1
00:00:01,920 --> 00:00:06,640
Speaker 1: Welcome to brain Stuff, production of iHeart Radio, Hey brain

2
00:00:06,720 --> 00:00:11,840
Speaker 1: Stuff Lauren vogelbam here. In March, of Atlanta was hit

3
00:00:11,920 --> 00:00:15,160
Speaker 1: with a ransomware attack that infected nearly three thousand, eight

4
00:00:15,200 --> 00:00:19,440
Speaker 1: hundred government computers belonging to the City of Atlanta, including servers.

5
00:00:20,120 --> 00:00:23,640
Speaker 1: After the virus was deployed, the ransomware essentially locked all

6
00:00:23,640 --> 00:00:28,200
Speaker 1: the infected computers, rendering them impossible to access. Atlanta's court

7
00:00:28,280 --> 00:00:31,560
Speaker 1: system went down. Police were unable to check license plates,

8
00:00:31,680 --> 00:00:36,360
Speaker 1: residents couldn't pay bills online. Just three weeks before Atlanta

9
00:00:36,440 --> 00:00:40,240
Speaker 1: was hit, the small city of Leeds, Alabama, also experienced

10
00:00:40,240 --> 00:00:44,479
Speaker 1: an identical cyber attack, and before Leeds, in January, it

11
00:00:44,560 --> 00:00:47,760
Speaker 1: was the Hancock Regional Hospital in the suburbs of Indianapolis.

12
00:00:49,240 --> 00:00:51,440
Speaker 1: What these three attacks have in common is that they

13
00:00:51,440 --> 00:00:55,600
Speaker 1: were all hit by sam SAM ransomware. Each attack demanded

14
00:00:55,640 --> 00:00:59,000
Speaker 1: around the same amount, about fifty thou dollars in cryptocurrency.

15
00:00:59,720 --> 00:01:03,880
Speaker 1: Hank Hawk Regional Hospital and Leads, Alabama paid the ransom, However,

16
00:01:04,000 --> 00:01:06,920
Speaker 1: the City of Atlanta did not. Instead, it chose to

17
00:01:06,959 --> 00:01:12,040
Speaker 1: pay millions to get its systems back online. A ransomware

18
00:01:12,200 --> 00:01:15,520
Speaker 1: is when a cyber criminal accesses a network of computers,

19
00:01:15,840 --> 00:01:18,680
Speaker 1: encrypts all of the data and extorts the company or

20
00:01:18,800 --> 00:01:23,920
Speaker 1: organization to unlock it, essentially holding the network hostage. Before

21
00:01:23,959 --> 00:01:26,240
Speaker 1: the article of this episode is based on how stuff Works,

22
00:01:26,240 --> 00:01:29,760
Speaker 1: spoke with John Hulquist, vice president of analysis at Mandian

23
00:01:29,840 --> 00:01:34,240
Speaker 1: Threat Intelligence at fire Eye, an intelligence led security company.

24
00:01:34,520 --> 00:01:38,160
Speaker 1: He explained that these attacks are nothing new. However, in

25
00:01:38,200 --> 00:01:41,960
Speaker 1: the first half of the number of organizations impacted by

26
00:01:42,040 --> 00:01:45,200
Speaker 1: ransomware across the globe has more than doubled compared with

27
00:01:46,480 --> 00:01:50,000
Speaker 1: another report identified more than eight hundred extortion attempts that

28
00:01:50,200 --> 00:01:54,040
Speaker 1: likely had data stolen, and the targets are now becoming

29
00:01:54,200 --> 00:01:57,600
Speaker 1: much more high profile. In the US a loan Since April,

30
00:01:57,880 --> 00:02:02,240
Speaker 1: prominent companies like Colonial Pipeline, JBS Foods, the NBA, and

31
00:02:02,400 --> 00:02:07,120
Speaker 1: Cox Media Group have all been hit. Hackers typically access

32
00:02:07,160 --> 00:02:10,680
Speaker 1: networks through phishing attacks, which are emails sent to employees

33
00:02:10,720 --> 00:02:13,680
Speaker 1: tricking them into giving up passwords or clicking on malicious

34
00:02:13,720 --> 00:02:16,640
Speaker 1: links that will download the malware onto the company network.

35
00:02:17,520 --> 00:02:20,640
Speaker 1: A ransomware also looks for other entries into company networks

36
00:02:20,720 --> 00:02:24,120
Speaker 1: via passwords that are easily cracked, like one two three

37
00:02:24,280 --> 00:02:29,360
Speaker 1: q w E, for instance. So why so many and

38
00:02:29,400 --> 00:02:34,560
Speaker 1: why now, hulk Quist explains it like this. Originally, ransomware

39
00:02:34,680 --> 00:02:38,400
Speaker 1: was mostly automated and targeted small systems with vulnerable passwords,

40
00:02:38,480 --> 00:02:42,320
Speaker 1: open networks, and easy entryways. He calls it spray and

41
00:02:42,360 --> 00:02:46,160
Speaker 1: prey quote. The ransomware would go out and hit whatever

