ashes, nicole, that will resonate in many countries around the world. so any diagonal al jazeera koala as australia as east coast, could be added to the endangered species list. marsupial is already classed as vulnerable due to logging urban encroachment and disease numbers for leaf and saw that during bush fires earlier last year, scientists wanting the colonaze could disappear from the wild and the eastern states of new south wales by 2050. ah. good fatty headlines here on i was just here, radians of voting and a presidential election that's widely expected to be won by hotline judge. judiciary chief abraham racy, crossed his ballot in southern town. ron opinion polls show that enthusiasm among people is lo, will outgoing president has some honey who can't run again due to term limits is urging people to get out and vote out about to do. lots of these elections are very

important and i invite all citizens to participate. we must not allow the problems that we witness, since people applied to run for candidacy to affect participation in the elections . citizens must realize how important these elections are to their destiny and the fate of the islamic republic. popular participation and broad participation in the elections will lead to the disappointment of the enemy. war violence and human rights violations drove a further 3000000 people from their homes last year. according to the u. n. d report that says the full number of displaced people has reached almost 82 and a half 1000000. it's risen for 9 straight years. coming in, nigeria have reportedly kidnapped at least 80 students and a raid on a school in little west western state of cabbie police say that 5 teachers was abducted and the officer was killed. it's the 3rd mass. kidnapping there in 3 weeks for ivory coast, president lauren bank bows,

returned home 10 years after being expedited for war crimes. he was acquitted by the international criminal court. the charges linked to post election violence in 2011 israel as lost as strikes on garza for the 2nd time in 2 days. it says the targeting of sites was in response to an injury. balloons being sent into southern israel for the 3rd day. it's putting pressure on a cease fire between israel. thomas, uganda is in the grip of its worst cove at 19 outbreak since that time then i began, hospitals are running out of beds. a medical oxygen, industrial manufacturers have been told to make oxygen cylinders, if they can. and zambia has announced 3 days, 3 weeks rather a morning following the death of its founding president kenneth calendar was 97 died of pneumonia. he was considered a father of african independence, others the headlines that he's continues here and i'll just there are often streams coming up next. something was going to change. has anything really changed?

this is systemic violent that needs to be addressed at its core. we are in a race against the variance, know what to say. we are all saying we're looking at the world as it is right now, not the world. we like it to be. the devil is always going to be in the details. the bottom line. i'll just aram, who's the, you attempt to log into your computer and you see this message, your computer has been infected, you have 2 days to pay up with a certain amount of bit coin. otherwise, you will not get access to your computer systems. again, what you saw there is a ransomware attack high on semi okay, you're watching the stream on today's episode, we are looking at the growing number of high profile ransomware attacks. and what can be done to stop in the

cyber security expert lighting up to be on the stream. hello, katie. hello, bryce. hello n k. so good to see you. casey. introduce yourself to stream audience. tell them who you are and what you do. yes, thanks. so much for having me send me, i'm katie nichols and the director of intelligence security company, red canary. i'm an instructor for the fans institute as well as a fellow for the atlanta council. so i really happy to be here today. happy to have you. hello. price, nice to have you on the stream. interesting show south to our global audience. i thank you for having me. my name is grace jacobson, the director of operations group, and i'm k entity, south task stream, audience, a bench for me. thanks for having me. on m. k. tell me more field chief security officer for the americas for palo alto networks and also retired the special agent to handle. so i know you're going to have questions. if you're watching on youtube, you can put your questions or comments or concerns to i. cybersecurity experts.

