him to the bed, 82 people, murder, kill quarter. what can i do for you know, what about us? that's why it eric dodge of mister jimmy. haiti hasn't had a new case of cholera and 2 years, but the country has yet to recover with yet another deadly disease on the rise. kristen salumi al jazeera, the united nations. ah . top, i could check on the top stories here now to 0. iranians are out voting to pick their next president. they have a choice between 4 candidates, the conservative head of the judiciary. abraham races widely seen as the front runner with support from hotline is still such a bar. yes, more than tara, from the voters that i've been speaking to here at this mosque pulling station. the ones that have told me who they are voting for. i've only heard one name,

and that is abraham, right? you see the 60 year old, of course, if he is elected as iran, 13 president will be the 1st person who is currently under sanctions as well as the united states sanction. there is a lot of nature because the country has really suffered tremendously over the past 8 years. and many of the people i spoke to in the line up while the standing aligned to vote. they told me the main issue they have right now is very economy. for my ivory coast, president longbow has returned home 10 years after being expedited for war crimes. he was tried and created by the international criminal court, the charges date back to 2010. and he refused to concede defeat after presidential election. israel says it fight the jets of loans to strike some garza targeting how sites it says it was a response to incendiary balloons. being flown into southern israel for 3rd day. it's putting pressure on a ceasefire between israel and hamas came into effect almost a month ago. sam

b as sounding president kenneth county has died age 97. after a short illness, he led the country from independence in 1964, until 1991 has been no less up to the violence in men mar videos posted on social media show most buildings destroyed in my village in the mag way region residence accused the military of firing at them for burning nearly 200 house. and the u. s. supreme court has rejected a challenge to the affordable care act, widely known as obamacare. one of the former president brock obama signature policies. the judges rule, 72, rejecting the republican challenge. and president biden has signed a bill making what's become known as june 18th, the federal holiday congress approved legislation tomorrow, june 19 collaboration of the day when the last and slaves, african americans learned that they were free. so those were the headlines. reduce continues here and to 0 after the stream state you. thanks for watching life and i talked to al jazeera, we can, the army were attacking ringer,

and now they're attacking everyone in me on my do you regret, words like that? we listen absolutely. nigeria with a woman present, it would be great. we meet with global news makers and talk about the stories that matter on, sir, ah, the you attempt to log into your computer and you see this message, your computer has been infected. you have 2 days to pay up with a certain amount of bit coin. otherwise you will not get access to your computer systems. again, what you saw there is a ransomware attack high on semi okay, you're watching the stream on today's episode. we are looking at the growing number of high profile ransomware attacks and what can be done to stop them. ah,

cybersecurity expert lighting up to be on the stream. hello, katy. hello, bryce. hello n k. so good to see katie introduce yourself to i stream audience. tell them who you are and what you do. yes, thanks much for having me. send me. i'm katie nichols and the director of intelligence security company, red canary. i'm an instructor for the fans institute as well as a fellow for the atlanta council. so i really happy to be here today. happy to have you have a price nice to have you on the stream. introduce yourself to our global audience. i thank you for having me. my name is grace jacobson, the director of operations group and tonisha south task stream audience events for me. thanks for having me. on m. k towel, more field chief security officer for the americas for palo alto networks and also a retired f. the i special agent to handle. so i know you are going to have questions. if you're watching on youtube, you can put your questions or comments or concerns to i. cybersecurity experts.

jump into the comment section. i be part of today's show. let me start with katie. and jeff, this is a question for all of you. i really want to understand what actually is a run some where attack they take many forms. katie used on yeah, i think what you brought up the beginning of the greer example last are and there's this message and ransomware attack of an adversary logs into a network. they gain illegitimate access. and they basically say, unless you pay us, you can't get your files back. that's a traditional ransomware attack, but what we've seen as these adversary is, are changing things up a little bit. and so, for example, increasingly in the past few months and years, so we've seen that adversaries aren't just encrypting files, right, making them unavailable. they're also stealing them and saying, unless your company pays us, we're going to leak these files to the internet. so those are 2 key types of ransomware attacks, but i've, you said it's sort of a complex space. and at some point you were leading

