Risky Business #627 -- USG claws back Colonial pipeline ransom money

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

US Government claws back Colonial ransom bitcoin. We don’t think the FBI acted alone.
Meet an0m, the cute little app for planning crimes that drinks milkshakes.
Ransomware stuff, duh.
Trickbot developer arrested in Florida
Supreme court upends CFAA “exceed authorised access” element
Much, much more

This week’s show is brought to you by Datadog. Michael Yamnitsky will be along in this week’s sponsor interview to talk about cloud security posture management. DataDog is launching a product in that space, so we’ll be hearing about the types of issues CSPM products can help to unearth.

If you book a demo of their product they’ll send you a free Datadog tee-shirt. The link is in the show notes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes




Feds recover millions from pipeline ransom hackers, hint at U.S. internet tactic


Exclusive: U.S. to give ransomware hacks similar priority as terrorism | Reuters


Hacking accusations are meant to stir conflict ahead of US summit, Russian president says


(11) Jenna McLaughlin on Twitter: "He also says "ransomware is a national security priority" particularly when it come to critical infrastructure. He would like to see out of G7 an "action plan" on how to increase resilience, share info, and "deal with the cryptocurrency challenge" when it comes to ransomware." / Twitter


Cyberattack hits JBS, world's largest meat processor - The Washington Post


FBI: JBS ransomware attack was carried out by REvil | The Record by Recorded Future


TV news stations become apparent target in next cyberattack


Ransomware attack disrupts Massachusetts ferries | The Record by Recorded Future


Fujifilm shuts down computer systems following apparent ransomware intrusion


Ransomware hits Capitol Hill contractor | The Record by Recorded Future


Sensitive medical, financial data exposed in extortion of Massachusetts hospital


Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked | WIRED


US arrests Latvian woman who worked on Trickbot malware source code | The Record by Recorded Future


Tokyo Olympics organizers' data swept up in Fujitsu hack: report


Supreme Court narrows scope of CFAA computer hacking law | The Record by Recorded Future


Australian Federal Police and FBI nab criminal underworld figures in worldwide sting using encrypted app - ABC News


(11) Seamus Hughes on Twitter: "Let's advance the story a bit w/ some original reporting: An FBI informant introduced Anom to Phantom Secure & Sky Global users in 2018. The informant gave each user a unique ID number, the FBI had full access to that ID list. Working w/ AFP, it was called Operation Trojan Horse" / Twitter


British military seeks briefings from Australia over security concerns about Israeli battle management technology - ABC News


Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals | The Record by Recorded Future


CISA launches platform to let hackers report security bugs to US federal agencies | TechCrunch


Ukraine warns of 'massive' Russian spear-phishing campaign | The Record by Recorded Future


Backdoor malware found on the Myanmar president's website, again | The Record by Recorded Future


Adventures in Contacting the Russian FSB – Krebs on Security


FireEye is selling its security products business for $1.2B


GitHub changes policy to welcome security researchers | The Daily Swig


This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica


First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard


Akamai offers post-mortem on recently resolved authentication platform vulnerability | The Daily Swig


Akamai EAA Impersonation Vulnerability - A Deep Dive - The Akamai Blog


Cloud Security Posture Management -- get a demo and receive a free Datadog tee-shirt