china announced it was teaming up with russia to build a research base on the moon within the next 2 decades. the crew on board the can go are under a lot of pressure. the mission has begun just days before the chinese communist party is 100 year and a bursary on the 1st of july. and the government wants to uphold the country's achievement in space as proof of its success. so there really is no room for error . the astronauts bordered the space station about 7 hours after lifting off from earth. beijing says the can go will function as a floating laboratory and mark a continuous chinese presence in space. so the next 10 years, katrina, you out 0 aging. ah. the top stories are now to 0. he spent a decade in exxon, but for my ivory coast, president law by boy has not returned home. the 1st time since being ousted during the civil war, a small number of loyalists were allowed to gather at the f. 14, a,

b joan to welcome 76 year old back or thousands more lined the streets to catch a glimpse of him. but security is tight across the city. i'm going to do more from amazon for the last one. i was has been supported in buses on cars, on motorcycle moving towards the headquarters just far away from where we are now. and this is telling us they are going to party all night in the midst of excitement. you also hear anger, you hear about prostration. we also hear about the possibility of challenging the party in power yet. just clear is that more is back home 10 years after and the process of recourse, the nation probably could take longer than expected. just to oppose open their concerns, voter turnout and iran's election could hit record lows. president ranita verge

people to cast their ballots. when any vote is a disillusioned after several candidates were blocked from running, struggling economy is also a major issue. canister has recorded its highest number of corona virus deaths in one day since dependence began with 8 groups warning, the situation in the country is firing out of control. 101 people died in the past 24 hours. the international committee of the red cross says cases of reason, 2400 percent in the past month, hong kong largest pro democracy newspaper has warned that press freedom is hanging by a thread. after 5 ritz executives were arrested on the china's national security to police raided apple daily news from the 2nd time in 10 months. substrate stories do stay with us, you know, and i was in the stream is up next morning she after that, why for me

ah ah ah ah. so you attempt to log into your computer and you see this message, your computer has been infected. you have 2 days to pay up that a certain amount of bitcoin, otherwise you will not get access to your computer systems. again, what you saw there is a ransomware attack high on semi okay, you're watching the stream on today's episode. we are looking at the growing number of high profile ransomware attacks and what can be done to stop the cybersecurity expert

lighting up to be on the stream. hello, katie. hello, bryce. hello n k. so good to see katie. introduce yourself to stream audience. tell them who you are and what you do. yes, thanks much for having me. for me. i'm katie nichols and the director of intelligence at higher security company red canary. i'm an instructor for the fans institute as well as a fellow for the atlanta council, a really happy to be here today. happy to have you. hello, price. nice to have you on the stream. introduce yourself to our global audience. i thank you for having me. my name is grace jacobson, the director of operations group and i'm k entity, south task stream audience event for me. thanks for having me. on m. k towel, more field chief security officer for the americas, for palo alto networks and also retired the special agent to handle. so i know you're going to have questions if you're watching on youtube, you can put your questions or comments or concerns to i. cybersecurity experts jump

into the comments section. i'd be part of today show. let me start with katie and, and, and, jeff, this is a question for all of you. i really want to understand what actually is a run some where attack they take many forms. katie used on yeah, i think what you brought up the beginning of the show, a great example last are and there's this message and ransomware attack as an adversary logs into a network, they gain illegitimate access. and they basically say, unless you pay us, you can't get your files back. that's a traditional ransomware attack, but what we've seen as these adversaries are changing things up a little bit. and so for example, increasingly in the past few months and years. so we've seen that adversaries aren't just encrypting files, right, making them unavailable. they're also stealing them and saying, unless your company pays us, we're going to leak these files to the internet. so those are 2 key types of rants, more attacks. but i've, you said it's sort of

a complex space and at some point you were leaving cyber security for san francisco, f b. i say, you know, all about runs, where attacks and the early days of ransomware attacks as well, who is doing you bet. so the prevalence of ransomware attacks comes both from individuals who are engaged in delivering this kind of malicious script onto computer systems, but also groups that have banded together and are using their skills assets and resources to target industries and individuals. because frankly what we've seen in terms of ran to where a tax is a vibrant business model that quite frankly works for the adversary. these folks make a ton of money off of these engagements. i'm just looking bryce at some of the the stories that we've been able to find around the world here are my laptop to can schools close off the ransomware attack? fiber attack leads to computer system failure humber river hospital impacting

