After 13 episodes and one guest episode, The Ransomware Files project has come to a close.  I want to thank everyone who participated and supported it. I wish this project had come to an end because ransomware was no longer a problem. Unfortunately, that's not the case. It remains one of the internet's greatest crime waves. I hope some of the main motivations I had for this project live on. There should be no shame heaped on organisations that are attacked and held to ransom. But let's also be open to talking about how these events happen in a constructive way so we can all improve our information security practices. Thank you.

What if you were hired for an office job but ended up negotiating with cybercriminals? There aren’t many rules around the cybercrime known as ransomware, but this is a story about one rule that was definitely broken. By the end it, the path to the truth lead to a place on the other side of the world. It was a place that no one expected and disturbingly, no one wanted to be. Speakers: Renee Dudley, Technology Reporter, ProPublica, and co-author of "The Ransomware Hunting Team"; Jeremy Kirk, Executive Editor, Information Security Media Group. The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records. Other music by Blue Dot Sessions. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

Dain Drake was CEO of United Structures of America, a steel fabrication facility outside of Houston. In June 2019, Dain found himself standing outside an adult boutique in Houston at 10 AM on a Sunday morning. It was closed. He called the owner and pleaded for him to come and open the shop. He needed something inside, which might just save his business – from ransomware. Speakers: Dain Drake, former CEO, United Structures of America; Jeremy Kirk, Executive Editor, Information Security Media Group. A transcript for this episode is here. Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records. Other music by Blue Dot Sessions. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

The Ransomware Files is pleased to host a special guest episode from our friends at Hacked. In mid-April, there was a ransomware attack. It wasn’t against a small business. It wasn’t directed at a large company or even a large city. It was against a country: Costa Rica. The Conti ransomware gang struck more than two dozen government bodies in Costa Rica in a wave of attacks. It was a demonstration of power and bravado with a motivation that appeared to go way beyond the usual aim of collecting a ransom. Speakers: Jordan Bloemen, Co-Host, Hacked; Scott Francis Winder, Co-Host, Hacked; León Weinstock, Director, BLP Legal; Jeremy Kirk, Executive Editor, Information Security Media Group. Follow Hacked on Twitter: @hackedpodcast Follow Hacked on the web: hackedpodcast.com Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records

Is a practicing cardiologist living in Venezuela also a ransomware mastermind? If U.S. prosecutors are to be believed, Moises Luis Zagala Gonzalez is a cybercriminal polymath. He’s on the FBI’s Most Wanted list for cybercrime, but people who know him say the accusations cannot be true. Zagala is charged in federal court in New York with developing ransomware applications called Jigsaw and Thanos that infected organizations and companies around the word. But Zagala’s wife says there’s a reason for her husband’s predicament. How does the evidence stack up against her claim? Speakers: Alexander Mindlin, Assistant United States Attorney, Eastern District of New York; Thomas Holt, Professor, School of Criminal Justice, Michigan State University; Anthony Martino, Director, Northeast Cyber Security Forensics Center, Utica University; Ana Vanessa Herrero, Journalist; Jeremy Kirk, Executive Editor, Information Security Media Group. Sources and transcript for this episode are here. Special thanks to Ana Vanessa Herrero in Caracas for reporting and research that contributed to this episode. Thanks also to ISMG’s Tom Field, David Perera, Alexandra Perez, Mathew Schwartz and Anna Delaney for production assistance. Thank you to Intel471 for sharing cybercrime intelligence useful for this episode. Production Coordinator: Rashmi Ramesh The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records Other original music by Chris Gilbert, Finley Kirk and Jeremy Kirk Additional music by Podcastmusic.com and Uppbeat.io Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

The FBI’s Most Wanted list for cybercrime has a recent entry: Moises Luis Zagala Gonzalez. He is a 55-year-old cardiologist living in Ciudad Bolivar, Venezuela. He has a bald head and an earnest smile. In one photo, he wears a doctor’s white overcoat with a stethoscope around his neck. What is this man doing on that list? U.S. prosecutors allege Zagala lead a double life. They allege he’s also a cybercriminal. Zagala is charged in federal court in New York with developing ransomware applications called Jigsaw and Thanos that infected organizations and companies around the word. They claim his hacking career stretches back to the late 1990s when he was part of an expert reverse software engineering group. Who is Moises Zagala, and why does the U.S. think he’s a ransomware mastermind? Speakers: Alexander Mindlin, Assistant United States Attorney, Eastern District of New York; Lindsay Kaye, Senior Director, Operational Outcomes, Insikt Group, Recorded Future; Thomas Holt, Professor, School of Criminal Justice, Michigan State University; Ana Vanessa Herrero, Journalist; Jeremy Kirk, Executive Editor, Information Security Media Group. Sources and transcript for this episode are here. Special thanks to Ana Vanessa Herrero in Caracas for reporting and research that contributed to this episode. Thanks also to ISMG’s Tom Field and David Perera for production assistance. Production Coordinator: Rashmi Ramesh The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records Other original music by Chris Gilbert, India Kirk and Jeremy Kirk Additional music by Podcastmusic.com Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

