well that's not really their

[00:07:49] modus operandi like like typically you know a ransom work group would would break in using kind of

[00:07:56] stolen credentials you know typically remote desktop protocol was the most common entry vector

[00:08:01] and has been for like years and you know they did by credentials that these dark web kind of shops

[00:08:08] these IDP shops and I didn't I didn't believe it was therefore quite frankly yeah I get I pushed back

[00:08:17] on us like look I will need more evidence like we can't you know if this is them then this is a

[00:08:22] fundamental shift in change and of course it was it was the club ransom work group and then

[00:08:28] and then we then all of a sudden we started going well hang on look they they they they're

[00:08:32] increased their capability exponentially overnight like like how how did this happen

[00:08:38] and then over the last couple of months we've been dealing with these critical issues these these

[00:08:44] oh you know zero days that or these critical vulnerabilities that have been exploits by

[00:08:48] ransom work groups at a rate and a pace of change that we've never witnessed before like last week I

[00:08:54] think oh actually to put it into perspective I remember there was a position where we were like one

[00:08:58] up water you know back in heart bleed days it was really year and at the moment I think this year

[00:09:06] alone we're at about 13 13 14 now because there's another one to recently I think there was a

[00:09:13] fortinet issues last week and so you think wow okay 14 already this year that's like just to touch

[00:09:20] over one a week yeah that's that's something that we've never witnessed and never experienced before

[00:09:26] and of course it does mean that we've got to change the way that we approach how to protect

[00:09:33] you know our businesses and our livelihoods really because that that's what we're talking about

[00:09:38] and you mentioned those dark web shops there and of course the ease of hiring skilled individuals

[00:09:44] from the dark web has been a game changer for some of these ransom work groups that we're talking

[00:09:48] about so how do you see this impacting the future of cyber crime and again you've talked about

[00:09:54] the scale of the problem what measures should be taken to counteract this trend so yeah it was

[00:10:00] 2013 actually I wrote a paper called cyber crime exposed and at the time I was doing a lot of work

[00:10:08] with with your address still still out with with European cyber crimes enter easy to read

[00:10:14] and the paper focused on this cyber crime as a service or cyber crime kind of ecosystem

[00:10:20] and it was an emerging area so it was you know if you wanted to buy stolen credit cards heck if

[00:10:26] you wanted to put a hit out and somebody like it was all there for you and and trolls or tingles

[00:10:32] the head of EC3 at the time he basically he wrote the forward for me and he said you know today

[00:10:39] you don't need any technical skills to be a cyber criminal you just need a means to pay

[00:10:45] and that was to a team and of course we've seen my apologies that was one of the applications

[00:10:51] I didn't you know we've seen the kind of evolution and growth in this ecosystem where

[00:10:59] you don't need to be technically skilled in order to carry out an attack but I think that kind

[00:11:06] of I think that kind of belies the actual problem which is okay well yes there's a ton of

[00:11:11] attacks where you've got you know individuals that aren't particularly capable that have these

[00:11:17] you know you eyes or these management consoles in order to carry out attacks and they're basically

[00:11:22] spoon fed by by the developers i.e. the criminals but of course what we see though is criminals

[00:11:30] effectively outsourcing operations of an attack to people that are very technically skilled

[00:11:37] which ultimately makes the attack like bigger and more impactful than it could be so like for

[00:11:42] example we talk about ransomware you know in the past okay it was via email well okay well

[00:11:48] you know that's something that we know don't click on links don't pay and so forth but what we see

[00:11:54] in attacks the likes of colonial pipeline for example or the likes of clop you know the ones

[00:11:59] behind the move IT attack what they're doing is is they're breaking into an organization

[00:12:04] they're borrowing themselves inside they're they're effectively exfiltrating or stealing data

[00:12:10] and they're doing this in hours and and that demands a special set of skills so I sound like Liam

[00:12:17] Nissen but it's a very particular set of skills whereby you know somebody breaking into an organization

[00:12:24] doing lateral movement and exfiltrating data is very different to somebody that's writing pieces of