patient care that is terrifying. california city computer system down for weeks and ransomware attack there, there are so many more i could keep going on and on. what are the attacks that you've seen that really stand out to you? yeah, to group, since we've seen attacks across across industries, across size companies, we see everything from organizations that are nonprofits working on cancer research, to large fortune, 100 companies that have have been totally shut down by ransomware incident. we are the ones that really send out to me are the calls that we get from small business owners that you know, they're facing a potentially business ending event. when they log on to their computer and see that you showed at the beginning of birth, i would jump in here and add the now i see schools and hospitals are often

highlighted and we've read about those in the news. those are the ones that make me really, really angry. there was one compromise in particular in the fall, but i remember very well because my team of the friday and late october. and we saw the start of a suspected ransomware attack on a hospital. but a lot of people don't realize is it, these attacks are there for after get in the network somehow they move around. and so my team was really fortunate. we were able to see the adversary of kind of getting in and starting to move, actually jump in, communicate with a hospital and stop that before i got to the bad part. and that's an example of something went well, but as you've shown hospitals in school, that's what really makes me a little bit angry. and katy, katy just when you just outlined is one of the things i think that we oftentimes forget and security practice, which is that cyber kill chain, which is the number of steps and processes that the adversary goes through in order

to successfully engage in their attack. as practitioners and as business enterprises begin to pay much more attention, this is still relevant to understand that from a prevention standpoint, if you can enter get activity within the cyber kill chain, ultimately you can prevent these attacks from happening. i want to people an idea of how the issue is and can you really helpful for us because you provided some stat so we could look at them is how to even get details. because maybe not everybody reports. what if a ransomware attack has happened? should they should they know, i want to ask you that in just a moment, but let's just look at the average ranch unpaid triple from 2019 to 2020 and then the highest known page, right. and so these, these figures come from palo alto. so this is a case company you may price and also katie, you may have seen more than that so far this year. we're only in june 15 1000000

dollars, bryce. if you seen higher i personally not higher, 50000000 is the highest i've seen and i can then their work on that title. yeah, i haven't personally either, but one thing i point out about these numbers are for the loop and dope of the problem. and that's something, but, you know, we're asking each other a lot and reporters are asking, and the common average person who 1st heard of ransomware is asking, is this just new problem? well, no, it isn't. just that we're getting more attention on it, right? but it's really tough to know is ran, some were getting worse. i think it is. but how much worse is that then? maybe one month ago, or 6 months ago. and part of what so tough is that no one sees everything. read each of us, have our own visibility, governments around the world, different organizations. not everyone for good reason wants to report that they were a victim. and so that's part of the challenge. the ecosystem is. i think those numbers

might only scrape the surface of what's really happening out there and pay who paid $50000000.00 and k. and so, but before we get to that, i think it's important to put these numbers in the context. i can recall probably 5 years ago, the 1st instance of ransomware being brought to my attention as an executive in the f b i. what we've seen, although the, the tactic and technique has been around for decades. let's be clear on that in terms of the ability of these adversaries to accomplish what it is that they're seeking. but 1st team, the like probably late, 20162017. started to get a lot of attention and those figures that you put up there on the screen from our own unit, 42, which is the palo alto network threat intelligence team. we've seen year over year and increased not just in the repetitive of attacks, but the amounts for which ransomware adversaries are now asking of their victims once they've encrypted their data. this all started out really tackling or

targeting consumers. and as we all know, all of us are consumers, they are probably the least prepared in terms of the preparation of their systems to come back to attacks. but then it grew in terms of scale, once they realize that they could target large scale enterprises, like the health care industry, like the public sector in terms of schools and even cities, as we've seen historically. and the reason that they continue to build on their business model, quite frankly, because it works for them. in those figures. bear that out right, bryce. i want you to have a listen to this digital voice. i'm bringing into our conversation from t c. e strategy. we were wandering here on the stream, how big a deal. a ransomware attack have a listen, have a look, and then come a media of the back of the video. ransomware is simply the single biggest threat that we have the companies today from the cybersecurity standpoint. the profit

