logo
episode-header-image
Jul 2023
53m 46s

Charl van der Walt on Cyber Extortion

THE LAWFARE INSTITUTE
About this episode

What are the latest trends in the ransomware-as-a-service ecosystem? Since at least May 27, the CL0P ransomware gang has been exploiting a previously unknown vulnerability to exfiltrate data from financial services organizations, energy corporations, government agencies, and even universities. The group appears to be changing tactics—while it was previously known for its use of the “double extortion” tactic of stealing and encrypting victim data, it seems to now be relying mostly on data exfiltration instead.

To discuss the latest changes in the ransomware ecosystem, Eugenia Lostri, Lawfare’s Fellow in Technology Policy and Law, sat down with Charl van der Walt, Head of Security Research at Orange Cyberdefense. Charl is one of the authors of a report analyzing recent cyber extortion activity. They talked about the ransomware-as-a-service ecosystem, the impact the Russian invasion of Ukraine had on ransomware activity in the past year, and what law enforcement is doing to disrupt cybercriminal networks.

Support this show http://supporter.acast.com/lawfare.


Hosted on Acast. See acast.com/privacy for more information.

Up next
Yesterday
Lawfare Daily: The State of the Spyware Industry with Jen Roberts and Sarah Graham
Jen Roberts, Associate Director of the Atlantic Council’s Cyber Statecraft Initiative, and Sarah Graham, Research Consultant with the Atlantic Council’s Cyber Statecraft Initiative, who are coauthors along with Nitansha Bansal of the recent paper, “Mythical Beasts: Diving Into th ... Show More
37m 58s
Oct 8
Rational Security: The “F*cked by Five” Edition
This week, Scott sat down with his Lawfare colleagues Managing Editor Tyler McBrien, Foreign Policy Editor Daniel Byman, and Public Service Fellow Loren Voss to talk through (somehow only three of) the week’s big national security news stories, including:“The Dream of the ‘90s is ... Show More
1h 24m
Oct 8
Lawfare Daily: How Are the Courts Doing?
On today's podcast, Executive Editor Natalie Orpett is joined by Judge Philip Pro and Judge Jeremy Fogel. Both are retired federal court judges who are members of a new organization, the Article III Coalition, which advocates for an independent judiciary. They talk about how the ... Show More
52m 11s
Recommended Episodes
Jan 2017
Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow).
In today's podcast, we hear about how the Carbank cyber gang is getting trickier and more ambitious. In other cybercrime news, ransomware takes off after more databases. There's a new ransomware-as-a-service offering in the black market. Emily Wilson from Terbium Labs addresses p ... Show More
21m 24s
Nov 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and ... Show More
27m 56s
Jun 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
The BlackCat gang crosses Reddit’s path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomwar ... Show More
28m 57s
Sep 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy C ... Show More
31m 33s
Sep 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malw ... Show More
33m 28s
Nov 2018
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus b ... Show More
20m 6s
Jun 2022
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-t ... Show More
27m 36s
May 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia I ... Show More
26m 8s
Sep 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. ... Show More
27m 16s
Feb 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Microsoft tallies more than a hundred ransomware gangs. Sandworm's NikoWiper hits Ukraine's energy sector. Mobilizing cybercriminals in a hybrid war. Firebrick Ostrich and business email compromise. Telegram is used for sharing stolen data and selling malware. Crypto scams find t ... Show More
31m 34s
Listen to millions of songs and podcasts on Anghami