so has the frequency of accident. lucy is faced with mounting public pressure. city officials recently harsh and penalties against traffic violations. vanessa was the most unreason. john's law has been reforming the change. that's awesome, but they target the 2 sets of behaviors that are mostly drunk driver and those who repeatedly submit the infraction activists in government. critics see that even with the appropriate public policy in place, safer streets can only be achieved if everyone abides by the rules of the road. manuel, rap alone al jazeera mexico city. ah . flow again, i'm fully back the ball with the headlines on al jazeera, iranian ver voting in a presidential election. that's widely expected to be won by judiciary chief brain bracy. his victory would put hawks in control at a time when the present government just trying to save the nuclear deal and recover

from the pandemic opinion polls show enthusiasm among voters is no earlier outgoing president has no honey who can't run due to time limits edged people to get out and vote out about to lead to these elections are very important and i invite all citizens to participate. we must not allow the problems that we witness, since people applied to run for candidacy to effect participation in the elections . citizens must realize how important these elections are to their destiny and the fate of the islamic republic. popular participation and broad participation in the elections will lead to the disappointment of the enemy. war violence and human rights violations drove another 3000000 people from their homes. last year, that's according to the un here report, which says, a cumulative total of displace people has reached almost $82.00 and a half 1000000 mozambique to gray. me feel pure and africa broad for her region are among the leading sources of new refugee movements. another country with

significant displacement is mar, i see 5 between the military and on slash barely 3 days before collapsing, tens of thousands of fed their homes. the un security council is hearing from the special envoy on me and later today in nigeria. gunmen have reportedly kidnapped at least 80 students in a raid on a school in the northwestern state of cabbie, please say 5 teachers were also abducted and an officer killed. if the 3rd mass kidnapping there in 3 weeks, gangs of men described as founded often stage of action seeking ransom payments. and another rise in corner virus infections in the u. case being blamed on the delta vary and 1st identified in india. a number of hospital admissions is also increasing. as of friday, anyone age 18 and over a can get a coffee, 1900 vaccine. those are the headlines next on al, jazeera of history. something was going to change. has anything really changed?

this is systemic violent that needs to be addressed at its core. we are in a race against the variance, know what to say until we are also looking at the world as it is right now, not the world. we like it to be. the devil is always going to be in the details, the bottom line. i'll just use the you attempt to log into your computer and you see this message. your computer has been infected, you have 2 days to pay up with a certain amount of bit coin. otherwise, you will not get access to your computer systems. again, what you saw there is a ransomware attack on me. okay? you're watching the stream on today's episode, we are looking at the growing number of high profile ransomware attacks and what can be done to stop the

cybersecurity expert lighting up to be on the stream. hello, katie. hello, bryce. hello n k. so good to see you. casey. introduce yourself to stream audience. tell them who you are and what you do. yes, thanks so much for having me. send me. i'm katie nichols and the director of intelligence at security company red canary. i'm an instructor for the fans institute as well as a fellow for the atlanta council. so i really happy to be here today. happy to have you. hello. price. nice to have you on the stream. introduce yourself to our global audience. i thank you for having me. my name is grace jacobson, the director of your opperation group and i'm in tradition south ta stream audience . a event for me. thanks for having me. on m. k towel, more field chief security officer for the americas, for palo alto networks and also a retired f b i special agent to handle. so i know you're going to have questions if you're watching on youtube. you can put your questions or comments or concerns to i.

cybersecurity, experts. jump into the comments section. i be part of today's show. let me start with katie and, and, jeff, this is a question for all of you. i really want to understand what actually is a run some where attack they take many forms used on. yeah, i think what you brought up the beginning of the greer sample last are and there's this message and ransomware attack as an adversary logs into a network, they gain illegitimate access. and they basically say, unless you pay us, you can't get your files back. that's a traditional ransomware attack, but what we've seen is these adversaries are changing things up a little bit. and so, for example, increasingly in the past few months and years. so we've seen that adversaries aren't just encrypting files, right, making them unavailable. they're also stealing them. and saying, unless your company pays us, we're going to leak these files to the internet. so those are 2 key types of rants, more attacks. but as you said, it's sort of a complex space. and at some point you were leaving cyber security for