Ransomware struck global currency exchange and remittance company Travelex on New Year's Eve 2019. Security Architect Don Gibson was DJing at a friend’s place when the first alerts came in. That night kicked off turbulent period for Don that lasted throughout the rest of the year. His name became publicly linked with the Travelex incident, and the attention was completely undesired. His story is one of how social media, a frantic incident response and stress contributed to a nearly tragic health outcome. He went from IR, or incident response, to the ER – the hospital's emergency room. Speakers: Don Gibson, former Security Architect, Travelex; Jeremy Kirk, Executive Editor, Information Security Media Group. Sources and transcript for this episode are here. Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records. Music by Uppbeat and Podcastmusic.com. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

If software has a dangerous and easy-to-exploit security vulnerability, should its maker tell customers to shut it down until it’s fixed? It’s a tough call, but one that Dutch company Hoppenbrouwers says the software vendor Kaseya should have undertaken last year to prevent a massive supply-chain attack executed by the REvil ransomware gang. The gang had uncovered flaws in Kaseya's Virtual Systems Administrator product that Kaseya was racing to patch. Hoppenbrouwers was one of more than 1,500 victims. Its systems were nearly completely encrypted, but it recovered quickly using backups. Transcript for this episode is here. Speakers: Marcel de Boer, Financial Director, Hoppenbrouwers; Jeremy Kirk, Executive Editor, Information Security Media Group. Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records. Music by Podcastmusic.com. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

Rockford Public Schools in Illinois was infected with the Ryuk ransomware just days after the school year started in September 2019. They had one thought for the suspected Russia-based cybercriminal group at the root of the attack: "Screw them." The attack encrypted upwards of six million files, wrecked applications and locked up servers. But the district refused to pay the ransom and kept classes running while mounting a mighty recovery effort. Speakers: Jason E. Barthel, Chief Information Officer, Rockford Public Schools; Earl Dotson Jr., Chief Communications Officer, Rockford Public Schools; Cathy Bayer, Senior Communications Manager, Rockford Public Schools; Doug Levin, National Director, K12 Security Information Exchange; Errol Weiss, Chief Security Officer, Health Information Sharing and Analysis Center; Jeremy Kirk, Executive Editor, Information Security Media Group. Sources and the transcript for this episode are here. Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/©Ordinary Weirdos Records. Music by Uppbeat and Podcastmusic.com. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

The REvil ransomware gang's attack against the US software company Kaseya in 2021 is not only amongst the largest ransomware attacks of all time, but it's also one of the most intriguing. It involves the use of zero-day software vulnerabilities known only to a handful of people, a race between attackers trying to snare ransom payments and defenders developing a patch, and a secret operation that hacked back against the REvil hackers. And in the end, a rare action happened: Someone was actually arrested. This episode of The Ransomware Files also coincides with the release of new technical information from the Dutch Institute for Vulnerability Disclosure about the software vulnerabilities that were exploited by the ransomware gang. The information, which describes the vulnerabilities in Kaseya's Virtual Systems Administrator software, can be found on DIVD's website. Speakers: Robert Cioffe, Founder, Progressive Computing; Frank Breedijk, Manager, CSIRT, DIVD; Victor Gevers, Chairman, DIVD; Jason Manar, Chief Information Security Officer, Kaseya; Jon DiMaggio, Chief Security Strategist, Analyst1; John Hammond, Senior Security Researcher, Huntress; Espen Johansen, Security Director, Visma Group; Adrian Stanila, Senior Information Security Researcher, Visma Group; George Zamfir, Security Analyst, Visma Group; Jeremy Kirk, Executive Editor, Information Security Media Group. Sources and the transcript for this episode are here. Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Records. Music by Uppbeat and Podcastmusic.com. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

