It’s been a mixed few weeks if you are in the ransomware game. (If you listen to this podcast we presume you are not a cybercriminal, but do get in touch if you are and leave us your full contact details).
In this episode Rob and Stan look at the hacks that have made the headlines and suggest what can be done to stop it happening to you.
First up for discussion is ransomware-as-a-service malware LockBit hitting ION Trading UK:
“It left scores of brokers unable to process derivative trades and they had to resort to manual methods. Imagine them going back to using spreadsheets to figure out what's going on as far as their trades”
LockBit threatened to publish stolen data unless a ransom was paid and ION Trading did as they were told. Rob and Stan talk about the incident and the potential repercussions.
The episode also looks at a ransomware campaign targeting VMware ESXi technology:
“It's a previously known vulnerability. It's been out there for two years. But the reality is that organizations have been slow in patching it. There was a general warning put out by Italy's National Cybersecurity Agency, warning about a large-scale campaign now exploiting this vulnerability. Thousands of computer servers across Europe and North America could potentially be impacted. And this context is, well if you're not going to patch, we'll take a advantage of that”
But there's also been bad news for the threat actors.
Rob and Stan give their take on the sabotaging of the Hive ransomware group by the FBI and other law enforcement agencies.
“This take down shows that international enforcement against ransomware threat actors is increasing. I think this is a good sign. It may make it more difficult for some of these entities to target organizations in the future, but, they're still ongoing and so it's going to be difficult to truly mitigate this threat if you can't reach those that are behind it.”
There are call backs to other relevant episodes of the Reimagining Cyber podcast:

Episode 12, Brett Thorson, Colonial Pipeline fuels the fire: not the first, not the last, and how to protect for the future
www.buzzsprout.com/2004238/10791017
Episode 2, Jim Routh, Unconventional approaches to improve enterprise resilience
www.buzzsprout.com/2004238/10791027
Episode 27, Shawn Tuma Cyber insurance in the wake of Log4j
www.buzzsprout.com/2004238/10791001
Episode 15, Shawn Tuma – So you’ve been hacked, now what?
www.buzzsprout.com/2004238/10791014
Plus the Galaxy threat actors report
https://publications.cyberres.com/view/679673707/

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com