a cyber security for san francisco, f b. i say, you know, all about ransomware attacks and the early days of ransomware attacks as well, who is doing that? so the prevalence of ransomware attacks comes both from individuals who are engaged in delivering this kind of malicious script on to computer systems, but also groups that have banded together and are using their skills assets and resources to target industries and individuals. because frankly what we've seen in terms of rants where a tax is a vibrant business model that quite frankly works for the adversary. these folks make a ton of money off of these engagements and just looking bryce at some of the, the stories that we've been able to find around the well here are my laptop to can schools close off the ransomware attack? fiber attack leads to computer system failure, humber river hospital impacting patient care that is terrifying california city

computer system down for weeks and ransomware attack, there are so many more i could keep going on and on. what is the attacks that you've seen that really stand out to you? yeah, so we've seen attacks across, across industries, across size companies. we see everything from organizations that are nonprofits working on cancer research, to large fortune, 100 companies that have been totally shut down by ransomware incident. you know, the ones that really came to me are the call that we get from small business owners not, you know, they're facing a potentially business ending event when they log onto their computers and see that you should be getting them. or if i jump in here and add the now i see schools and hospitals are often highlighted and we've read about those in the news. those are

the ones that make me really, really angry. there was one compromise in particular in the fall. but i remember very well because my team of the friday and late october and we saw the start of a suspected ransomware attack on a hospital. but a lot of people don't realize is that these attacks are there for after get in the network, somehow they move around. and so my team was really fortunate. we were able to see the adversary of kind of getting in and starting to move, actually jump in, communicate with a hospital and stop that before it got to the bad part. and that's an example of something went well, but as you've shown hospitals in school, that's what really makes me a little bit angry and pe katie katie, just when you just outlined is one of the things i think that we oftentimes forget and security practice, which is that cyber kill chain, which is the number of steps and processes that the adversary goes through in order

to successfully engage in their attack. as practitioners and as business enterprises begin to pay much more attention to this and still relevant to understand that from a prevention standpoint, if you can enter get activity within the cyber kill chain, ultimately you can prevent these attacks from happening. i went to an idea of how the issue is and can you are really helpful for us because you provided some stat so we could look at them is how to even get details. because maybe not everybody reports. what if a ransomware attack has happened? should they should they know, i want to ask you that in just a moment, but let's just look at the average ranch and page triple from 2019 to 2020. and then the highest known page, right? and so these, these figures come from palo alto. so this is a case company, you may bryce and also katie, you may have seen more than that so far this year we're only in june 15 1000000

dollars price. if you seen higher i personally not higher, 50000000 is the highest. i've seen them in their work on that title. yeah, i haven't personally either, but one thing i point out about the number for, for the loop and dope of the problem. and that's something, but, you know, we're asking each other a lot and reporters are asking, and the common average person who 1st heard of ransomware is asking, is it a new problem or? no, it isn't just but we're getting more attention on it. right. but it's really tough to know is rents from we're getting worse? i think it is, but how much worse of that than maybe one month ago or 6 months ago. and part of what so tough is that no one sees everything. re each of us have our own visibility, governments around the world, different organizations. not everyone for good reason wants to report that they were a victim. and so that's part of the challenge. the ecosystem is. i think those numbers

might only scrape the surface of what's really happening out there and pay who paid $50000000.00 and k. and so, but before we get to that, i think it's important to put the numbers in the context. i can recall probably 5 years ago, the 1st instance of ransomware being brought to my attention as an executive in the f b. i. what we've seen your although the, the tactic and technique has been around for decades. let's be clear on that in terms of the ability of these adversaries to accomplish what it is that they're seeking. but 1st team, the light, probably late, 20162017. started to get a lot of attention and those figures that you put up there on the screen from our own unit, 42, which is the palo alto network threat intelligence team. we've seen year over year in increased not just in the rapidity of attacks, but the amount for which ransomware adversaries are now asking of their victims once they've encrypted their data. this all started out really tackling or