In 2019, 23 cities across Texas were infected with the REvil/Sodinokibi ransomware in one of the largest ransomware attacks that has ever occurred in the US. The cities recovered with remarkable speed due to the state's diligent preparation. But a small managed service provider called TSM Consulting, which the ransomware actors exploited in a supply-chain style attack, sustained irreparable damage. It's a heartbreaking story. This episode is going to reveal never-before-public details about the attack in Texas, how the state recovered so quickly and explore the human cost of ransomware. Speakers: Rick Myers, Founder, TSM Consulting; Nancy Rainosek, Chief Information Security Officer, State of Texas; Mandy Crawford, Chief Information Officer, State of Texas; Andy Bennett, Former Deputy Chief Information Security Officer and now Vice President of Technology and Chief Information Security Officer with Apollo Information Systems; Danny Miller, Chief Information Security Officer, Texas A&M University System; Jeremy Kirk, Executive Editor, Information Security Media Group. Source material and transcript for this episode are here. Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Records. Music by Uppbeat and Podcastmusic.com. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

What if destructive malware disguised as ransomware nearly sank not just one company but many? Shipping giant Maersk was one of dozens of organisations crippled by the NotPetya malware in June 2017. Gavin Ashton and Bharat Halai worked in identity and access management at Maersk. They share how the company's technology team tirelessly brought the company back from an IT systems meltdown and rescued the company's sole surviving copy of Active Directory. Speakers: Gavin Ashton, former Identity and Access Management Service Owner, Maersk; Bharat Halai, former Head of Identity and Access Management, Maersk; Jeremy Kirk, Executive Editor, Information Security Media Group. Sources and transcript for this episode are here.  Production Coordinator: Rashmi Ramesh. The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Music . "Soviet March" by Shane Ivers. Other music by Uppbeat. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

Cybersecurity experts are increasingly worried about attacks and ransomware directed at the 70,000 water and wastewater facilities in the United States. In November 2020, the Hampton Roads Sanitation District, which serves 1.7 million people in eastern Virginia, was infected with the Ryuk ransomware. Fortunately, its operational technology systems were unaffected, and it recovered. Here's how HRSD fought back, and how think tanks and the federal government are studying ways to strengthen the defenses of this critical infrastructure sector. Speakers: Ted Henifin, General Manager, HRSD; Roger Caslow, CISO, HRSD; Leila Rice, Director of Communications, HRSD; Anisea Burl, Accounts Payable Supervisor, HRSD; Mark Montgomery, Senior Director, Center on Cyber and Technology Innovation, Foundation for Defense of Democracies; James Cratty, Acting Regional Director, Cybersecurity Infrastructure and Security Agency, Region 3; Jeremy Kirk, Executive Editor, Information Security Media Group. Source material and transcript for this episode are here. Sponsored by: Cofense The Ransomware Files theme song and Be at Peace by Chris Gilbert/©Ordinary Weirdos Records. Other music by Uppbeat. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

Matthews is an Australian company that specializes in intelligent identification, labelling and inspection systems used by the food and beverage industry. In early 2020, it faced a "double extortion" attempt from ransomware actors. But Matthews fought back, recovered its data and saved its business. Matthews is one of hundreds of organizations in Australia that have been hit by ransomware, and the government is now taking action. Speakers: Mark Dingley, CEO, Matthews; Ben Nichol, Supply Chain Logistics Manager, Matthews; Reece Corbett-Wilkins, Partner, Clyde & Co.; Jeremy Kirk, Executive Editor, Information Security Media Group. Sponsored by: Cofense Source material and transcript for this episode are here. The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Records. Music by Uppbeat. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

Ski Kacoroski is a systems administrator with the Northshore School District in Bothell, Washington, which has 23,000 students. In 2019, the district was infected by Emotet and Trickbot, two notorious types of malware. Access to the district's systems was auctioned off twice by cybercriminals, and the district's system were eventually infected in September 2019 with the Ryuk ransomware. But the district recovered through tenacity and luck. Speakers: Ski Kacoroski, Systems Administrator, Northshore School District; Jeremy Kirk, Executive Editor, Information Security Media Group. The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Music.  Other music by Uppbeat. Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

The Ransomware Files podcast tells the harrowing stories of IT pros who have fought back against ransomware, the greatest crime wave the Internet has ever seen.