Cybersecurity Today: Ransomware Payments Drop and Treasury's Doge Access Crisis

Host: Jim Love | Release Date: February 10, 2025

1. Significant Decline in Ransomware Payments

In the latest episode of Cybersecurity Today, host Jim Love delves into a pivotal shift in the ransomware landscape. Global ransomware payments experienced a notable 35% decrease in 2024, plummeting to $813 million from the previous year's record high of $1.25 billion. This downturn signifies a major turning point in how organizations are responding to cyber extortion.

Jim highlights that this reduction is not merely a result of enhanced cybersecurity defenses but also reflects a growing resistance among victims to comply with hackers' demands. "The decline represents more than just improved defenses. It signals a growing resistance to paying ransoms," Jim states at [02:15]. This sentiment is echoed by Jacqueline Burns Coven, Head of Cyber Threat Intelligence at Chainalysis, who notes, "For years now, the cybersecurity landscape seemed hurtling towards a so-called ransomware apocalypse."

Several factors contribute to this decline:

• Law Enforcement Actions: Significant operations against notorious ransomware groups like Lockbit and Black Cat Alfie have disrupted their operations. Jim observes, "The drop was particularly sharp in the second half of 2024 following major law enforcement actions against the notorious ransomware groups."

• International Collaboration: Enhanced cooperation between nations has strengthened the global response to cyber threats, making it harder for ransomware groups to operate with impunity.

• Victim Resistance: Organizations are increasingly refusing to give in to ransom demands, reducing the financial incentive for attackers. Actual payments are now 53% lower than the amounts demanded by cybercriminals.

Despite these positive trends, Jim cautions that the situation remains fragile. While ransomware payments have decreased, the number of reported incidents on dark web leak sites has reached an all-time high, indicating that attackers are pivoting their tactics and targeting organizations less likely to comply financially.

2. Treasury's Doge Access Sparks National Security Concerns

Transitioning to a more alarming topic, Jim discusses the national security crisis emerging from the Treasury Department's decision to grant read-only access to its payment systems to two employees from Doge. This move has raised significant red flags within the intelligence community.

Key points include:

• Unauthorized Access: In January of the current year, Treasury Secretary Scott Besant authorized read-only access for two Doge employees. This decision quickly led to concerns about potential insider threats.

• Questionable Backgrounds: One of the Doge members, Edward Korostein, a 19-year-old previously fired from Path Network for leaking company secrets, was granted access. Jim emphasizes the severity by quoting a federal judge from Manhattan: "A preliminary injunction barring Doge from accessing treasury databases containing personally identifiable information."

• Controversial Reports: A subcontractor for Booz Allen Hamilton authored a draft report warning about the security risks posed by Doge's access. However, Booz Allen swiftly dismissed the subcontractor, stating, "The draft report contained unauthorized personal opinions that are not factual or consistent with our standards." Jim reacts strongly to this, exclaiming at [15:40], "Oh my God. If you trust the report from Booz Allen after that, I'm just sorry for you."

The broader implications are particularly dire for intelligence operations. The Treasury's payment systems contain sensitive information about payments to human intelligence sources working for agencies like the CIA and the DIA. Exposure of this data could endanger lives of assets operating both domestically and internationally.

3. The Perils of Untested Backup Systems

In another segment, Jim shares a cautionary tale from a recent column in The Register, illustrating the dangers of relying on unverified backup systems. The story revolves around Lionel, a senior developer and help desk technician who discovered critical flaws in his organization's backup procedures.

Highlights of the story include:

• Neglected Verification: Lionel inherited the responsibility of managing backups for a mainframe software development team. He found that his predecessor, Richard, had been performing daily backups onto 8mm tapes without ever verifying their integrity. When questioned, Richard admitted, "My job was to ensure backups were taken, not to check whether they were usable."

• Disastrous Discoveries: Upon attempting a test restore, Lionel discovered that the tapes were unreadable, rendering years of data backups useless. His efforts to replace the faulty backup recording device led to partial recovery of the archive, but he faced backlash for the additional expenses incurred.

Jim passionately underscores the importance of reliable backup systems, stating at [25:30], "When you order a backup, it should come with recovery included. It shouldn't be an extra." He lauds those who prioritize restoration capabilities over mere backup creation, emphasizing that "all that counts are restores."

4. Final Thoughts and Recommendations

Wrapping up the episode, Jim Love reiterates the critical nature of robust cybersecurity practices. The decline in ransomware payments is a positive development, but the persistent threats and emerging vulnerabilities, such as those highlighted in the Treasury's Doge access issue and untested backup systems, underscore the need for continuous vigilance.

Key Takeaways:

• Maintain Rigorous Backup Protocols: Ensure that all backups are regularly tested for integrity and recoverability to prevent data loss during cyber incidents.

• Strengthen Access Controls: Limit and monitor access to sensitive systems, especially for individuals with questionable backgrounds, to mitigate insider threats.

• Foster Law Enforcement Collaboration: Support and advocate for international cooperation in combating ransomware groups to sustain the downward trend in ransomware payments.

Jim encourages listeners to stay informed and proactive in their cybersecurity measures, emphasizing that prevention and preparedness are paramount in an increasingly risky digital landscape.

For more insights, discussions, and updates on the latest cybersecurity threats, tune into future episodes of Cybersecurity Today with host Jim Love.