The Ransomware Files

After 13 episodes and one guest episode, The Ransomware Files project has come to a close.  I want to thank everyone who participated and supported it. I wish this project had come to an end because ransomware was no longer a problem. Unfortunately, that's not the case. It remains one of the internet's greatest crime waves. I hope some of the main motivations I had for this project live on. There should be no shame heaped on organisations that are attacked and held to ransom...

What if you were hired for an office job but ended up negotiating with cybercriminals? There aren’t many rules around the cybercrime known as ransomware, but this is a story about one rule that was definitely broken. By the end it, the path to the truth lead to a place on the other side of the world. It was a place that no one expected and disturbingly, no one wanted to be...

Dain Drake was CEO of United Structures of America, a steel fabrication facility outside of Houston. In June 2019, Dain found himself standing outside an adult boutique in Houston at 10 AM on a Sunday morning. It was closed. He called the owner and pleaded for him to come and open the shop. He needed something inside, which might just save his business – from ransomware...

The Ransomware Files is pleased to host a special guest episode from our friends at Hacked. In mid-April, there was a ransomware attack. It wasn’t against a small business. It wasn’t directed at a large company or even a large city. It was against a country: Costa Rica. The Conti ransomware gang struck more than two dozen government bodies in Costa Rica in a wave of attacks...

Is a practicing cardiologist living in Venezuela also a ransomware mastermind? If U.S. prosecutors are to be believed, Moises Luis Zagala Gonzalez is a cybercriminal polymath. He’s on the FBI’s Most Wanted list for cybercrime, but people who know him say the accusations cannot be true. Zagala is charged in federal court in New York with developing ransomware applications called Jigsaw and Thanos that infected organizations and companies around the word...

The FBI’s Most Wanted list for cybercrime has a recent entry: Moises Luis Zagala Gonzalez. He is a 55-year-old cardiologist living in Ciudad Bolivar, Venezuela. He has a bald head and an earnest smile. In one photo, he wears a doctor’s white overcoat with a stethoscope around his neck. What is this man doing on that list? U.S. prosecutors allege Zagala lead a double life. They allege he’s also a cybercriminal...

Ransomware struck global currency exchange and remittance company Travelex on New Year's Eve 2019. Security Architect Don Gibson was DJing at a friend’s place when the first alerts came in. That night kicked off turbulent period for Don that lasted throughout the rest of the year. His name became publicly linked with the Travelex incident, and the attention was completely undesired...

If software has a dangerous and easy-to-exploit security vulnerability, should its maker tell customers to shut it down until it’s fixed? It’s a tough call, but one that Dutch company Hoppenbrouwers says the software vendor Kaseya should have undertaken last year to prevent a massive supply-chain attack executed by the REvil ransomware gang. The gang had uncovered flaws in Kaseya's Virtual Systems Administrator product that Kaseya was racing to patch...

Rockford Public Schools in Illinois was infected with the Ryuk ransomware just days after the school year started in September 2019. They had one thought for the suspected Russia-based cybercriminal group at the root of the attack: "Screw them." The attack encrypted upwards of six million files, wrecked applications and locked up servers. But the district refused to pay the ransom and kept classes running while mounting a mighty recovery effort.

Speakers: Jason E...

The REvil ransomware gang's attack against the US software company Kaseya in 2021 is not only amongst the largest ransomware attacks of all time, but it's also one of the most intriguing. It involves the use of zero-day software vulnerabilities known only to a handful of people, a race between attackers trying to snare ransom payments and defenders developing a patch, and a secret operation that hacked back against the REvil hackers...