targeting consumers. and as we all know, all of us are consumers, they are probably the least prepared in terms of the preparation of their systems to come back to attacks. but then it grew in terms of scale, once they realize that they could target large scale enterprises, like the health care industry, like the public sector in terms of schools and even cities, as we've seen historically. and the reason that they continue to build on their business model, quite frankly, because it works for them. in those figures. bear that out right, bryce. i want you to have a listen to this digital voice. i'm bringing into our conversation from t c. a strategy. we were wondering here on the stream, how big a deal are ransomware attacks? have a listen, have a look, and then come and meet of the back of the video buys. ransomware is simply the single biggest threat that we have the companies today from the cybersecurity standpoint. the profit model for organized crime to commit ransomware attacks is

too strong. it's too inexpensive for them to break into your network and the ransoms that they collect. give them a better return on investment than any other type of criminal activity in 2021. the laws against it are not adequately enforced and they require cooperation of governments around the globe, which is not guaranteed. we need to improve our cyber defenses in our prosecution. of these criminals, such that the prophet model doesn't exist anymore. there simply is another way to disincentive this type of criminal behavior. yeah, i think he, you know, i agree largely what, what he was saying is they did the business and then back whatever he was saying, the organized individual that really are operating on business in some cases. this is a really profitable business model. sometimes the, you know, the barrier to entry entry is quite small from dollars perspective. you know, we see ransomware kids available for just a few $1000.00 or a few $100.00 on the, on the dark with a dollar. and those kids why, why?

why are they so cheap? yeah. and he shut down some of them. and these guys are too grand. so yeah, so ecosystem in the dark, in the dark. well, go ahead. yeah, that's just as like a week. yeah, just the week of groceries. so it's like why he, he supplies me that how that ransom where a cat was for go ahead. yeah. and you're not the 1st person that had the same reaction. when we talk about those figures, you know, the dollar amount it up and it depends on the sophistication of the kid that somebody may be purchasing where the level of support that they're getting from the organization that has created that tool to conduct tax. so there is even a back in support model amongst some of the arrangement groups and organizations,

which i think just demonstrates exactly how organized these groups are now, want to return to what the, the video that you just share agree that there needs to be more enforcement was an effective enforcement of last, but the one key piece that i think was kind of brush numbers. there is a partnership that at pick often these groups are operating countries that are in the united states that have a friendly relationship with or does not have a successful system ready to be able to bring the actors to justice. not even in their own country, without a doubt in united states, unless there is some sort of extradition treaty. but it is really difficult to enforce the legal mechanisms. and i think that's why we need to start at an industry focusing on prevention and preparedness among organizations. individuals enlarged companies to prevent future act. we have so many question brian. i'm in there. yeah. can, can i can i put

a question to you because people want to talk to all of you? why the cybersecurity experts live here on the stream. ok, so brent m 3 how all security forces are unable to obtain decryption tools and able to advise, paying the rent some and able to track the crypto and otherwise unable to do anything helpful that tell you to rebuild your data. that's an assumption that casey you start and i'm definitely going to go to n k for to pick up. yeah, it, it seems easy to respond to these attacks until you're in the midst of one. you know, it can be very easy to say, well, just back up your data and you know, restore from your backed up data and everything will be fine in reality. first off, most of the encryption that these adversaries use, you simply cannot decrypt it without the key, right? that's the key key part of encryption, so to speak. so it's not as simple as just typing in the right thing. building those systems, right?

you're going to have downtime, and even if you do have backups to restore from, that's going to take time. and that's why you see thing with like, you know, colonial pipeline, their network going down or delays. and so it's not an easy things. security professionals do the best we can, but in, you know, going to a common you made about it's only a couple $100.00 to get some of these. you know, what kits tool kit? it's he for number series and it is talk to respond to and can want you to pick up here because when am 3 at the reference, the f b i why com? yes. by the i do this. what have you been able to do during your career as a cybersecurity expert? you will, leading a team, you ahead of many other people. what can you do that you can tell a couple of the co speakers. it's touched on the difficulty that we incur as a society in terms of not just identifying these individuals, but also been bringing them into the justice system in the extremely difficult,