[00:12:29] code in order to encrypt their data and so what that means is that we're seeing a level of innovation

[00:12:37] growing considerably because they have the opportunity to be able to outsource components of

[00:12:43] the attack to people that for example are very good at you know hunting for these O days or you

[00:12:48] know understanding a an environment and yeah taking it over and I think those are some of the

[00:12:55] challenges that we face as we're seeing but one of a better word a professionalization in how

[00:13:02] criminals act and you know the old adage of you know oh somebody in a hoodie and it's in a basement

[00:13:08] yeah that's kind of I would say maybe five to ten years ago really

[00:13:14] then also just expanding on that your work with multiple law enforcement agencies I think that

[00:13:20] also provides a unique insight into the fight against cybercrime and obviously you probably can't

[00:13:25] share too much but is anything you can share around that collaboration between the private sector

[00:13:30] and law enforcement and how that relationship is evolved and what could be done to maybe strengthen

[00:13:36] that partnership well actually and we have to remember that it's also you know the role media plays

[00:13:43] in order because yeah like I think the first one we did was the bee bone botnet so if you have a

[00:13:51] glance just like maybe like you know you can go back it was a few years back and we found a malicious

[00:13:57] downloader that was effectively effectively impacting computers across the globe and what we

[00:14:03] were able to do with law enforcement we were able to seize the infrastructure sinkhole the domain

[00:14:08] and therefore anybody that was infected the you know there was no payload right because we

[00:14:14] act effectively only the infrastructure but of course their computers were still infected so

[00:14:21] what we did was we actually prepared a a virus removal tool specifically for this malware

[00:14:28] and we were able to view how many infections there were and it was incredible because

[00:14:33] our initial estimates were oh you know there's 12 to 15,000 computers across the globe that are

[00:14:38] infected and on day one we had 37,000 computers connected to our sinkhole domains

[00:14:45] well so we quickly went about kind of working with the media to notify everybody across the globe

[00:14:54] and say hey look by the way you know if you get a notification or you've heard about this you

[00:15:01] know just download this free tool it will remove the computer malware from your computer

[00:15:06] and we were able to watch it in real time as to how effective our campaign was

[00:15:11] and the remarkable thing was I think like I kind of expected over the first week to us to go

[00:15:18] from 37,000 a day to like I don't know at least 30,000 but the number barely changed and you know

[00:15:27] and I think these are the challenges that we face which is when we talk about cybersecurity

[00:15:32] I think you kind of touched on it it's like a dark arts it's not you know people think okay well

[00:15:39] if I get infected with a piece of you know computer virus which just makes my computer

[00:15:43] on slower but actually the impact is and it has is often considerably worse I mean I talked about

[00:15:49] the attacks on healthcare you know we saw the colonial pipeline attacks and the attack or

[00:15:55] the impact that it had on you know people's ability to be able to get fuel we saw the impact

[00:16:01] that it had on global meat supply and you know and I think these are the challenges that we face

[00:16:05] which is we're often seen as a kind of extension of the IT in department but if you are impacted

[00:16:14] with ransomware as a company then actually the impact could be I mean it could be catastrophic

[00:16:22] I mean we've seen examples like this and I don't and of course you know I want to be careful not

[00:16:26] to spread like fear uncertainty and doubt but like I think there is this kind of disconnect

[00:16:32] on the impact of cybersecurity and the reality or well you know the perception

[00:16:38] of the reality of sub-security it's not it is not a typical extension of the IT network it has to

[00:16:44] be part of you know the the risk register of make every company across the globe it has to be a

[00:16:49] board discussion and it has to be a political topic whereby if we as a nation are being targeted

[00:16:58] and our businesses are being compromised it would got to be seen as the safest place to do

[00:17:03] this so I think those are some of the things that if I could if I could have a magic wand

[00:17:07] it would be about making sure that the elevated agenda is not just a talking point but we actually

[00:17:14] implement accordingly and if we reflect for a moment on some of those recent ransomware campaigns

