1
00:00:01,600 --> 00:00:03,960
Speaker 1: When you're ready to ride Metro, we want you to

2
00:00:03,960 --> 00:00:06,560
Speaker 1: know we're ready for you. Here are just a few

3
00:00:06,600 --> 00:00:08,399
Speaker 1: of the people at Metro to tell you how we're

4
00:00:08,440 --> 00:00:11,320
Speaker 1: doing our part to keep riders safe. We're cleaning like

5
00:00:11,440 --> 00:00:18,360
Speaker 1: never before greatly. You've found half sut of station. No mask,

6
00:00:18,840 --> 00:00:22,200
Speaker 1: no Metro need one. We have a few extras at Metro.

7
00:00:22,520 --> 00:00:25,079
Speaker 1: We're doing our part to keep the DC area moving.

8
00:00:25,320 --> 00:00:27,720
Speaker 1: Find out more at well mata dot com slash doing

9
00:00:27,720 --> 00:00:31,800
Speaker 1: our part. So listen. If you heard about the recent

10
00:00:32,760 --> 00:00:35,879
Speaker 1: wave of ransomware attacks in some small towns in Texas,

11
00:00:36,159 --> 00:00:39,560
Speaker 1: it was hospitals a while ago, UM, and it's coming

12
00:00:39,600 --> 00:00:43,440
Speaker 1: to a business or town near you. Well, we've invited

13
00:00:43,440 --> 00:00:47,600
Speaker 1: on Alan listco is a threat intelligence analyst UM to

14
00:00:47,800 --> 00:00:52,080
Speaker 1: talk about UM ransomware attacks and how they work and

15
00:00:52,120 --> 00:00:54,720
Speaker 1: the rest of it. Alan works, it recorded future Alan.

16
00:00:54,720 --> 00:00:58,680
Speaker 1: How are you good? How are you guys doing today? Terrific? Hey,

17
00:00:58,880 --> 00:01:01,200
Speaker 1: for folks who are not to what's going on, could

18
00:01:01,240 --> 00:01:05,160
Speaker 1: you just explain how a ransomware attack unfold. Say, we're

19
00:01:05,240 --> 00:01:11,160
Speaker 1: we're both working at the City of Pleasantville, Texas. What happens?

20
00:01:11,240 --> 00:01:13,440
Speaker 1: So there are a couple of different ways that it

21
00:01:13,520 --> 00:01:17,000
Speaker 1: generally works. The most common way that we see is

22
00:01:17,240 --> 00:01:20,400
Speaker 1: you click an email, uh you know, it'll look something

23
00:01:20,520 --> 00:01:23,800
Speaker 1: like a uh, do you have an overdue invoice? Click

24
00:01:23,840 --> 00:01:26,640
Speaker 1: on this invoice, or you have a package coming click

25
00:01:26,720 --> 00:01:30,760
Speaker 1: on the the this link to find out when it's arriving.

26
00:01:31,120 --> 00:01:34,319
Speaker 1: And it turns out, instead of being uh, you know,

27
00:01:34,360 --> 00:01:39,080
Speaker 1: an invoice, it's actually malware. It installs the ransomware on

28
00:01:39,200 --> 00:01:42,920
Speaker 1: your system, and then it jumps from your system to

29
00:01:43,000 --> 00:01:46,160
Speaker 1: the rest of the network that you're attached to. So

30
00:01:46,280 --> 00:01:48,400
Speaker 1: if it was just your system would be fairly easy.

31
00:01:48,480 --> 00:01:50,640
Speaker 1: They delete your computer and give you a new one.

32
00:01:51,000 --> 00:01:54,720
Speaker 1: But when it when these ransomware attacks hit hundreds of

33
00:01:54,800 --> 00:01:58,960
Speaker 1: systems in the same organization, then it becomes a crisis.

34
00:01:59,360 --> 00:02:01,760
Speaker 1: And then what what does it look like at that point?

35
00:02:01,760 --> 00:02:04,240
Speaker 1: Does your computer go blank? Do you get an email?

36
00:02:04,320 --> 00:02:05,840
Speaker 1: Or how do you how do you get the word

37
00:02:05,880 --> 00:02:10,000
Speaker 1: that you've been compromising? You owe somebody money, so your

38
00:02:10,040 --> 00:02:13,640
Speaker 1: operating system itself isn't affected. Instead, what it does is

39
00:02:13,680 --> 00:02:17,720
Speaker 1: it encrypts all of the relevant files on your system,

40
00:02:18,040 --> 00:02:23,080
Speaker 1: so your images, your your any word documents or PowerPoint

41
00:02:23,160 --> 00:02:26,919
Speaker 1: documents or spreadsheets. Uh, if you've got databases on your system,

42
00:02:26,960 --> 00:02:29,560
Speaker 1: they all get encrypted, and then it pops up with

43
00:02:29,639 --> 00:02:33,640
Speaker 1: a message saying you've been hit by whatever the ransomware is.