42
00:02:46,160 --> 00:02:48,680
Speaker 1: system it could get. The attackers were known to be

43
00:02:48,840 --> 00:02:51,840
Speaker 1: quite friendly. They would unlock the data, even offered discounts

44
00:02:51,880 --> 00:02:55,760
Speaker 1: sometimes and then move on with their life. But then

45
00:02:56,000 --> 00:03:00,440
Speaker 1: things changed. Hull Quist says criminals started making large directed

46
00:03:00,440 --> 00:03:04,720
Speaker 1: attacks on bigger companies with more money, and ransom's skyrocketed

47
00:03:05,320 --> 00:03:09,080
Speaker 1: in Companies paid more than four hundred and six million

48
00:03:09,120 --> 00:03:13,320
Speaker 1: dollars in cryptocurrency and ransom to attackers. Hulk Was said,

49
00:03:13,800 --> 00:03:16,680
Speaker 1: these new targets have to pay out because often they

50
00:03:16,720 --> 00:03:21,160
Speaker 1: are critical infrastructure they have to get back Online. Consumers

51
00:03:21,200 --> 00:03:24,000
Speaker 1: are actually a factor because they are forcing these companies

52
00:03:24,000 --> 00:03:28,080
Speaker 1: to make hasty decisions as far as paying. That was

53
00:03:28,120 --> 00:03:31,079
Speaker 1: the case in the Colonial Pipeline attack. The hack took

54
00:03:31,120 --> 00:03:33,680
Speaker 1: down the largest fuel pipeline in the United States on

55
00:03:33,720 --> 00:03:37,720
Speaker 1: April and prompted mass fuel hoarding across the East Coast.

56
00:03:38,360 --> 00:03:41,240
Speaker 1: CEO Joseph Blount told The Wall Street Journal that the

57
00:03:41,280 --> 00:03:44,240
Speaker 1: company paid the ransom four point four million dollars in

58
00:03:44,240 --> 00:03:48,360
Speaker 1: bitcoin to bring the pipeline back online, but the decryption

59
00:03:48,440 --> 00:03:52,000
Speaker 1: key that the adversaries provided didn't immediately restore all of

60
00:03:52,040 --> 00:03:56,320
Speaker 1: the pipeline systems. The good news for Colonial is that

61
00:03:56,360 --> 00:03:59,040
Speaker 1: the US Department of Justice announced on June seven that

62
00:03:59,080 --> 00:04:02,200
Speaker 1: it recovered six three point seven bitcoins valued at about

63
00:04:02,200 --> 00:04:04,920
Speaker 1: two point three million dollars the Colonial had paid to

64
00:04:04,960 --> 00:04:09,320
Speaker 1: its hackers. Of course, not paying the ransom can be

65
00:04:09,360 --> 00:04:13,120
Speaker 1: just as problematic. Hulk Was said, some of these companies

66
00:04:13,160 --> 00:04:15,640
Speaker 1: don't want to pay, so they forced them to pay

67
00:04:15,720 --> 00:04:18,960
Speaker 1: by leaking their data publicly. That's a proposition that a

68
00:04:19,000 --> 00:04:22,560
Speaker 1: lot of organizations do not want a part of leaked

69
00:04:22,560 --> 00:04:25,440
Speaker 1: emails and other proprietary information, he says, can be far

70
00:04:25,520 --> 00:04:28,840
Speaker 1: more damaging to some companies than simply paying up can

71
00:04:28,880 --> 00:04:31,120
Speaker 1: open them up to legal trouble or end up hurting

72
00:04:31,120 --> 00:04:36,760
Speaker 1: their brand. Other hackers simply demand payment without even installing ransomware.

73
00:04:37,440 --> 00:04:40,000
Speaker 1: That's what happened during the attack on the Houston Rockets

74
00:04:40,000 --> 00:04:43,839
Speaker 1: in April. No ransomware was installed on the NBA team's network,

75
00:04:44,160 --> 00:04:47,320
Speaker 1: but the hacking group threatened to publish contracts and nondisclosure

76
00:04:47,360 --> 00:04:49,800
Speaker 1: agreements that it claims it stole from the team system

77
00:04:50,000 --> 00:04:54,320
Speaker 1: if they didn't pay up. There are several new initiatives

78
00:04:54,400 --> 00:04:56,760
Speaker 1: laid out by the Biden administration in response to the

79
00:04:56,800 --> 00:05:00,840
Speaker 1: Surgeon ransomware attacks. On May twelve, President Biden signed an

80
00:05:00,839 --> 00:05:03,760
Speaker 1: executive order designed to improve the cyber security in the

81
00:05:03,839 --> 00:05:08,040
Speaker 1: federal government networks. Among its executive actions will establish a

82
00:05:08,040 --> 00:05:12,960
Speaker 1: Cybersecurity Safety Review Board modeled after the National Transportation Safety Board.

83
00:05:13,560 --> 00:05:17,000
Speaker 1: The panel will likely include public and private experts who

84
00:05:17,000 --> 00:05:21,279
Speaker 1: will examine cyber instance similar to how the NTSB investigates accidents.