[00:17:21] from movie or citizen say for example we've mentioned a few already but what are some of the

[00:17:26] newer tactics that ransomware attackers are employing and how should cyber security strategies

[00:17:32] better adapt to address these evolving methods because it's a constantly moving target so

[00:17:37] like a big game of whack about sometimes isn't it well yeah yeah so you've got the the you know

[00:17:43] the broader question of well you know can we hold people accountable because of course

[00:17:49] you know there are many countries where we don't have you know a mutual legal assistance

[00:17:56] treaty or like all these embellands and there are many people carrying out these attacks

[00:18:01] without any concern about being held accountable because of course they live in countries which

[00:18:08] we don't have the ability to kind of extend our reach into the and so I think look as we think

[00:18:15] about how that's going to evolve well you know quite frankly it was 2030 when I wrote that paper

[00:18:22] cybercrime and there was a statistic I found and I couldn't find it afterwards but I think the

[00:18:29] FBI wrote something like you know the actual number of physical bank robberies are actually

[00:18:34] degreasing yeah and what we're dealing with in the world is where prime is evolving so it's not

[00:18:40] hey you know what's the evolution of of cybercrime actually we'll see evolution of crime and

[00:18:44] subsequently you know the number of you know physical related kind of crimes are decreasing

[00:18:53] and now you can carry out a crime against the country never set foot inside that country

[00:18:58] and therefore never potentially be under the you know within the reach of law enforcement

[00:19:05] from a technical perspective that's that's an issue because you know these individuals I think

[00:19:11] I said to you last year they've made a billion dollars and I remember when like the Gantt Crab crew

[00:19:15] retired they made the statement that they've made two billion dollars now a lot of that goes in

[00:19:20] towards you know luxury goods and and they post stuff on Instagram many of these criminals but you

[00:19:27] know there's a lot of investment going into you know the redevelopment of code and so we think about

[00:19:33] ransomware hey ransomware used to be about encrypting data well actually now it's about exultrating

[00:19:39] data so ransomware wasn't attack on availability now it's an attack on confidentiality now the question

[00:19:46] becomes well okay what are they doing next where's the next area of focus you know one would argue

[00:19:51] maybe they don't be to innovate as much because they're already making you know billions of dollars

[00:19:56] but actually we are becoming more dependent on technology yeah we're leveraging more IoT devices

[00:20:02] and you know and I think we just have to kind of look at this as an area where where they will continue

[00:20:09] to innovate and quite frankly they've got millions of dollars to do it and if any business leader

[00:20:16] listening to our conversation today that maybe you set up a few alarm bells or light bulb moments

[00:20:21] that they are getting I understand the scale of the threat here what would you say are the key

[00:20:26] components of an effective cyber security preparedness and response plan are and that that

[00:20:32] organization should be thinking about and maybe implementing I appreciate it is a huge huge

[00:20:38] question but are there any key components that you can just share with anyone listening

[00:20:42] yes so I think things have changed and you know we can never like like we used to approach it

[00:20:48] from a very binary perspective whereby hey there's a there's a vulnerability we need to apply a patch

[00:20:55] and you know monitor you know it used to be security updates on a regular basis difficult cyber hygiene

[00:21:04] but I think the rate and the pace of change and the rate and pace of innovation from threat

[00:21:09] actors means that you know maybe you can't wait for you know the next change control window to

[00:21:15] apply your updates on your environment in maybe what you need to do is just kind of have a strong

[00:21:20] understanding of where your vulnerabilities are what applications you use and then if you gather

[00:21:26] intelligence around okay well we know that this vulnerability has been exploited okay we might need to

[00:21:33] implement security controls or updates in order to protect ourselves I think like

[00:21:38] context now starts to become crucial you know yee and obviously you mentioned sissade

[00:21:44] who you mentioned move it like everything that I'm pushing the team and everything that we're

[00:21:49] publishing and you know we do a lot a consider amount through open source we release an enormous