44
00:02:34,400 --> 00:02:36,720
Speaker 1: If you want to get your files back, send me

45
00:02:36,800 --> 00:02:40,920
Speaker 1: bitcoin um. And they often have a little portal that

46
00:02:41,000 --> 00:02:44,200
Speaker 1: you go to. Uh. You give them your their big

47
00:02:44,200 --> 00:02:46,640
Speaker 1: your bitcoin, and then they give you a key so

48
00:02:46,760 --> 00:02:49,359
Speaker 1: you can un encrypt your files. Well, and from my

49
00:02:49,800 --> 00:02:52,160
Speaker 1: reading about this, the guys who do this are pretty

50
00:02:52,160 --> 00:02:55,880
Speaker 1: good in that they make the ransom amount significant, but

51
00:02:56,080 --> 00:03:01,240
Speaker 1: less than you'd probably spend on rebuilding everything. Right, So,

52
00:03:01,639 --> 00:03:05,160
Speaker 1: generally speaking, you're talking, uh you know, so ransoms in

53
00:03:05,200 --> 00:03:08,240
Speaker 1: general have gone up a few years ago. I mean,

54
00:03:08,280 --> 00:03:10,320
Speaker 1: just like anything else you have inflation, they have to

55
00:03:10,360 --> 00:03:17,000
Speaker 1: keep up with their costs. Uh. Uh So you have

56
00:03:17,120 --> 00:03:20,320
Speaker 1: kids in college or something. You don't know, right, college

57
00:03:20,360 --> 00:03:27,560
Speaker 1: is expensive even in Estonia. Um, anyway, go on, certain

58
00:03:28,560 --> 00:03:31,160
Speaker 1: that's okay. Um. So a couple of years ago they

59
00:03:31,160 --> 00:03:34,079
Speaker 1: generally were asking for a few thousand dollars, but now

60
00:03:34,120 --> 00:03:37,080
Speaker 1: the ransoms tend to be in the six figures um,

61
00:03:37,120 --> 00:03:39,960
Speaker 1: so somewhere between a hundred thousand and three hundred thousand

62
00:03:40,040 --> 00:03:43,360
Speaker 1: dollars generally what they're asking just real quick, can we

63
00:03:43,400 --> 00:03:45,720
Speaker 1: go back to the original email you shouldn't have clicked on.

64
00:03:46,320 --> 00:03:49,840
Speaker 1: Are the good ones able to like mimic? I don't know.

65
00:03:49,960 --> 00:03:52,600
Speaker 1: I might get an email from Jack saying, hey, you

66
00:03:52,680 --> 00:03:57,440
Speaker 1: gotta see this story. Are they that good? Yes? So? Um,

67
00:03:58,520 --> 00:04:01,240
Speaker 1: if if it's a target did ransomware attacks, So, if

68
00:04:01,240 --> 00:04:04,280
Speaker 1: they're specifically coming after you, that's exactly the kind of

69
00:04:04,320 --> 00:04:07,200
Speaker 1: tactic that they'll use. We've seen that. We also have

70
00:04:07,320 --> 00:04:10,400
Speaker 1: seen you'll get an email from like the seat that

71
00:04:10,480 --> 00:04:13,640
Speaker 1: looks like it's coming from the CEO of I Heart Radio. Hey,

72
00:04:13,680 --> 00:04:16,440
Speaker 1: I need you to do this for me immediately. Um.

73
00:04:16,920 --> 00:04:20,080
Speaker 1: And of course if you're getting an email from the ceo, uh,

74
00:04:20,360 --> 00:04:23,480
Speaker 1: your your your first involces. Yes, I better do this

75
00:04:23,600 --> 00:04:26,479
Speaker 1: right away without necessarily thinking, Wait, why is he sending

76
00:04:26,480 --> 00:04:30,320
Speaker 1: me an email from a Gmail account or a dot

77
00:04:30,360 --> 00:04:35,360
Speaker 1: areu email address type thing? So, do you have any

78
00:04:35,360 --> 00:04:38,200
Speaker 1: idea how many places this has happened around the country?