without the existence of preexisting treaties and diplomatic relations with many of the locations where these adversaries reside what i did see during my time in the f b i and again, i've been out of the bureau now for a little over 2 years. was a growing technical capability by the f b. i to do much more decisive and substantive work in the area of not just understanding the block chain, which is at the core of the digital currency component of it. but also being able to identify adversaries who are responsible for these attacks and subsequently interdicting their activities. and i think case in point we saw in the colonial pipeline incense. and if you go and read the affidavit, which is all that, any of us really have outside of intelligence circles. you realize the capabilities of the bureau and the wider national security agencies to now interdict be able to obtain private keys which were up to this point not available. and then

subsequently be able to trace digital currency transactions so that they could be in a position to retrieve some of that ransom that was offered in the colonial pipeline case. and so the technology capabilities of law enforcement has grown tremendously . i think it will continue to grow, but here's one of the things we gotta face is the fact of technology always precedes the ability of law enforcement and others to really build and be able to deter kermit criminal activity. and so what you see now is the natural evolution of the f, b i, and other national security agencies, really playing catch up to this business model of ransomware. i've got a quick question for you. bryce is counseling youtube mind reader says, are there any options to getting back data without paying any money you, negotiator has this happened before it has happened. there's a really depends on, on each individual. okay. so 111 aspect that that katie mentioned was,

was backups. and that's, you know, a key part of any cyber proactive cyber security plan. but we've also seen the backups can be encrypted. so if you have a really effective backup, and that's also been encrypted and you've now lost that option. another thing that katie contractures at the very beginning with this acceleration data that is posted by ransomware groups on, on their dark web blogs that are in those cases, random groups are, are posting the data tool to bring the victim back the negotiating table. there is an option for anybody to go and download that data, so that's one way that they can accompany we can get data back and we've seen, we've seen that in some of our experiences. we've also seen organizations who have been able to recover data from their partner, so there are some options, but they're very limited and it really depends on,

on specific cases. we did have 11 design firm that worked in the architectural space that was able to recover some of their building plans for public records. and so that was pretty, pretty lucky for them. that that was the majority of the work that they had done and been in the public sphere. but that was, you know, that was, that was a unique case. and that's not an option that's available every day. ok, so that's a huge dilemma. hey, if you are really driving and where are you pack katie? just excuse me. one moment cuz i want to get to this running out of time. and that the question is, should you pay on not pay? now all of i guess have mentioned the clothing pipeline, and that's a really important pipeline on the eastern side of the us as that was shot down by ransomware attack pony pipeline paid up. and here is the c o telling the u. s. senate and the homeland security committee. why he paid? let's have a listen. just have

a look. i made the decision to pay and i made the decision to keep the information about the payment is confidential as possible. it was the hardest decision i made in my 39 years in the energy industry. and i know how critical our pipeline is to the country. and i put the interest of the country 1st. i kept the information closely held because we were concerned about operational safety and security and we wanted to stay focused on getting the pipeline back up and running . i believe with all my heart it was the right choice to make k right choice. it's such a tough ethical debate here. my personal opinion is that we should not be out long paying ransoms because i think that it would mess everything up and it would mess up incentives. because if you forbid people from paying and a business is saying, we might go out of business if we don't pay this ransom. but that's

a tough thing and then they might try to pay and not tell law enforcement about it . so my opinion is it doesn't make sense to outlaw paying ransoms. i can't fault you know, colonial pipeline or anyone else from paying a ransom when your business is on the line. when people's jobs are on the line. that's a really tough thing. at the same time and enabled criminals to keep doing what they're doing. oh goodness, i'm sorry, i don't think out long ransom and k, you have got to be conflicted on this one. why would you that the criminals get away with it? not really conflicted about it. but i will tell you, i mean you could hear the pain and mister blood's voice, as he described what was probably for him, the toughest business decision he had to make. and ultimately, that's what it boils down to. this is a business decision that oftentimes enterprises are forced to make in terms of how it is that you get back to some sense of operability. because ultimately in the instance of health care,