[00:21:55] amount freely so we have a tachykb we have the loss of raptor you know the df i off technology we

[00:22:03] have and all of this is released freely you know met us blade for example like it's you know the corner

[00:22:08] stone of of the open source community for decades now and and everything we're trying to do now

[00:22:15] was just trying to try to provide that that context and so you know within a tachykb every time

[00:22:20] we publish something what we now do is we now say to people hey by the way this is it this is being

[00:22:26] exploited in the wild so that's a level of context where you say okay well if we are vulnerable to

[00:22:32] this and criminals are exploiting this then what we need to do is put in our security measures or

[00:22:37] updates quicker and faster than we would normally do the other thing we're doing is we're putting tanks

[00:22:43] into say hey look this is the likely threat group behind it so now if for example it's a ransomware

[00:22:48] well shoot i need to put mechanisms and controls in place to protect myself and i think that this is

[00:22:55] where intelligence and context starts to become absolutely critical you have to balance the

[00:23:03] potential risk against you know the business needs and requirements and i think you know going

[00:23:09] to a business like i said we were at 13 this year alone you know if you went up to the

[00:23:14] change-change control team and said hey we need to bring down our production network our production

[00:23:17] systems 13 times this year alone in the last six weeks chances are you they won't take your

[00:23:27] calls anymore yeah right that would have had a material impact on the cut on a businesses

[00:23:32] in a bottom line and so i think we've got to start to consider the the context and making sure

[00:23:38] that we have the best intelligence and you know what we like for example one of the things we did was

[00:23:43] we provided free threat hunting rules so if you wanted to know hey was i you know was

[00:23:51] was there any evidence of my network being compromised by the club ransomware group

[00:23:56] we've provided free threat hunting rules for you to look for that and then of course we provided

[00:24:00] you know new rules that told you what had been exultated and again that was released freely and so

[00:24:05] I think it's about finding those information sources that you know credibly add to your triage process

[00:24:13] around how you manage and how you handle risk and then you have the opportunity

[00:24:18] to be able to be quicker and faster and actually more effective and I think that

[00:24:22] that has to be the bottom line with regards to how you approach

[00:24:26] risk in an organization it's not security it's it is risk right that's effectively what we're

[00:24:31] talking about 100% and i also think if we look in our personal eyes i think most people

[00:24:37] say i would hope or everyone has this almost inherent street wise vigilance when you go out at

[00:24:42] night how you carry valuables etc but now those bad guys are now committing those same crimes

[00:24:47] online many users don't have that education or cyber defense lesson almost and i think much

[00:24:53] that is down to education and we need more than that annual compliance training exercise where you

[00:24:59] just take next next next and then you're done for another year so how important

[00:25:03] it how important is cyber security education in combating things like ransomware and what role do

[00:25:08] you believe it plays when preparing the next generation of cyber security professionals too

[00:25:14] well so for me it was uh so i used to be a cso yeah and you know we we we we invest so much money

[00:25:23] on on awareness and i'm i'm gonna be flamed here but i i don't think it really worked because

[00:25:33] everybody knows about cyber crime everybody knows about you know like my dad for example you know

[00:25:40] my dad got scammed for you know a couple hundred bucks because somebody had managed to grab his

[00:25:46] credit card and was and was um using it to book flights and you know remember i remember getting

[00:25:52] a phone call from my problem from him saying oh yeah look someone stealing money from my credit

[00:25:57] card and i was like have you received any strange calls and he goes yeah i received one from the bank

[00:26:02] and i was like well did you give me a credit card details he goes yeah and i was like put down here

[00:26:07] you know i told you like thousands like i would do this like and and it you know like honestly

[00:26:13] I'm you know i i said the dinner table and i'm not you know the guy that keeps talking about his job

[00:26:17] but often i will talk about these are the types of scams that there are

[00:26:23] but so i don't think there was any issue about awareness because i think people do understand

[00:26:27] about security and cyber security and scams and fraud but there's no

[00:26:34] understanding of the types of campaigns that are going on and you know when i was a cso one of