79
00:04:38,240 --> 00:04:41,679
Speaker 1: And what the how many how many towns, counties, whatever

80
00:04:41,720 --> 00:04:44,479
Speaker 1: are paying the ransom versus saying screw you, I'm not paying.

81
00:04:44,480 --> 00:04:49,480
Speaker 1: It will start over right. So when we did our research, uh,

82
00:04:49,720 --> 00:04:53,280
Speaker 1: we we found um and we don't know, we don't

83
00:04:53,320 --> 00:04:55,080
Speaker 1: think this is all of them in fact, we know

84
00:04:55,200 --> 00:04:56,760
Speaker 1: it's not all of them because a lot of them

85
00:04:56,800 --> 00:04:59,839
Speaker 1: aren't public they reported, but since two thousand and thirteen,

86
00:05:00,080 --> 00:05:05,119
Speaker 1: sound two hundred and fourteen publicly reported attacks against state

87
00:05:05,160 --> 00:05:08,000
Speaker 1: and local governments. But I don't know if that's ten

88
00:05:08,040 --> 00:05:11,800
Speaker 1: percent or of the total number. That's already a lot

89
00:05:11,880 --> 00:05:13,719
Speaker 1: more than I think most people would have guessed that

90
00:05:13,760 --> 00:05:16,000
Speaker 1: this has happened across the country. Wow, And I can

91
00:05:16,080 --> 00:05:19,000
Speaker 1: understand why people people keep it quiet because you don't

92
00:05:19,000 --> 00:05:23,200
Speaker 1: want to encourage you, right exactly. So one of the

93
00:05:23,240 --> 00:05:25,600
Speaker 1: things that we've seen in our research, first answer your

94
00:05:25,600 --> 00:05:29,280
Speaker 1: previous question, state and local governments are actually better than

95
00:05:29,360 --> 00:05:32,760
Speaker 1: most organizations of paying the ransom and not paying the ransom,

96
00:05:32,760 --> 00:05:36,680
Speaker 1: I should say so. We found report based on public reporting,

97
00:05:36,680 --> 00:05:39,840
Speaker 1: we found about seventeen percent of state and local governments

98
00:05:39,839 --> 00:05:46,000
Speaker 1: pay the ransom versus about of overall ransomware victims. So

99
00:05:46,000 --> 00:05:49,480
Speaker 1: they're actually significantly less likely. And we think that's because

100
00:05:49,520 --> 00:05:52,440
Speaker 1: it's much harder to pay the ransom when you're paying

101
00:05:52,440 --> 00:05:54,520
Speaker 1: it with tax care money. So like if you're a

102
00:05:54,600 --> 00:05:57,359
Speaker 1: bank or you're a hospital that gets hit, that's your

103
00:05:57,440 --> 00:05:59,919
Speaker 1: money that you're paying with. It's much harder to go

104
00:06:00,040 --> 00:06:02,400
Speaker 1: the taxpayers and say, hey, we just gave a hundred

105
00:06:02,400 --> 00:06:06,080
Speaker 1: thousand dollars to some guys in Russia, um to get

106
00:06:06,080 --> 00:06:09,480
Speaker 1: our files back. That that's a much more difficult conversation

107
00:06:09,560 --> 00:06:12,760
Speaker 1: to have. Alan Liska has a company called Recorded Future.

108
00:06:12,800 --> 00:06:16,000
Speaker 1: He's written a couple of books on network security and

109
00:06:16,040 --> 00:06:18,120
Speaker 1: that sort of thing that are more and more important

110
00:06:18,160 --> 00:06:22,000
Speaker 1: these days. Hey, real quick, Uh, if if my town

111
00:06:22,120 --> 00:06:25,760
Speaker 1: gets hit with ransomware, and I don't know, say there's

112
00:06:25,839 --> 00:06:27,719
Speaker 1: like three weeks a month that they're trying to figure

113
00:06:27,720 --> 00:06:30,000
Speaker 1: out what to do or whatever, how does that affect

114
00:06:30,360 --> 00:06:34,400
Speaker 1: taxpayers and citizens? What sort of things get messed up? Well?