jump into the comments section. i be part of today show. let me start with katie and jeff, this is a question for all of you. i really want to understand what actually is a run. so where attack they take many forms, case east on. yeah, i think what you brought up the beginning of the show. a great example last are and there's this message. and ransomware attack is when an adversary logs into a network, they gain illegitimate access. and they basically say, unless you pay us, you can't get your files back. that's a traditional ransomware attack. but what we've seen as these adversary is, are changing things up a little bit. and so for example, increasingly in the past few months and years. so we've seen that adversaries aren't just encrypting files, right, making them unavailable. they're also stealing them and saying, unless your company pays us, we're going to leak these files to the internet. so those are 2 key types of ransomware attacks. but i've, you said it's sort of a complex space. and at some point you were leading

a cyber security for san francisco, f b. i say, you know, all about runs, where attacks and the early days of ransomware attacks as well, who is doing you bet. so the prevalence of ransomware attacks comes both from individuals who are engaged in delivering this kind of militia script on to computer systems, but also groups that have banded together and are using their skills assets and resources to target industries and individuals. because frankly, what we've seen in terms of ran to where a tax is a vibrant business model that quite frankly works for the adversary. these folks make a ton of money off of these engagements. i'm just looking at some of the, the stories that we've been able to find around the world here are my laptop to can schools close off the ransomware attack? cyber attack leads to computer system failure. humble river hospital impacting

patient care that is terrifying. california city computer system down for weeks and ransomware attack there, there are so many more i could keep going on and on. what are the attacks that you've seen that really stand out to you? yeah, 2 groups, as we've seen, attractive cross across industries across size companies. we see everything from organizations that are nonprofits working on cancer research, to large fortune, 100 companies that have have been totally shut down by ransomware incident. you know, the ones that really say to me are the call that we get from small business owners that you know, they're facing a potentially business ending event when they log on to their computer and see that you showed at the beginning of that number. if i jump in here and add the now i see schools and hospitals are often highlighted and we've read about those in the news

. those are the ones that make me really, really angry. there was one compromise in particular in the fall, but i remember very well because my team of the friday and late october. and we saw the start of a suspected ransomware attack on a hospital. but a lot of people don't realize that these attacks are there for after get in the network, somehow they move around. and so my team was really fortunate. we were able to see the adversary of kind of getting in and starting to move, actually jump in, communicate with a hospital and stop that before it got to the bad part. and that's an example of something went well, but as you've shown hospitals in school, that's what really makes me a little bit angry and pay katy. katy just when you just outlined is one of the things i think that we oftentimes forget and security practice, which is that cyber kill chain, which is the number of steps and processes that the adversary goes through in order

to successfully engage in their attack. as practitioners and as business enterprises begin to pay much more attention, it is still relevant to understand that from a prevention standpoint, if you can interject activity within the cyber kill chain, ultimately you can prevent these attacks from happening. i want to put an idea of how both the issue is and can you really helpful for us because you provided some stat so we can look at them is how to even get details. because maybe not everybody reports. what if a ransomware attack has happened? should they should they know, i want to ask you that in just a moment, but let's just look at the average ranch and page triple from 2019 to 2020 and then the highest known page, right? and so these, these figures come from palo alto. so this is a case company, you may bryce and also katie. you may have seen more than that so far this year. we're only in june 15 1000000 dollars,

bryce. if you seen higher i personally not higher. 50000000 is, is the highest that i've seen, and i commend their work on that title. yeah, i haven't personally either, but one thing i point out about these number for, for loop and dope of this problem. and that's something, but, you know, we're asking each other a lot and our partners are asking, and the common average person who 1st heard of ransomware is asking, is this new problem or no, it isn't just that we're getting more attention on it. right. but it's really tough to know is rents and we're getting worse. so i think it is, but how much worse of that than maybe one month ago or 6 months ago. and part of what so tough is that no one sees everything. re each of us have our own visibility, governments around the world, different organizations. not everyone for good reason wants to report that they were a victim. and so that's part of the challenge. the ecosystem is. i think those numbers

might only scrape the surface of what's really happening out there and pay who paid $50000000.00 and k. and so before we get to that, i think it's important to put these numbers in the context. i can recall probably 5 years ago, the 1st instance of ransomware being brought to my attention as an executive in the f b i. what we've seen, although the, the tactic and technique has been around for decades. let's be clear on that in terms of the ability of these adversaries to accomplish what it is that they're seeking. but 1st team, the like probably late, 20162017. started to get a lot of attention and those figures that you put up there on the screen from our own unit, 42, which is the palo alto networks threat intelligence team. we've seen year over year and increased not just in the repetitive of attacks, but the amounts for which ransomware adversaries are now asking of their victims once they've encrypted their data. this all started out really tackling or

