To ban or not to ban, a conversation on ransomware with Azim Khodjibaev
02/05/24 • 28 min
This month’s guest of the Cyber Insider is Azim Khodjibayev. With over a decade of experience in intelligence analysis, Azim has focused on Russian APT and cybercrime activity, particularly in the realm of ransomware. He shares his insights on the current state of cyber threats, the impact of recent breaches, and the future of cybersecurity.
One notable trend observed in 2023 was the splintering of cybercriminal groups. Azim highlights how these groups can quickly switch affiliations and work with multiple organizations simultaneously. This flexibility allows them to evade detection and maximize their impact. Azim suggests that this splintering may be a response to increased law enforcement activities and the need to adapt to changing circumstances.
Law enforcement efforts have seen some success in recent years, with notable takedowns of cybercriminal groups like ALPHV/BlackCat and Hive. However, the impact of these actions on cybercriminal operations is a subject of debate. Azim acknowledges that short-term disruptions can occur, as cybercriminals assess the risks and adjust their strategies. However, he emphasizes that the allure of quick financial gains and the addictive nature of cybercrime make it unlikely for these individuals to abandon their activities permanently.
Azim states, "As long as they have access to computers, as long as they have access to their communication channels, they're going to come back, and they'll do it a little bit better, a little bit more sophisticated."
As cyber threats continue to evolve, it is essential to equip individuals with the knowledge and skills to protect themselves and their organizations. Azim emphasizes the importance of cybersecurity education, particularly for the younger generation who are increasingly reliant on technology. Azim explains, "It would be really nice to see middle school classes, for example, about online safety... treating it as bad as we treat all the other safety stuff."
As we enter 2024, the cybersecurity landscape remains challenging. While progress has been made in disrupting cybercriminal operations, the battle is far from over. Azim believes that the rate of learning and collaboration among cybersecurity professionals is a positive sign. However, he cautions that the worst is yet to come, as cybercriminals become more sophisticated and globalized.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
This month’s guest of the Cyber Insider is Azim Khodjibayev. With over a decade of experience in intelligence analysis, Azim has focused on Russian APT and cybercrime activity, particularly in the realm of ransomware. He shares his insights on the current state of cyber threats, the impact of recent breaches, and the future of cybersecurity.
One notable trend observed in 2023 was the splintering of cybercriminal groups. Azim highlights how these groups can quickly switch affiliations and work with multiple organizations simultaneously. This flexibility allows them to evade detection and maximize their impact. Azim suggests that this splintering may be a response to increased law enforcement activities and the need to adapt to changing circumstances.
Law enforcement efforts have seen some success in recent years, with notable takedowns of cybercriminal groups like ALPHV/BlackCat and Hive. However, the impact of these actions on cybercriminal operations is a subject of debate. Azim acknowledges that short-term disruptions can occur, as cybercriminals assess the risks and adjust their strategies. However, he emphasizes that the allure of quick financial gains and the addictive nature of cybercrime make it unlikely for these individuals to abandon their activities permanently.
Azim states, "As long as they have access to computers, as long as they have access to their communication channels, they're going to come back, and they'll do it a little bit better, a little bit more sophisticated."
As cyber threats continue to evolve, it is essential to equip individuals with the knowledge and skills to protect themselves and their organizations. Azim emphasizes the importance of cybersecurity education, particularly for the younger generation who are increasingly reliant on technology. Azim explains, "It would be really nice to see middle school classes, for example, about online safety... treating it as bad as we treat all the other safety stuff."
As we enter 2024, the cybersecurity landscape remains challenging. While progress has been made in disrupting cybercriminal operations, the battle is far from over. Azim believes that the rate of learning and collaboration among cybersecurity professionals is a positive sign. However, he cautions that the worst is yet to come, as cybercriminals become more sophisticated and globalized.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Previous Episode
The Fight Against Ransomware, with Allan Liska
This month’s guest of the Cyber Insider is Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future. With more than 20 years of experience in ransomware and information security, Allan Liska has improved countless organizations’ security posture using more effective intelligence. Liska provides ransomware-related counsel and key recommendations to major global corporations and government agencies, sitting on national ransomware task forces and speaking at global conferences. Liska has worked as both a security practitioner and an ethical hacker at Symantec, iSIGHT Partners, FireEye, and Recorded Future. Regularly cited in The Washington Post, Bloomberg, The New York Times, and NBC News, he is a leading voice in ransomware and intelligence security. Liska has authored numerous books including “The Practice of Network Security”, “Building an Intelligence-Led Security Program”, “Securing NTP: A Quickstart Guide”, “Ransomware: Defending Against Digital Extortion”. “DNS Security: Defending the Domain Name System” and “Ransomware: Understand.Prevent.Recover.” He is also the creator of the first ransomware-themed comic book, Yours Truly, Johnny Dollar.
In this thought-provoking discussion, Allan shares his thoughts on the current state of cyber insecurity, the role of the cybersecurity industry, and the challenges posed by ransomware. He also explores potential solutions and strategies to combat this growing threat.
"I think the International Ransomware Task Force has been doing a lot of great work with information sharing. We need to bring more countries into that and improve that information sharing so that we can arrest these people wherever they are."
Allan shares his insights on the rise of ransomware variants and the increase in ransomware extortion sites. This conversation also touches on the effectiveness of law enforcement efforts, the role of cyber insurance companies, and the presence of ransomware actors on social media platforms.
Our guest concludes by suggesting diplomatic and law enforcement actions to disrupt the support structure for ransomware operators and the need for stricter reporting requirements for ransom payments.
"If you pay a ransom, you have to report it before you pay the ransom again. If nothing else, maybe we can get some law enforcement tracing".
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Next Episode
Decoding the Cybercriminal Mindset, with Ryan Chapman
This month’s guest of the Cyber Insider is Ryan Chapman. Ryan is the author of SANS Forensics FOR528: Ransomware and Cyber Extortion along with a Certified Instructor for SANS. In his day job, he functions as a consultant for threat hunting and incident response. Ryan often presents at conferences, including running workshops the last 4 years running at DefCon. In his free time he spends time with his daughter watching anime, plays plenty of Street Fighter, and enjoys playing retro video games.
Ryan highlights the significance of security fundamentals in preventing cyberattacks. He emphasizes that many organizations still struggle with basic security practices, such as implementing multi-factor authentication (MFA) and patching vulnerabilities. In this podcast episode, we also touch on the topic of understanding cybercriminal mindset and how it can help in the fight against ransomware:
"Engaging with cybercriminals through interviews can help humanize them and provide valuable insights into their motivations and tactics."
By conducting interviews and engaging with threat actors, researchers and law enforcement agencies can gain valuable insights into their mindset and strategies. Our guest cites the example of ransomware actor Wazawaka, who has been known to provide interviews and share insights into the ransomware landscape. These interviews not only shed light on the tactics employed by cybercriminals but also provide valuable information for prevention and mitigation strategies.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-cyber-insider-250053/to-ban-or-not-to-ban-a-conversation-on-ransomware-with-azim-khodjibaev-44017555"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to to ban or not to ban, a conversation on ransomware with azim khodjibaev on goodpods" style="width: 225px" /> </a>
Copy