san francisco, f b, i say, you know, all about rugs were attacked and the early days of ransomware attacks as well, who is doing you that? so the prevalence of ransomware attacks comes both from individuals who are engaged in delivering this kind of malicious script on to computer systems, but also groups that have banded together and are using their skills assets and resources to target industries and individuals. because frankly, what we've seen in terms of ran to where a tax is a vibrant business model that quite frankly works for the adversary. these folks make a ton of money off of these engagements. i'm just looking bright at some of the, the stories that we've been able to find around the well, here are my laptop to can schools close off the run some where attack cyber attack leads to computer system failure. humble river hospital impacts in patient care.

that is terrifying california city computer system down for weeks and ransomware attack there, there are so many more i could keep going on and on. what is the attacks that you've seen that really stand out to you? yes, so we've seen a tax across across industries, across size companies. we see everything from organizations that are nonprofits working on cancer research, to large fortune, 100 companies that have been totally shut down by ransomware incident. you know, the ones that really, to me are the call that we get from small business owners that you know, they're facing a potentially business ending event. when they log onto their computers and see that you showed at the beginning of birth, i would jump in here and add the now i see schools and hospitals are often

highlighted and we've read about those in the news. those are the ones that make me really, really angry. there was one compromise in particular in the fall, but i remember very well because my team of the friday and late october. and we saw the start of a suspected ransomware attack on a hospital. but a lot of people don't realize is it these attacks. but the, for me have to get in the network somehow they move around. and so my team was really fortunate. we were able to see the adversary of kind of getting in and starting to move. actually jump in, communicate with a hospital and stop that before i got to the bad part. and that's an example of something went well, but as you shown hospitals in school, that's what really makes me a little bit angry. and katy, katy just when you just outlined is one of the things i think that we oftentimes forget and security practice, which is that cyber kill chain, which is the number of steps and processes that the adversary goes through in order

to successfully engage in their attack. as practitioners and as business enterprises begin to pay much more attention to this and still relevant to understand that from a prevention standpoint, if you can interject activity within the cyber kill chain, ultimately you can prevent these attacks from happening. i will have an idea of how the issue is and can you really helpful for us because you provided some stat so we could look at them is how to even get details. because maybe not everybody reports . what if a ransomware attack has happened? should they should they know, i want to ask you that in just a moment, but let's just look at the average ranch and paid triple from 2019 to 2020. and then the highest known paid. right. and so these, these figures come from palo alto. so this is a case company, you may bryce and also katie, you may have seen more than that so far this year we're only in june 15 1000000

dollars price. if you seen higher i personally not higher, 50000000 is the highest. i've seen them in their work on that title. yeah, i haven't personally either, but one thing i'd point out about the number for, for the loop and dope of the problem. and that's something that we're asking each other a lot and our partners are asking, and the common average person who 1st heard of ransomware is asking, is this a new problem or no, it isn't. it's just but we're getting more attention on it, right? but it's really tough to know is rents and we're getting worse. so i think it is, but how much worse of that than maybe one month ago or 6 months ago. and part of what so tough is that no one sees everything. re each of us have our own visibility, governments around the world, different organizations. not everyone for good reason wants to report that they were a victim. and so that's part of the challenge. the ecosystem is. i think those numbers

might only scrape the surface of what's really happening out there and and pay who paid $50000000.00 and k. and so, but before we get to that, i think it's important to put these numbers in the context. i can recall probably 5 years ago, the 1st instance of ransomware being brought to my attention as an executive in the f b i. what we've seen year, although the, the tactic and technique has been around for decades. let's be clear on that in terms of the ability of these adversaries to accomplish what it is that they're seeking. but 1st team, the like probably late, 20162017. started to get a lot of attention and those figures that you put up there on the screen from our own unit, 42, which is the palo alto network threat intelligence team. we've seen year over year in increase not just in the repetitive of attacks, but the amounts for which ransomware adversaries are now asking of their victims once they've encrypted their data. this all started out really tackling or