targeting consumers. and as we all know, all of us are consumers, they are probably the least prepared in terms of the preparation of their systems to combat attacks. but then it grew in terms of scale, once they realize that they could target large scale enterprises like the health care industry, like the public sector in terms of schools and even cities, as we've seen historically. and the reason that they continue to build on their business model, quite frankly, because it works for them. and those figures bear that out. right, bryce. i want you to have a listen to this digital voice. i'm bringing into our conversation from t c. e strategy. we were wandering here on the stream, how big a deal. a ransomware attack have a listen, have a look, and then come a media of the back of the video buys. ransomware is simply the single biggest threat that we have the companies today from the cybersecurity standpoint. the profit model for organized crime to commit ransomware attacks is too strong. it's

too inexpensive for them to break into your network and the ransoms that they collect. give them a better return on investment than any other type of criminal activity in 2021. the laws against it are not adequately enforced and they require cooperation of governments around the globe, which is not guaranteed. we need to improve our cyber defenses in our prosecution. of these criminals, such that the profit model doesn't exist anymore. there simply is another way to disincentive this type of criminal behavior. yeah, i think he said, you know, i agree largely what, what he was saying, you know, it is, it is a business and then back to whatever was saying, the organized individual that really are operating on the business in some cases, this is a really profitable business. model, sometimes the, you know, the barrier to entry entry is quite small. from the dollars perspective. we see ransomware kids available for just a few $1000.00 or a few $100.00 on the, on the dark with a dollar. and those kids why, why?

why are they so cheap? yeah. and he shut down some of them, at least for 2 grand if you so yes. ecosystem in the dark, in the dark. well, go ahead. yeah, that's just ethic of correct. yeah. just the week of groceries. so it's like why he, he supplies me that how that the ransom where a cat was for go ahead. yeah. and you're not the 1st person that had the same reaction. when we talk about those figures, you know, the dollar amount it up and it depends on the dissertation because somebody may be purchasing where the level of support that they're getting from the organization that has created that tool to conduct attacks. so there is even a back in support model amongst some of the race in

a group rate from organizations, which i think just demonstrates exactly how organized these groups are. now i want to return to what the video said that you just shared. agree that there needs to be more enforcement was an effective unfortunate of lots, but the one key piece that i think was kind of brushed numbers. there is the partnership that it pick. often these groups are operating countries that radically the united states have a friendly relationship with or does not have a successful system ready to be able to bring the actors to justice. not even in their own country, without a doubt in the united states, unless there is some sort of extradition treaty. but it is really difficult to enforce the legal mechanisms. and i think that's why we need to start at an industry focusing on prevention and preparedness among organizations. individuals enlarged your companies to prevent future attack. we have so many question, brian. i'm in there. yeah. can, can i, can i put

a question to you because people want to talk to all of you by the cybersecurity experts live here on the stream. ok, so brent m 3 how all security forces are unable to obtain decryption tools and able to advise, paying the rent some and able to track the crypto and otherwise unable to do anything helpful that tell you to rebuild your data. that's an assumption that you start, and i'm definitely going to go to n k for to pick up. yeah, it, it seems easy to respond to these attacks until you're in the midst of one. you know, it can be very easy to say, well, just back up your data and you know, restore from your backed up data and everything will be fine in reality. first off, most of the encryption that these adversaries use, you simply cannot decrypt it without the key, right? that's the key key part of encryption, so to speak. so it's not as simple as just typing in the right thing. building those systems, right?