model for organized crime to commit ransomware attacks is too strong. it's too inexpensive for them to break into your network and the ransoms that they collect. give them a better return on investment than any other type of criminal activity in 2021. the laws against it are not adequately enforced and they require cooperation of governments around the globe, which is not guaranteed we need to improve our cyber defenses in our prosecution of these criminals, such that the prophet model doesn't exist anymore. there simply is another way to disincentive this type of criminal behavior. yeah, i think he, you know, i agree largely what, what he was saying, you know, it is, it is a business back to what m k was saying, organized individuals that really are operating on business in some cases. this is a really profitable business model. sometimes the, you know, the barrier to entry entry is quite small from dollars perspective. you know, we see ransomware kids available for just a few $1000.00 or a few $100.00 on the, on the dark $1.00. and those kids why, why?

why are they so cheap? yeah. if you shut down someone here to fix them, at least for 2 grand. you so yeah. so the ecosystem in the dark, in the dark. well, go ahead. yeah, that's just as a week. yeah, there's a week groceries there. so it's like why he, he surprised me that how love that the ransom where attack was for go ahead. yeah. and you're not the 1st person that had the same reaction. when we talk about those figures, you know, the dollar amount is up and it depends on the destination of because somebody may be purchasing where the level of support that they're getting from the organization that has created that tool to conduct tax. so there is even a backend support model amongst some of the rates and groups and range from

organizations, which i think just demonstrates exactly how organized these groups are. now i want to return to what the, the video said that you just share. agree that there needs to be more enforcement of was an effective enforcement of last, but the one key piece that i think was kind of brushed numbers. there is the partnership that it pick. often these groups are operating in countries that rightly the united states have a friendly relationship with or does not have a successful system ready to be able to bring the actors to justice. not even in their own country. and without a doubt in the united states, unless there is some sort of extradition treaty, but it is really difficult to enforce the legal mechanisms. and i think that's why we need to start at an industry focusing on prevention and preparedness among organizations, individuals in large scale companies to prevent future attack. we have so many question brian. i'm in there. yeah. can take to, can i, can i put

a question to you because people want to talk to all of you? well, we cybersecurity experts live here on the stream. ok, so brent m 3 how our security forces are unable to obtain decryption tools and able to advise, paying the rent some and able to track the crypto and otherwise unable to do anything helpful that tell you to rebuild your data. that's an assumption that you start and i'm definitely going to go to m k for to pick up. yeah, it, it seems easy to respond to these attacks until you're in the midst of one. you know, it can be very easy to say, well, just back up your data and you know, restore from your backed up data and everything will be fine in reality. first off, most of the encryption that these adversaries use, you simply cannot decrypt it without the key, right? that's the key key part of encryption, so to speak. so it's not as simple as just typing in the right thing. building

those systems, right? you're going to have downtime, and even if you do have backups to restore from, that's going to take time. and that's why you see thing with like, you know, colonial pipeline, their network going down or delays. and so it's not an easy things. security professionals do the best we can, but in, you know, going to comment you made about it's only a couple $100.00 to get some of these, you know, exploit kits toolkit. it's here for 1st period and it is tough to respond to and can want you to pick up here because when and 3 actually the reference the f b i. why call the f b? i do this. what have you been able to do during your career as a cybersecurity expert? you will, leading a team, you will have many other people. what can you do that you can tell them? so a couple of the co speakers have touched on the difficulty that we incur as a society in terms of not just identifying these individuals,