targeting consumers. and as we all know, all of those are consumers they, they are probably the least prepared in terms of the preparation of their systems to come back to attacks. but then it grew in terms of scale, once they realize that they could target large scale enterprises, like the healthcare industry, like the public sector in terms of schools and even cities, as we've seen historically. and the reason that they continue to build on their business model, quite frankly, because it works for them. and those figures bear that out. right, bryce. i want you to have a listen to this digital voice. i'm bringing the entire conversation from key see a strategy. we were wondering, hey, on the stream, how big a deal. a ransomware attack have a listen. have a look, and then come a movie of the back of the video by. ransomware is simply the single biggest threat that we have the companies today from the cybersecurity standpoint. the profit model organized crime to commit ransomware attacks is too strong. it's too

inexpensive for them to break into your network and the ransoms that they collect. give them a better return on investment than any other type of criminal activity in 2021. the laws against it are not adequately enforced and they require cooperation of governments around the globe, which is not guaranteed. we need to improve our cyber defenses in our prosecution. of these criminals, such that the prophet model doesn't exist anymore, there simply isn't another way to disincentive this type of criminal behavior. yeah, i think he, i agree largely that what, what he was saying, you know, it is, it is a business and then back to what m k was saying that organized individuals that really are operating on business in some cases. this is a really profitable business model. sometimes the, you know, the barrier to entry entry is quite small from dollars perspective. you know, we see ransomware kids available for just a few $1000.00 or a few $100.00 on the, on the dark $1.00. and those kids why, why?

why are they so cheap? yeah. he shut down some of them and they go for 2 grand so yeah, so ecosystem in the dark in the dark. well, go ahead. yeah, that's just as like a week. yeah, just the week of groceries. so it's like why he, he supplies me that how that ransom where a cat was for, go ahead. yeah. and you're not the 1st person that's had the same reaction. when we talk about those figures, you know, the dollar amount is often, it depends on the sophistication of because somebody may be purchasing where the level of support that they're getting from the organization that has created that tool to attack. so there is even a back in support model amongst some of the resume groups and some organizations

which i think just demonstrates exactly how organized these groups are now, want to return to what the, the video that you just shared agree that there needs to be more enforcement was an effective enforcement of last, but the one piece that i think was kind of brush numbers. there is a partnership that at pick often these groups are operating in countries that are in the united states and not have a friendly relationship with or does not have a successful system or reading to be able to bring the actors to justice. not even in their own country, without a doubt in the united states, unless there is some sort of extradition treaty. but it is really difficult to enforce the legal mechanisms. and i think that's why we need to start at an industry focusing on prevention and preparedness among organizations, individual enlarge companies to prevent future attacks. we have so many question, brian. i'm in there. yeah. can, can i, can i put

a question to you because people want to talk to all of you by the cybersecurity experts live here on the stream. ok, so brent m 3 how all security forces are unable to obtain decryption tools and able to advise, paying the rent some and able to track the crypto and otherwise unable to do anything helpful that tell you to rebuild your data. that's an assumption that katie, you start and i'm definitely going to go to m k for to pick up. yeah, it, it seems easy to respond to these attacks until you're in the midst of one. you know, it can be very easy to say, well, just back up your data and you know, restore from your backed up data and everything will be fine in reality. first off, most of the encryption that these adversaries use, you simply cannot decrypt it without the key, right? that's the key key part of encryption, so to speak. so it's not as simple as just typing in the right thing. building those systems, right?

you're going to have downtime, and even if you do have backups to restore from, that's going to take time. and that's why you see thing with like, you know, colonial pipeline, their network going down or delays. and so it's not an easy things. security professionals do the best we can, but in, you know, going to a common you made about it's only a couple $100.00 to get some of these. you know, what kits tool kit. it's here for 1st period and it is talk to respond to and can want you to pick up here because when and 3 at the reference, the f b i why call the f b? i do this. what have you been able to do during your career as a cybersecurity expert? you will, leading a team, you ahead of many other people. what can you do that you can tell them? so couple of the co speakers have touched on the difficulty that we incur as a society in terms of not just identifying these individuals, but also been bringing them into the justice system. that can be extremely

