logo
episode-header-image
Jul 2023
53m 46s

Charl van der Walt on Cyber Extortion

THE LAWFARE INSTITUTE
About this episode

What are the latest trends in the ransomware-as-a-service ecosystem? Since at least May 27, the CL0P ransomware gang has been exploiting a previously unknown vulnerability to exfiltrate data from financial services organizations, energy corporations, government agencies, and even universities. The group appears to be changing tactics—while it was previously known for its use of the “double extortion” tactic of stealing and encrypting victim data, it seems to now be relying mostly on data exfiltration instead.

To discuss the latest changes in the ransomware ecosystem, Eugenia Lostri, Lawfare’s Fellow in Technology Policy and Law, sat down with Charl van der Walt, Head of Security Research at Orange Cyberdefense. Charl is one of the authors of a report analyzing recent cyber extortion activity. They talked about the ransomware-as-a-service ecosystem, the impact the Russian invasion of Ukraine had on ransomware activity in the past year, and what law enforcement is doing to disrupt cybercriminal networks.

Support this show http://supporter.acast.com/lawfare.


Hosted on Acast. See acast.com/privacy for more information.

Up next
Today
Lawfare Daily: The Trials of the Trump Administration, Aug. 22
In a live conversation on YouTube, Lawfare Editor in Chief Benjamin Wittes sat down with Lawfare Senior Editors Anna Bower, and Roger Parloff, and Lawfare contributor James Pearce to discuss the FBI’s execution of a search warrant at John Bolton’s house, a federal judge ruling th ... Show More
1h 33m
Yesterday
Lawfare Archive: Inside Ukraine’s Drone Campaign Against Russia
From August 1, 2024: Anastasiia Lapatina is a Kyiv-based Ukraine Fellow at Lawfare. Marcel Plichta is a Fellow at the Centre for Global Law and Governance at the University of St. Andrews, and a former analyst at the U.S. Department of Defense who currently works as an instructor ... Show More
38m 55s
Aug 23
Lawfare Archive: Domestic Deployment of the National Guard
From May 3, 2024: Over the past several years, governors around the country from both political parties have used their respective National Guards for an increasingly unconventional array of domestic missions, ranging from teaching in public schools to regulating immigration at t ... Show More
1h 22m
Recommended Episodes
Jan 2017
Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow).
In today's podcast, we hear about how the Carbank cyber gang is getting trickier and more ambitious. In other cybercrime news, ransomware takes off after more databases. There's a new ransomware-as-a-service offering in the black market. Emily Wilson from Terbium Labs addresses p ... Show More
21m 24s
Nov 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and ... Show More
27m 56s
Jun 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
The BlackCat gang crosses Reddit’s path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomwar ... Show More
28m 57s
Sep 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy C ... Show More
31m 33s
Sep 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malw ... Show More
33m 28s
Nov 2018
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus b ... Show More
20m 6s
Jun 2022
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-t ... Show More
27m 36s
May 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia I ... Show More
26m 8s
Sep 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. ... Show More
27m 16s
Feb 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Microsoft tallies more than a hundred ransomware gangs. Sandworm's NikoWiper hits Ukraine's energy sector. Mobilizing cybercriminals in a hybrid war. Firebrick Ostrich and business email compromise. Telegram is used for sharing stolen data and selling malware. Crypto scams find t ... Show More
31m 34s
Listen to millions of songs and podcasts on Anghami