but also then bringing them into the justice system. they can be extremely difficult without the existence of preexisting treaties and diplomatic relations with many of the locations where these adversaries reside. what i did see during my time in the f b i and again, i've been out of the bureau now for a little over 2 years. was a growing technical capability by the f b. i to do much more decisive and substantive work in the area of not just understanding the block chain, which is that the core of the digital currency component of it. but also being able to identify adversaries who are responsible for attacks and subsequently interdicting their activities. and i think case in point we saw in the colonial pipeline incense. and if you go and read the affidavit, which is all that, any of us really have outside of intelligence circles. you realize the capabilities of the bureau and the wider national security agencies to now interdict be able to obtain private keys which were up to this point not available. and then

subsequently be able to trace digital currency transactions so that they could be in a position to retrieve some of that ransom that was offered in the colonial pipeline case. and so the technology capabilities of law enforcement has grown tremendously . i think it will continue to grow, but here's one of the things we got to faith is the fact. technology always precedes the ability of law enforcement and others to really build and be able to deter kermit criminal activity. and so what you see now is the natural evolution of the f, b i, and other national security agencies, really playing catch up to this business model of ransomware. i've got a quick question for you, bryce. this council youtube mind reader says, are there any options to getting back data without paying any money, your negotiator has this happened before it has happened there. it really depends on, on each individual case. so 111 aspect that,

that katie mentioned was, was backups. and that's, you know, a key part of any cyber to your proactive cybersecurity plans. but we've also seen the backups can be encrypted. so if you have a really effective backup, and that's also building or tap and you've now lost that option. another thing that katie compressor doesn't very beginning with this acceleration of data that then is posted by ransomware groups on, on their dark web launch. for lack of better and in those cases, ranken groups are, are posting the data tool to bring the victim back to the negotiating table. there is an option for anybody to go and download that data. so that's one way that they can easily get data back. and we've seen, we've seen that in some of our experiences. we've also seen organizations who have been able to recover data from their partner. so there are some options, but they're very limited. and it really depends on,

on specific cases we did have 11 design firm that worked in the architectural space that was able to recover some of their building plans from public records. and so that was pretty, pretty lucky for them, that that was the majority of the work that they had done and been in the public sphere. but that was, you know, that was, that was a unique case. and that's not an option that's available to everyday. ok, so there's a huge dilemma here if you are driving them. well katie, just excuse me. one moment cuz i want to get to this, we're running out of time. and that the question is, should you pay or not pay? now all of i get the mentioned the clone pipeline, and that's a really important pipeline on the eastern side of the u. s. and that was shut down by ransomware attack pony pipeline. paid up. and here is the c o telling the us senate and the homeland security committee. why he paid?

let's have a listen. have a look. i made the decision to pay and i made the decision to keep the information about the payment is confidential as possible. it was the hardest decision i made in my 39 years in the energy industry. and i know how critical our pipeline is to the country. and i put the interest of the country 1st. i kept the information closely held because we were concerned about operational safety and security and we wanted to stay focused on getting the pipeline back up and running . i believe with all my heart it was the right choice to make k right choice. it's such a tough ethical debate here. my personal opinion is that we should not be out long paying ransoms because i think that it would mess everything up and it would mess up incentives. because if you forbid people from paying and a business is saying, we might go out of business. if we don't pay this ransom, that's, that's

a tough thing. and then they might try to pay and not tell law enforcement about it . so my opinion is it doesn't make sense to outlaw paying ransoms. i can't fault you know, colonial pipeline or anyone else from paying a ransom when your business is on the line. when people's jobs are on the line. that's a really tough thing. at the same time and enabled criminals to keep doing what they're doing. oh goodness, i'm sorry, i don't think out long ransom. and can you have got to be conflicted on this one? why would you let the criminals get away with it? not really conflicted about it. but i will tell you, i mean you could hear the pain and mister blood's voice, as he described what was probably for him, the toughest business decision he had to make. and ultimately, that's what it boils down to. this is a business decision that oftentimes enterprises are forced to make in terms of how it is that you get back to some sense of operability. because ultimately in the