difficult without the existence of preexisting treaties and diplomatic relations with many of the locations where these adversaries reside. what i did see during my time in the f b i and again, i've been out of the bureau now for a little over 2 years. was a growing technical capability by the f b. i to do much more decisive and substantive work in the area of not just understanding the block chain, which is at the core of the digital currency component of it. but also being able to identify adversaries who are responsible for these attacks and subsequently interdicting their activities. and i think case in point we saw in the colonial pipeline instance. and if you go and read the affidavit, which is all that, any of us really have outside of intelligence circles. you realize the capabilities of the bureau and the wider national security agencies to now interdict be able to obtain private keys which were up to this point not available. and then

subsequently be able to trace digital currency transactions so that they could be in a position to retrieve some of that ransom that was offered in the colonial pipeline case. and so the technology capabilities of law enforcement has grown tremendously . i think it will continue to grow, but here's one of the things we got to faith is the fact technology always precedes the ability of law enforcement and others to really build and be able to deter kermit criminal activity. and so what you see now is the natural evolution of the f, b i, and other national security agencies really playing catch up to this distance model of ransomware. i've got a quick question for you bry, this council youtube mind reader says, are there any options to getting back data without paying any money? your negotiator has this happened before it has happened. there's a really depends on, on each individual case. so 111 aspect that that katie mentioned was,

was backups. and that's, you know, a key part of any cyber proactive cyber security plan. but we've also seen the backups can be encrypted. so if you really affect the backup and that's also been encrypted and you've now off that option. another thing that katie is that the very beginning with this acceleration of data that that is posted by ransomware groups on, on their dark web blogs for lack of better. and you know, in those cases, ransom grants are, are posting the data tool to bring the victim back to the negotiating table. there is an option for anybody to go and download that data. so that's one way that they can come get data back. and we've seen, we've seen that in some of our experiences. we've also seen organizations who have been able to recover data from their partner. so there are some options, but they're very limited and it really depends on,

on specific cases. we did have 11 designed for that work in architectural space that was able to recover some of their building plans from public records. and so that was pretty, pretty lucky for them, that that was the majority of the work that they had done in the public sphere. but that was, you know, that was, that was a unique case. and that's not an option that's available to everybody. ok, so there's a huge dilemma here. if you are driving and where are you pack katie? just excuse me. one moment cuz i want to get to this running out of time. and that the question is should you pay or not pay? now, all of i guess have mentioned the clone pipeline, and that's a really important pipeline on the eastern side of the u. s. and that was shot down by ransomware attack, polio pipeline paid. and here is the c o telling the us senate and the homeland security committee. why he paid? let's have a listen. have

a look. i made the decision to pay and i made the decision to keep the information about the payment is confidential as possible. it was the hardest decision i made in my 39 years in the energy industry. and i know how critical our pipeline is to the country. and i put the interest of the country 1st. i kept the information closely held because we were concerned about operational safety and security and we wanted to stay focused on getting the pipeline back up and running . i believe with all my heart it was the right choice to make k right choice. it's such a tough ethical debate here. my personal opinion is that we should not be out long paying ransoms because i think that it would mess everything up and it would mess up incentives. because if you forbid people from paying and a business is saying, we might go out of business. if we don't pay this ransom bats, that's

a tough thing. and then they might try to pay and not tell law enforcement about it . so my opinion is it doesn't make sense to outlaw paying ransoms. i can't fault you know, colonial pipeline or anyone else from paying a ransom when your business is on the line. when people's jobs are on the line. that's a really tough thing. at the same time and enabled criminals to keep doing what they're doing. oh goodness, i don't think out long ransom and k, you have got to be conflicted on this one. why would you that the criminals get away with they're not really conflicted about it, but i will tell you, i mean you could hear the pain. and mister blood's voice as he described what was probably for him, the toughest business decision he had to make. and ultimately, that's what it boils down to. this is a business decision that oftentimes enterprises are forced to make in terms of how it is that you get back to some sense of operability. because ultimately, in the instance of health care,