85
00:05:22,560 --> 00:05:25,359
Speaker 1: Biden's team also released an open letter on June two,

86
00:05:25,640 --> 00:05:29,839
Speaker 1: addressed to corporate executives and business leaders, which emphasized that

87
00:05:29,880 --> 00:05:33,159
Speaker 1: the private sector has a responsibility to protect against cyber

88
00:05:33,200 --> 00:05:37,520
Speaker 1: threats and that organizations quote must recognize that note company

89
00:05:37,560 --> 00:05:40,720
Speaker 1: is safe from being targeted by ransomware, regardless of size

90
00:05:40,760 --> 00:05:44,400
Speaker 1: or location. We urge you to take ransomware crimes seriously

91
00:05:44,720 --> 00:05:49,039
Speaker 1: and ensure your corporate cyber defenses match the threat. So

92
00:05:49,080 --> 00:05:51,360
Speaker 1: what can you do to ensure that your network is safe?

93
00:05:52,040 --> 00:05:55,359
Speaker 1: In May, the Cybersecurity and Information Security Agency and the

94
00:05:55,440 --> 00:06:00,000
Speaker 1: FBI released best practices for preventing business disruption from ransomware attacks.

95
00:06:00,680 --> 00:06:03,479
Speaker 1: In IT, they list six mitigations the companies can do

96
00:06:03,600 --> 00:06:08,120
Speaker 1: now to reduce the risk of being compromised by ransomware. First,

97
00:06:08,320 --> 00:06:12,720
Speaker 1: require multi factor authentication for remote access to operational technology

98
00:06:12,880 --> 00:06:17,120
Speaker 1: and I T networks. Second, enables strong spam filters to

99
00:06:17,120 --> 00:06:21,800
Speaker 1: prevent phishing emails, especially emails containing executable files, from reaching

100
00:06:21,880 --> 00:06:26,359
Speaker 1: end users. A Third, implement a user training program and

101
00:06:26,440 --> 00:06:30,159
Speaker 1: simulated attacks for spear phishing to discourage users from visiting

102
00:06:30,200 --> 00:06:35,320
Speaker 1: malicious websites or opening malicious attachments. Fourth, filter network traffic

103
00:06:35,360 --> 00:06:39,800
Speaker 1: to prohibit communications with known malicious IP addresses. Prevent users

104
00:06:39,839 --> 00:06:43,440
Speaker 1: from accessing malicious websites by implementing URL block lists and

105
00:06:43,600 --> 00:06:49,440
Speaker 1: or allow lists. Fifth, update software including operating systems, applications,

106
00:06:49,440 --> 00:06:52,600
Speaker 1: and firmware on I T network assets and a timely manner.

107
00:06:53,080 --> 00:06:58,359
Speaker 1: Consider using a centralized patch management system. And Sixth, limit

108
00:06:58,400 --> 00:07:02,479
Speaker 1: access to resources over network, especially by restricting remote desktop

109
00:07:02,520 --> 00:07:07,520
Speaker 1: protocol and requiring multi factor authentication. Hul Quist says that

110
00:07:07,560 --> 00:07:09,920
Speaker 1: the entire purpose of the game now is to hit

111
00:07:10,040 --> 00:07:13,000
Speaker 1: a huge target who's likely to pay and one that

112
00:07:13,120 --> 00:07:17,040
Speaker 1: has to pay, and taking critical infrastructure offline is not

113
00:07:17,120 --> 00:07:20,320
Speaker 1: out of the question that he says the US is

114
00:07:20,400 --> 00:07:24,800
Speaker 1: not prepared for. He said, our sophistication is our Achilles

115
00:07:24,880 --> 00:07:28,240
Speaker 1: heal in this space. It makes us more vulnerable to incidents.

116
00:07:28,720 --> 00:07:30,520
Speaker 1: One of the lessons we should be taking from all

117
00:07:30,560 --> 00:07:32,960
Speaker 1: of this is we are not prepared for cyber war,

118
00:07:33,600 --> 00:07:36,200
Speaker 1: but we do know that they've targeted healthcare and other

119
00:07:36,240 --> 00:07:45,720
Speaker 1: critical capabilities. Everybody is learning from this. Today's episode is

120
00:07:45,720 --> 00:07:49,080
Speaker 1: based on the article surge in ransomware attacks exposes US

121
00:07:49,120 --> 00:07:52,440
Speaker 1: cyber vulnerabilities on house to works dot com, written by

122
00:07:52,440 --> 00:07:55,600
Speaker 1: Sarah Glin. Brain Stuff is production by Heart Radio and

123
00:07:55,640 --> 00:07:57,760
Speaker 1: partnership with house to works dot Com, and it's produced

124
00:07:57,760 --> 00:08:01,040
Speaker 1: by Tyler Klein. For more podcasts my heart Radio, visit

125
00:08:01,080 --> 00:08:03,600
Speaker 1: the i heart Radio app, Apple Podcasts, or wherever you

126
00:08:03,640 --> 00:08:16,080
Speaker 1: listen to your favorite shows. H