instance of health care, people's lives can be on the line in the instance of the pipeline. we're talking about a critical piece of infrastructure being impacted. and so we understand that it is of course, a business decision. and that's our goal. quite frankly, palo alto networks to help companies and individuals, quite frankly, invest more in the prevention aspects. so they don't find themselves in this position of having to make a decision like whether or not to pay the ransom. prevention is the key here and of course, cooperation between public sector and private sector entities in terms of coming up with frameworks that will allow us to really combat this challenge. i want to bring one more voice into conversation. this voice comes from michael owens. he's the president of the u. s. global center, a cyber policy, some advice for all of us, and then i'm going to get your takeaways as well. his michael government has not billed us when it comes to cybersecurity because they fight against our criminals. and it's actually ransom where are far from over. but now is the time where governments from around the world must truly make cybersecurity

a top priority within their administrations. but at the same time, it can't just be left up to government. we as individuals, small businesses and large corporations all have to ensure that we do one of the things necessary to both mitigate the attacks from happening and also report the detached when they do happen. collectively, this is, this is something that we will continue to fight. but if i make a priority on everyone's agenda, we can move forward and make everyone 2nd f t l p 0. 1 is watching right now and youtube and, and they would like to know how can businesses and others protect themselves from ransomware attacks. i don't need to give away all of your company secrets, just the most important m k. you start? yeah, and i already started this with investment in prevention. you know, a couple of days ago or week ago, the current f b, i director indicated that we should be paying attention to ransomware in the same way that we did the 911 attacks. and i think if i can paraphrase for him when he

was talking about is how organizations really need to prioritize their investment in prevention strategy so that they don't find themselves in a bad way. and so understanding what their environments look like actually taking the time as katy embrace is mentioned, it's not enough just to have backups. can you actually fail to those backups? can you actually restore them? how much time is it going to take in order for you to do that? it's investment in the left hand side of the equation that will make the difference for organizations. and i can't just be talking about it. they have to be doing it right. how do you protect? yeah, absolutely. i couldn't agree more on the focus on internal prevention and be prepared to proactively respond. what we tend to focus on most is external. there we focus on the threats that are external to the organization. networks which are just as important as the per benefit steps that an organization is taking from the cybersecurity perspective. we often see we record earlier, kind of the,

the ransomware life cycle cycle, and it's one. and one important component of that is the initial access that can often be sold on the dark web, where again, not a huge sum of money. and so having an organization or nation have the ability to proactively look outside their network. i don't got a had a final 30 seconds where katie katie was to take away. thank yes, i think the key is security fundamentals. the boring things that you've been hearing about updating your software, things like that, making sure you know what you have connected to the internet. that stuff is basic, but it's not easy. and so organizations doing that, but it's going to take more than just cybersecurity professionals. gonna take policy makers, it's going to take international public, private cooperation. thanks. try to put a dent in this ransomware problem. have a look here on my, on my website here on my laptop. we have katie nichols k d. thank you so much. we have bryce webster jacobson. thank you so much. and m k

powell more. thank you and you too. thanks for your questions. i will see you next time take care. ah ah ah, ah ah ah, allegations of torture emerging under the military cracked in $11.00 east investigate the secret detention. it makes on the defective to reveal lines. one out of the go to the one is a home was kept was what rooms were made. it turned into

a nightmare of a rest in torture by johnson footballing legend. eric can't introduce his cloud. you're somebody. one of the special few stood up for their beliefs, whatever that cost. football rebels on al jazeera, the award winning programming from international. so make it one quick. so right on the back side of the global discussion, what guarantee that liberty the right to 65 life giving voice to the voice here in california. almost everybody's a paycheck away from being on house program that open your eyes. if you, well today, this is what the picture looks like. see the world from a different perspective on houses here. it's more than just a game. it's a way of life. every, every shot,

every don't bring us together. we travel to miles. so we can say we, we flew every night with a game exist uniting and together it's more than just the game. ah, hello, montana and the top stories are now just 0. he spent a decade in exile, but for my ivory coast president law by bo has not returned home for the 1st time since being ousted during the civil war. a small number of loyalists were allowed to gather at the airport and joe, to welcome the 76 year old back. while thousands more lined the streets to catch a glimpse of him. but security is tight across the city with police using tear gas and lie fire to disperse large crowds of supporters.