people's lives can be on the line in the instance of the pipeline, we're talking about a critical piece of infrastructure being impacted. and so we understand that it is of course, a business decision. and that's our goal. quite frankly, palo alto networks to help companies and individuals, quite frankly, invest more in the prevention aspects. so they don't find themselves in this position of having to make a decision like whether or not to pay the ransom. prevention is the key here and of course, cooperation between public sector and private sector entities in terms of coming up with frameworks that will allow us to really combat this challenge. i want to bring one more voice into our conversation. latoya comes from michael owens. he's the president of the u. s. global center, a cyber policy. some advice for all of us, and then i'm gonna get you will take away as well. his michael government has billed us when it comes to cyber security because they fight against cyber criminals. and it's actually ransomware are far from over, but now is the time where governments from around the world must truly make cyber

security a top priority within their administrations. but at the same time, it can't be left up to government. we as individuals, small businesses and large corporations all have to ensure that we do one of the things necessary to both mitigate the attacks from happening and also report the to taps when they do happen. collectively, this is, this is something that we will continue to fight. but if i make a priority on everyone's agenda, we can move forward and make everyone season. so f, p l pure water is watching right now on youtube and, and they would like to know how can businesses and others protect themselves from ransomware attacks? i don't need to give away all of your company secrets just the most important. what m k, you start? yeah, and i already started this with investment in prevention. you know, a couple of days ago or week ago, the current f b, i director indicated that we should be paying attention to ransomware in the same way that we did the 911 attacks. and i think if i can paraphrase for him when he

was talking about is how organizations really need to prioritize their investment in prevention strategy so that they don't find themselves in a bad way. and so understanding what their environments look like actually taking the time as katy embrace is mentioned, it's not enough just to have backups. can you actually fail to those backups? can you actually restore them? how much time is it going to take in order for you to do that? it's investment in the left hand side of the equation that will make the difference for organizations. and i can't just be talking about it. they have to be doing it right. how do you protect? yeah, absolutely. i couldn't agree more on the focus on the internal prevention and be prepared to proactively respond. what we tend to focus on most is external. there we focus on the threats that are external to the organization. networks which are just as important as the per benefit steps that an organization is taking from the cybersecurity perspective. we often see we record earlier, the,

the ransomware life cycle cycle, and one in one important component of that is the initial access that can often be sold on the dark web. or again, not a huge sum of money. and so having an organization or condition have the ability to proactively look outside their network. i don't got to head a final 30 seconds where katie katie was to take away. thank yes, i think the key is security fundamentals. the boring things that you've been hearing about updating your software, things like that, making sure you know what you have connected to the internet. that stuff is basic, but it's not easy. and so organizations doing that, but it's going to take more than just cybersecurity professionals, can take policy makers, it's going to take international public, private cooperation. thanks. try to put it in this ransomware problem. have a look here on my, on my web site here on my laptop. we have katie nicholas, k. d. thank you so much. we have bright web, the jackson,

thank you so much and k powell more. thank you and you too. thanks for your questions. i will see you next time. take care ah hold parliamentary elections on june 21. more at state than the result. the countries ranked my troubles at home and beyond its boarded camp. this vote set back on the road to peace and stability. ethiopia, elementary election on al jazeera out there, a world peers into the murky world of state sponsored spyware. and the discovery by al jazeera journalists, 06 technology. smartphones system. is this the new frontier? us think about the institution of exports to break into phones. this is as soon as

we get to find your phone on our 300 years of danish colonization and international interest in the island resorts in gray. a younger generation, emerging, determined, and nephew to meet her wrapper and he'd be on faith as jude and a politician as they tackle age of issues with that powerful fight for greenland. a witness documentary on al jazeera for remediation re molina families. the pain is unbearable for of their relatives were killed last week, doing a military operation ordered by the venezuelan government. security forces accused him of being part of a colombian rebel group and said they died and come, but the neighbors and family members insisted they were innocent,

taken from their homes and executed under pressure venezuela's, defense minister by the me to pay said the on forces were obliged to the friends that come through from irregular groups that added the human rights needed to be respected, and that the events that the order would be investigated. the news. this is al jazeera ah hello money side. this is the news, our life coming up in the next 60 minutes. radians votes for a new president to succeed. how sondra honey, but questions over the future loom, as the country struggled with an ailing economy on a nuclear dale endowed. we'll have a report from a remote jungle camp in the animal where people hide.