logo
episode-header-image
Jul 2023
53m 46s

Charl van der Walt on Cyber Extortion

THE LAWFARE INSTITUTE
About this episode

What are the latest trends in the ransomware-as-a-service ecosystem? Since at least May 27, the CL0P ransomware gang has been exploiting a previously unknown vulnerability to exfiltrate data from financial services organizations, energy corporations, government agencies, and even universities. The group appears to be changing tactics—while it was previously known for its use of the “double extortion” tactic of stealing and encrypting victim data, it seems to now be relying mostly on data exfiltration instead.

To discuss the latest changes in the ransomware ecosystem, Eugenia Lostri, Lawfare’s Fellow in Technology Policy and Law, sat down with Charl van der Walt, Head of Security Research at Orange Cyberdefense. Charl is one of the authors of a report analyzing recent cyber extortion activity. They talked about the ransomware-as-a-service ecosystem, the impact the Russian invasion of Ukraine had on ransomware activity in the past year, and what law enforcement is doing to disrupt cybercriminal networks.

Support this show http://supporter.acast.com/lawfare.


Hosted on Acast. See acast.com/privacy for more information.

Up next
Today
Lawfare Daily: The Double Black Box: Ashley Deeks on National Security AI
Lawfare Senior Editor Alan Rozenshtein sits down with Ashley Deeks, the Class of 1948 Professor of Scholarly Research in Law at the University of Virginia School of Law, to discuss her new book, “The Double Black Box: National Security, Artificial Intelligence, and the Struggle f ... Show More
55m 44s
Yesterday
Lawfare Daily: Michael Feinberg on Leaving the FBI
Until late May, Michael Feinberg was a senior FBI counterintelligence agent focused on China. All that changed one weekend, when the Deputy FBI Director found out that he was still friends with a former FBI official who had been fired years ago. In his first interview following h ... Show More
53m 22s
Jul 7
Lawfare Daily: The Offensive Cyber Industry and U.S.-China Relations with Winnona Bernsen
Winnona Bernsen, nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative and founder of DistrictCon, joins Lawfare Contributing Editor Justin Sherman to discuss her recently released report "Crash (Exploit) and Burn: Securing the Offensive Cyber Supply Chain to C ... Show More
40m 19s
Recommended Episodes
Jan 2017
Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow).
In today's podcast, we hear about how the Carbank cyber gang is getting trickier and more ambitious. In other cybercrime news, ransomware takes off after more databases. There's a new ransomware-as-a-service offering in the black market. Emily Wilson from Terbium Labs addresses p ... Show More
21m 24s
Nov 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and ... Show More
27m 56s
Jun 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
The BlackCat gang crosses Reddit’s path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomwar ... Show More
28m 57s
Sep 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy C ... Show More
31m 33s
Sep 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malw ... Show More
33m 28s
Nov 2018
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus b ... Show More
20m 6s
Jun 2022
Updates on the hybrid war: hacktivism and hunting forward. Election security. Trends in phishing. The return of Emotet.
Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-t ... Show More
27m 36s
May 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia I ... Show More
26m 8s
Sep 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. ... Show More
27m 16s
Feb 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Microsoft tallies more than a hundred ransomware gangs. Sandworm's NikoWiper hits Ukraine's energy sector. Mobilizing cybercriminals in a hybrid war. Firebrick Ostrich and business email compromise. Telegram is used for sharing stolen data and selling malware. Crypto scams find t ... Show More
31m 34s
Listen to millions of songs and podcasts on Anghami