115
00:06:34,560 --> 00:06:37,080
Speaker 1: So and and that's been a real problem, and that's

116
00:06:37,080 --> 00:06:40,200
Speaker 1: one of the reasons why attackers are starting to focus

117
00:06:40,240 --> 00:06:45,000
Speaker 1: in on cities and towns because it becomes a big

118
00:06:45,000 --> 00:06:48,360
Speaker 1: deal in the press when this happens. Because constituent services

119
00:06:48,400 --> 00:06:51,920
Speaker 1: are interrupted, so you can't pay your water bill, for example,

120
00:06:51,960 --> 00:06:55,560
Speaker 1: because all of that's digitized. You can't buy a house

121
00:06:55,680 --> 00:06:58,640
Speaker 1: because they can't do title transfers. H if you have

122
00:06:58,680 --> 00:07:00,640
Speaker 1: a court case spending, you may not be able to

123
00:07:00,640 --> 00:07:04,320
Speaker 1: go to that because court dockets get encrypted. When Atlanta

124
00:07:04,440 --> 00:07:07,800
Speaker 1: was hit last year, Hartfield Jackson had to shut down

125
00:07:07,839 --> 00:07:10,280
Speaker 1: their WiFi for a couple of hours because they were

126
00:07:10,280 --> 00:07:14,119
Speaker 1: afraid the ransomware that was spreading was going to jump

127
00:07:14,160 --> 00:07:17,160
Speaker 1: from the city to their WiFi network and then potentially

128
00:07:17,160 --> 00:07:22,239
Speaker 1: to people in the airports. Alan Liska is a threat

129
00:07:22,280 --> 00:07:26,480
Speaker 1: intelligence analysts company has recorded Future. Um, if you need

130
00:07:26,720 --> 00:07:30,080
Speaker 1: this sort of help, we'll have a link Alan so

131
00:07:30,120 --> 00:07:33,200
Speaker 1: that folks can find you and recorded Future really easily.

132
00:07:33,440 --> 00:07:38,680
Speaker 1: But great stuff. Enjoyed the chat. Thanks, thank you very much. Yeah,

133
00:07:38,720 --> 00:07:40,880
Speaker 1: I tell you what man that is. Oh, that's got

134
00:07:40,880 --> 00:07:43,360
Speaker 1: to be a bad feeling. Hey, your files are encrypted.

135
00:07:43,400 --> 00:07:46,240
Speaker 1: Send us a hundred thousand dollars. I think I'm anti

136
00:07:46,320 --> 00:07:48,960
Speaker 1: paying these people. But there was I think it was

137
00:07:49,000 --> 00:07:52,600
Speaker 1: in Pennsylvania. There was a city that instead of paying

138
00:07:53,360 --> 00:07:57,440
Speaker 1: the seventy thousand dollars, they spent several million dollars, right,

139
00:07:57,560 --> 00:07:59,800
Speaker 1: And Allen was talking about going to the taxpayers for that.

140
00:08:00,000 --> 00:08:01,600
Speaker 1: Have any thousand? Well, how do you go to them

141
00:08:01,640 --> 00:08:04,560
Speaker 1: for the several million? Well you don't. It just gets

142
00:08:04,560 --> 00:08:09,360
Speaker 1: built into the money they regularly spend. Yeah, because taxpayers

143
00:08:09,400 --> 00:08:12,040
Speaker 1: are generally I hate to say stupid, but we don't.

144
00:08:12,080 --> 00:08:14,480
Speaker 1: We don't pay enough attention. Yeah, fair enough to where

145
00:08:14,480 --> 00:08:19,360
Speaker 1: our money is spent. Back to paperman, index cards, file cabinets.

146
00:08:19,720 --> 00:08:23,480
Speaker 1: They were able to do it before carbon copy. Carbon

147
00:08:23,600 --> 00:08:30,200
Speaker 1: copies exactly, mimi agraph machines by the telegraph. When you're

148
00:08:30,200 --> 00:08:32,640
Speaker 1: ready to ride Metro, we want you to know we're

149
00:08:32,679 --> 00:08:34,960
Speaker 1: ready for you. Here are just a few of the

150
00:08:34,960 --> 00:08:37,079
Speaker 1: people at Metro to tell you how we're doing our

151
00:08:37,160 --> 00:08:40,320
Speaker 1: part to keep riders safe. We're cleaning like noble before

152
00:08:40,880 --> 00:08:46,520
Speaker 1: half build it greatly. You've found half out of no mask,

153
00:08:47,040 --> 00:08:50,400
Speaker 1: no Metro need one. We have a few extras at Metro.

154
00:08:50,720 --> 00:08:53,240
Speaker 1: We're doing our part to keep the DC area moving.

155
00:08:53,480 --> 00:08:56,079
Speaker 1: Find out more at Wellta dot com slash doing our

156
00:08:56,160 --> 00:08:56,400
Speaker 1: part