[00:26:40] the things we did which was really effective was we we recorded because we you know we ran a

[00:26:45] course that we ran multiple call centers and we actually recorded a ton of conversations from

[00:26:50] these scammers trying to extort data out of our call centers and then what we did was we actually

[00:26:56] then you know main those recordings available as part of the training and the induction and we

[00:27:00] regularly repeated it and we actually measured the effectiveness of that because we used to do this

[00:27:05] thing called type of teaming where you know we would actually call the call centers and try

[00:27:09] ourselves and we would be able to measure you know just how strong the the human firewall was

[00:27:16] and actually that was a lot more successful because we were able to contextualize

[00:27:21] that the attack for people to understand because all about here we're all human beings and if

[00:27:28] you've read you know Caldini's work is a site and psychologist around influence you know there

[00:27:32] are subconscious levers that you can use to influence people to do anything you want

[00:27:39] and so they were using these tactics and these techniques and we were able to demonstrate

[00:27:44] and show that and i think then people started to get another standing and so if we start to

[00:27:49] contextualize the issue and we say well okay you know here's a phone call from a bank that's

[00:27:53] clearly fake and listen to what they're asking you for that i think is is a way that we can start

[00:27:59] create that understanding based on your experience and insights into DOP web trends any future

[00:28:06] cyber security threats that you might see on the horizon and anything organizations and individuals

[00:28:11] can do to prepare to defend against them again huge huge question there and the speed of technological

[00:28:18] change it might be as almost impossible to predict what's coming next but is there anything that

[00:28:22] keeps you up at night all that that you're following closely yeah i mean look there there are

[00:28:28] those kind of attacks that that you read and you hear about that you you know that worry

[00:28:35] you're right so for example the you know the deep fake related scam calls where people have been

[00:28:41] contacted by you know their kids saying yeah i'm in trouble send me money why they think of course

[00:28:48] that concerns me and you know we've done a lot of work around adversarial machine learning where we look

[00:28:53] at the the use of machine learning or AI from threat actors in order to carry out attacks but look

[00:29:01] I I think i've been fairly consistent with what i've said in the past which is why do they need to

[00:29:08] invest in machine learning or data scientists when they can break into a company using the

[00:29:14] password password i mean at the moment at the moment you can buy credit cards for less than

[00:29:21] the price of a cup of coffee yeah the moment you can buy credential access into into into major

[00:29:26] organizations for you know for for pounds literally just a few pounds if we if we're gonna succeed

[00:29:36] it's gonna succeed by making it slight it who's gonna succeed by making it more difficult

[00:29:41] and you know we talked a lot about ransomware but that's a perfect example whereby

[00:29:47] we started in a world in which ransomware was emails and encrypting data and as an industry we

[00:29:56] got together we launched no more ransom in a nearly a billion dollars has not gone into the hands

[00:30:01] of criminals because of this innovation because of this collaboration now all of a sudden people

[00:30:08] were told hey don't pay and by the way you know back up your data and if you don't have a backup

[00:30:14] by the way there might be free decryption tools have got nearly what 200 free decryption tools

[00:30:19] available and that's what worked and what that's meant though is threat groups now say well okay

[00:30:27] we're now going to have to innovate and we're not now just going to send email what we'll do is we'll

[00:30:34] compromise RDP well okay we've we've got the advice and the guidance about RDP out people are

[00:30:39] knocking that down more okay so now you're gonna have to go out and do vulnerability research and

[00:30:45] burn out days in order to break into companies and now it's not just about encrypting data it's

[00:30:50] about exfiltrating data so there's that's a really good example of this kind of game of cat and

[00:30:56] mouse where criminals would come out with one tactic we respond as an industry and we effectively

[00:31:03] reduce their efficiency but they will respond they're backed by millions of dollars

[00:31:08] and and we we we respond in kind and so if I think about what the future cybersecurity holds

[00:31:15] and what the future for digital business holds it's an area of continual innovation not just from

[00:31:23] you know big tech companies not just from from organizations but also from criminals because