you're going to have downtime, and even if you do have backups to restore from, that's going to take time. and that's why you see thing with like, you know, colonial pipeline, their network going down or delays. and so it's not an easy things. security professionals do the best we can, but in, you know, going to a common you made about it's only a couple $100.00 to get some of these. you know, what kits tool kit. it's he for inverse areas and it is tough to respond to. and can want you to pick up here because when and 3 at the reference, the f b, i call the f b, i do this. what have you been able to do during your career as a cybersecurity expert? you were leading a team, you ahead of many other people. what can you do that you can tell? so a couple of the co speakers just touched on the difficulty that we incur as a society in terms of not just identifying these individuals, but also been bringing them into the justice system. that can be extremely

difficult without the existence of preexisting treaties and diplomatic relations with many of the locations where these adversaries reside. what i did see during my time in the f b i and again, i've been out of the bureau now for a little over 2 years. was a growing technical capability by the f b. i to do much more decisive and substantive work in the area of not just understanding the block chain, which is at the core of the digital currency component of it. but also being able to identify adversaries who are responsible for attacks and subsequently interdicting their activities. and i think case in point we saw in the colonial pipeline instance. and if you go and read the affidavit, which is all that, any of us really have outside of intelligence circles. you realize the capabilities of the bureau and the wider national security agencies to now interdict be able to obtain private keys which were up to this point not available. and then

subsequently be able to trace digital currency transactions so that they could be in a position to retrieve some of that ransom that was offered in the colonial pipeline case. and so the technology capabilities of law enforcement has grown tremendously . i think it will continue to grow, but here's one of the things we got to face is the fact technology always precedes the ability of law enforcement and others to really build and be able to deter kermit criminal activity. and so what you see now is the natural evolution of the f, b i, and other national security agencies really playing catch up to this business model of ransomware. i've got a quick question for you bry, this council youtube mind reader says, all that, any options to getting back data without paying any money. you're a negotiator, as this happened before, it had happened, there's a really depends on, on each individual case. so 111 aspect that, that katie mentioned was,

was backups and that's, you know, a key part of any cyber pro cybersecurity plans. but we've also seen the backups can be encrypted. so if you have a really effective backup and that's also building and you've now lost that option . another thing that katie contractures at the very beginning with this acceleration data that then is posted by ransomware groups on, on their dark web logs that are in those cases, random groups are, are posting the data tool to bring the victim back the negotiating table. there is an option for anybody to go and download that data, so that's one way that they can easily get data back. and we've seen, we've seen that in some of our experiences. we've also seen organizations who have been able to recover data from their partner. so there are some options, but they're very limited and it really depends on,

on specific cases. we did have 11 design firm that worked in the architectural space that was able to recover some of their building plans for public record. and so that was pretty, pretty lucky case for them that that was the majority of the work that they had done had been in the public sphere. but that was, you know, that was, that was a unique case. and that's not an option that's available to everyday. ok, so there's a huge dilemma here if you are driving them. well katie, just excuse me, one moment cuz i want to get to this, we're running out of time. and that the question is, should you pay or not pay? now all of, i guess i've mentioned the clone pipeline, and that's a really important pipeline on the eastern side of the u. s. and that was shut down by ransomware attack, polio pipeline. paid up. and here is the c o telling the us senate and the homeland security committee. why he paid? let's have a listen. have

a look. i made the decision to pay and i made the decision to keep the information about the payment is confidential as possible. it was the hardest decision i made in my 39 years in the energy industry. and i know how critical our pipeline is to the country. and i put the interest of the country 1st. i kept the information closely held because we were concerned about operational safety and security and we wanted to stay focused on getting the pipeline back up and running . i believe with all my heart it was the right choice to make k right choice. it's such a tough ethical debate here. my personal opinion is that we should not be out long paying ransoms because i think that it would mess everything up and it would mess up incentives. because if you forbid people from paying and a business is saying, we might go out of business. if we don't pay this ransom bats, that's

a tough thing. and then they might try to pay and not tell law enforcement about it . so my opinion is it doesn't make sense to outlaw paying ransoms. i can't fault you know, colonial pipeline or anyone else from paying ransom when your business is on the line. when people's jobs are on the line, that's a really tough thing. at the same time and enabled criminals to keep doing what they're doing. oh goodness, i'm sorry, i don't think out long ransom and k, you have got to be conflicted on this one. why would you let the criminals get away with it? not really conflicted about it, but i will tell you, i mean you could hear the pain. and mister blunt voice as he described what was probably for him, the toughest business decision he had to make. and ultimately that's what it boils down to. this is a business decision that oftentimes enterprises are forced to make in terms of how it is that you get back to some sense of operability. because ultimately in the instance of health care,