people's lives can be on the line in the instance of the pipeline. we're talking about a critical piece of infrastructure being impacted. and so we understand that it is of course, a business decision. and that's our goal. quite frankly, palo alto networks to help companies and individuals, quite frankly, invest more in the prevention aspects. so they don't find themselves in this position of having to make a decision like whether or not to pay the ransom. prevention is the key here and of course, cooperation between public sector and private sector entities in terms of coming up with frameworks that will allow us to really combat this challenge. i want to bring one more voice into conversation. latoya comes from michael owens. he's the president of the u. s. global center, a cyber policy, some advice for all of us. and then i'm going to get your takeaways as well. his michael government has billed us when it comes to cyber security because they fight against cyber criminals. and it's actually ransomware are far from over, but now is the time where governments from around the world must truly make cyber

security a top priority within their administrations. but at the same time, it can be left up to government. we as individuals, small businesses and large corporations all have to ensure that we do one of the things necessary to both mitigate the attacks from happening and also report these attacks when they do happen. collectively, this is, this is something that we will continue to fight. but if i make a priority on everyone's agenda, we can move forward and make everyone say sake f, f, p l, p 01 is watching right now on youtube and, and they would like to know how can businesses and others protect themselves from ransomware attacks. i don't need to give away all of your company secrets just the most important. what m k you start? yeah, and i already started this with investment in prevention. you know, a couple of days ago or week ago, the current f b, i director indicated that we should be paying attention to ransomware in the same way that we did the 911 attacks. and i think if i can paraphrase for him when he

was talking about his how organizations really need to prioritize their investment in prevention strategies so that they don't find themselves in a bad way. and so understanding what their environments look like actually taking the time as katy embrace has mentioned, it's not enough just to have backups. can you actually fail to those backups? can you actually restore them? how much time is it going to take in order for you to do that? it's investment in the left hand side of the equation that will make the difference for organizations. and i can't just be talking about it. they have to be doing it right. how do you protect? yeah, absolutely. i couldn't agree more on the focus on internal prevention and be prepared to proactively respond. what we tend to focus on most is external. there we focus on the threats that are external to the organizations. networks which are just as important as the per benefit steps that an organization is taking from the cybersecurity perspective. we also see that we record earlier the,

the ransomware lifecycle or rates per tax cycle. and 11 important component of that is the initial access that can often be sold on the dark web, or again, not a huge sum of money. and so having an organization or nation have the ability to proactively look outside their network. i got, i had a final 30 seconds where katie katie was takeaway, thank yes, i think the key is security fundamentals. the boring things that you've been hearing about updating your software, things like that, making sure you know what you have connected to the internet. that stuff is basic, but it's not easy. and so organizations doing that, but it's going to take more than just cybersecurity professionals, gonna take policy makers, it's going to take international public, private cooperation. thanks. try to put it in this ransomware problem. have a look here on my, on my web site here on my laptop. we have katie nicholas, katie. thank you so much. we have bryce webster jacobson. thank you so much. and m

k. palmer. thank you and you too. thanks for your questions. i will see you next time. take care. ah, this is polly. despite being in germany 2nd tier of football, and without a single major trophy to its name, it has become one of the world's most iconic teams. and it's all down to their fans . but for them some poly transcends sports for then football is about politics, protest and music. these fancy themselves in the vanguard of a global struggle against and a phobia inequality, and racism with over $500.00 supporters clubs outside germany. they're able to spread their message far beyond their handbook home. but some police history is far

from innocent. the club is sending out a warning about the rise in popularity of far right parties like the f d. nazis and fascists have no place in san poly today. a face can tell a story without uttering a single word. and knowing going can guide a simple touch, informa, the convent manatee of life. witness through the limbs of the human eye. it's what inspires the witness. documentaries, on out there when the shuts came from the holiday and you heard cracks, we heard some noise which was known as my finale is one in the most dangerous intersections and sought able didn't come in through the front entrance. that was

what happens to people who are shot. they came into the wrong entrance, the nightly pyrotechnics of the funny to turn to the camera man. so that's good l out of here, sorry, a vo holiday. and we'll have on our does era, ah, iranians are choosing the next president, but there are concerns about how many will actually turn up to vote. ah, hello, i'm down, jordan, this is algebra or lie from also coming up support his grade for my president in the wrong bank bow as he returns to ivory coast 10 years after he was expedited on war crimes charges.