[00:31:29] they want to keep making money for all this reason you know they don't want to put themselves in

[00:31:34] danger and go into a bank like like they used to like criminals used to like you know decades ago and so

[00:31:40] I'm trying to be positive I'm trying to think of something positive to end with yeah

[00:31:44] and it's I think that's just the reality right you know is it positive I mean probably not saying

[00:31:51] criminals are going to evolve but then so will we well I love chatting with you today sharing

[00:31:55] your insights and your expertise etc and before I let you go I've got a great idea to let us finish

[00:32:02] on a positive note today because of course if you look back throughout your career how you gain

[00:32:07] those experiences and insights none of us are able to achieve any degree of success without

[00:32:12] a little help along the way so is there a particular person that you're grateful towards maybe

[00:32:16] they saw something in you invested a bit of time in you all just played a part in your journey

[00:32:21] helping you get you where you are today who would that person be let's give him a shout out

[00:32:25] well so there's many you know like Ed Gibson for example legal attaché was we was clearly one and

[00:32:33] and the ealy but like the one constant in my life is is my wife you know when I when I finish my

[00:32:40] masters yeah a long time ago I went and did I think like 35 professional exams in everything from

[00:32:48] you know Cisco products to checkpoint products I mean for the first well almost two years of our

[00:32:54] married life we you know I never went out like on a weekend we were ocean gods that he working and

[00:32:58] studying and and she continues to be that rock for me today so you know hopefully she's listening

[00:33:05] and I'll get some extra brownie points but if not it's still she's always been there so yeah it's

[00:33:12] her a lot of beautiful answer the perfect moment to add no but just for anyone listening wanting

[00:33:18] to dig a little bit deeper on anything we talked about today well do you like to point everyone listening

[00:33:23] um can I say Twitter I hate you but x Twitter Twitter LinkedIn I guess um but yes those are probably

[00:33:33] the only social networks I currently use awesome well I'll add links to those platforms and of

[00:33:39] course the rapid seven website and we covered so much in a short amount of time today from the

[00:33:45] number of ransomware attacks not necessarily matter and it should actually be worrying about the

[00:33:50] capabilities of those ransomware actors that we're reading about not to mention zero day vulnerabilities

[00:33:55] have there be an exploited by ransomware attackers and the fluidity of skills to hire on those

[00:34:01] dop where marketplaces that we keep reading about such so many big trends there but we did I not

[00:34:06] a positive no and just a big thank you for sharing your expertise your insights and how businesses

[00:34:12] and organizations can now prepare for some of these attacks and ensure they don't happen keep

[00:34:17] up the big fire at my friend and I'll speak to you again soon thank you so much I think he's

[00:34:23] clear that the battle against ransomware he's far from over but the tactics and strategies

[00:34:28] of cybercriminals is evolving but so are the methods to combat them which is such an important

[00:34:34] part to remember and for me today's conversation has been enlightening to learn more about the complexities

[00:34:40] that surround ransomware along with the critical importance of focusing on the capabilities

[00:34:45] of threat actors rather than the volume of attacks and in a world where cyber threats are becoming

[00:34:51] increasingly sophisticated and I think it's pivotal to try to stay ahead with experts like today's

[00:34:56] guest in guiding the way as we continue to navigate these digital challenges let's collectively

[00:35:03] let's ponder the measures that we can take to bolster our defenses and that also discuss the

[00:35:08] role of collaboration in achieving that much sought after cyber resilience but the question I want

[00:35:15] to put the microphone in front of you now what steps are you taking to protect your digital life

[00:35:20] your world your work and how can we collectively foster a safer cyber environment together please

[00:35:27] share your thoughts and join this conversation by emailing me techblowcry to outlook.com

[00:35:33] with her ex whatever you want to call it LinkedIn Instagram just at Neil C Hughes you'll follow me

[00:35:38] there too but it's time for me to check out now so until next time stay safe stay informed

[00:35:44] and I'll meet you back here tomorrow same time side-clothed bye for now