people's lives can be on the line in the instance of the pipeline. we're talking about a critical piece of infrastructure being impacted. and so we understand that it is of course, a business decision. and that's our goal. quite frankly, palo alto networks to help companies and individuals, quite frankly, invest more in the prevention aspects. so they don't find themselves in this position of having to make a decision like whether or not to pay the ransom. prevention is the key here and of course, cooperation between public sector and private sector entities in terms of coming up with frameworks that will allow us to really combat this challenge. i want to bring one more voice into our conversation. this voice comes from michael owens. he's the president of the u. s. global center, a cyber policy, some advice for all of us. and then i'm going to get your takeaways as well. his michael government has billed us when it comes to cyber security because they fight against cyber criminals. and it's actually ransomware are far from over, but now is the time where governments from around the world must truly make

cybersecurity, a top priority within their administration's, whatever same time it can't just be left up to government. we as individuals, small businesses and large corporations all have to ensure that we do one of the things necessary to both mitigate the attacks from happening and also report these attacks when they do happen. collectively, this is, this is something that we will continue to fight. but if i make a priority on everyone's agenda, we can move forward and make everyone season. so s p l, p 01 is watching right now on youtube and, and they would like to know how can businesses and others protect themselves from ransomware attacks? i don't want you to give away all of your company secret system. i've seen pool and what m k, you start? yeah, and i already started this with investment in prevention. you know, a couple of days ago or week ago, the current f b, i director indicated that we should be paying attention to ransomware in the same way that we did the 911 attacks. and i think if i can paraphrase for him when he

was talking about is how organizations really need to prioritize their investment in prevention strategy so that they don't find themselves in a bad way. and so understanding what their environments look like actually taking the time as katy embrace mentioned, it's not enough just to have backups. can you actually fail to those backups? can you actually restore them? how much time is it going to take in order for you to do that? it's investment in the left hand side of the equation that will make the difference for organizations. and i can't just be talking about it. they have to be doing it right. how do you protect? yeah, absolutely. i couldn't agree more on the focus on internal prevention and be prepared to proactively respond. what we tend to focus on most is external. there we focus on the threats that are external to the organization. networks which are just as important as the per benefit steps that an organization is taking from the cybersecurity perspective. we often see we record earlier, the,

the ransomware life cycle cycle, and one in one important component of that is the initial access that can often be sold on the dark web. where again, not a huge sum of money. and so having an organization or condition have the ability to proactively look outside their network. i got i had a final 30 seconds where katie katie was a takeaway. thank yes, i think the key is security fundamentals. the boring things that you've been hearing about updating your software, things like that, making sure you know what you have connected to the internet. that stuff is basic, but it's not easy. and so organizations doing that, but it's going to take more than just cybersecurity professionals, gonna take policymakers, it's going to take international public private cooperation. thanks. try to attend this ransomware problem. have a look here on my, on my web site here on my laptop. we have katie nicholas k, v. thank you so much. we have bright web,

the jefferson. thank you so much. and m k. palmer. thank you and you too. thanks for your questions. i will see you next time. take care. ah . the news news. news. news .

me . 300, he's a danish come and i and international interest in the island built his way. a young ration emerging determine nephew. so that gives me me to wrap that i need to be on faith as student and a politician as they tackle a job issues with that powerful fight for greenland. a witness documentary on al jazeera results even from one is head home was kept, was what rooms were made. it turned into a nightmare of rest and torture by johnson.

footballing legend, eric kent introduces cloud. your temporary, one of the special few stood up for their beliefs. whatever that cost. football rebels on al jazeera. ah, iran, hotline judiciary chief boots and a presidential election to many believe has been tilted in his favor. ah, hello, i have a 3 and again this is i was here alive from also coming out of the rise and the number of global refugee.