The end of MATRIX. - CyberWire Daily

Summary6 min read

CyberWire Daily: "The End of MATRIX" – Episode Summary

Release Date: December 4, 2024
Host: N2K Networks

Introduction

In the December 4, 2024 episode of CyberWire Daily, hosted by N2K Networks, listeners are presented with a comprehensive briefing on the latest developments in cybersecurity. The episode delves into significant law enforcement operations against cybercriminal infrastructures, critical vulnerabilities unveiled across major platforms, regulatory actions against data brokers, and insightful discussions aimed at IT professionals preparing for certifications. Additionally, the episode underscores the pervasive threat of ransomware through a real-world case study.

International Law Enforcement Strikes: The Fall of MATRIX and Crime Network

Matrix Messaging Platform Takedown

At [02:30], host Dave Buettner announces a landmark victory in the fight against cybercrime: the international collaboration leading to the dismantling of Matrix, an encrypted messaging platform extensively utilized by organized crime syndicates. This operation, spearheaded by Dutch and French authorities with support from Europol and Eurojust, successfully targeted Matrix's decentralized infrastructure comprising over 40 servers across France and Germany.

“Matrix was a hub for illegal activities like drug trafficking, money laundering, and arms smuggling.” – Dave Buettner [02:45]

The investigation, initially triggered by a device linked to the 2021 murder of a Dutch journalist, resulted in the interception and decryption of 2.3 million messages over three months, exposing a vast network of illicit operations. Despite this success, authorities acknowledge the persistent challenge posed by criminal groups migrating to alternative platforms such as Signal, Discord, and Session to maintain their anonymity.

Dismantling Germany's Largest Dark Web Marketplace: Crime Network

Shortly after the Matrix takedown, German police have also succeeded in dismantling Crime Network, the nation's largest illegal dark web marketplace, as reported at [05:15]. Established in 2012, Crime Network facilitated the exchange of stolen data, drugs, forged documents, and other illicit goods, amassing over 100,000 users and 100 sellers predominantly from German-speaking regions.

“Crime Network reportedly enabled transactions worth nearly $100 million between 2018 and 2024.” – Dave Buettner [05:30]

Authorities seized servers, luxury vehicles, and cryptocurrency assets amounting to $1.1 million. The arrested individual, a suspected administrator aged 29, faces charges including managing a criminal platform and drug trafficking. Ongoing investigations are delving into user and transaction data to further dismantle the network.

Critical Vulnerabilities and Security Alerts

The episode highlights several critical vulnerabilities identified across prominent platforms and software, emphasizing the urgency for immediate action to mitigate potential breaches.

SailPoint's Identity IQ Vulnerability

At [07:00], SailPoint disclosed a severity 10 out of 10 vulnerability in its Identity IQ identity and access management platform. This directory traversal flaw permits attackers to access unauthorized directories, potentially exposing sensitive data.

“Such bugs...stem from improper sanitization of user input, a basic security failure.” – US Cybersecurity and Infrastructure Security Agency [07:15]

Affected customers are urged to upgrade to patched versions without delay.

Backdoored Solana Web3js Library

A significant breach occurred when developers of decentralized applications on Solana inadvertently downloaded compromised versions of the Solana Web3js library due to a GitHub account compromise ([09:20]). The malicious code introduced allows attackers to steal private keys and deplete funds, posing a substantial threat to projects handling private keys directly.

SolarWinds Platform Vulnerability

SolarWinds revealed a critical cross-site scripting (XSS) vulnerability in its platform product's search and node information sections ([12:10]). Rated 7.0 on the CVSS scale, this flaw allows authenticated attackers to inject malicious code, potentially compromising system integrity. Users are strongly advised to apply the necessary updates to address this high-risk issue.

Fuji Electric's Zero-Day Vulnerabilities

Security researchers identified 16 zero-day vulnerabilities in Fuji Electric's remote monitoring software, impacting modules critical to infrastructure providers ([13:45]). These vulnerabilities enable attackers to execute arbitrary code via user interactions, necessitating immediate patching to safeguard against potential exploits.

Cisco's Decade-Old Vulnerability

Cisco has issued an urgent call to patch a decade-old vulnerability in its Adaptive Security Appliance (ASA) Web VPN login page, which is currently being exploited ([15:00]). The flaw allows attackers to perform XSS attacks by luring victims to malicious links, emphasizing the critical need for users to update their ASA software promptly.

CISA's Alerts on Zyzel Firewall Devices and Other Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings regarding active exploitation of a path traversal vulnerability in Zyzel firewall devices, alongside other vulnerabilities in proself and Project Send ([17:30]). These vulnerabilities facilitate unauthorized access, credential theft, and configuration manipulations, urging federal agencies to patch affected devices by specified deadlines.

Mob SF's Cross-Site Scripting Vulnerability

A critical XSS vulnerability was identified in Mobile Security Framework (Mob SF) version 4.2.8, allowing attackers to inject malicious scripts via file uploads ([19:05]). Developers are advised to implement stricter validation measures to prevent exploitation.

Google's December 2024 Android Security Update

Google released a comprehensive security update addressing 14 high-severity vulnerabilities in its December 2024 Android release ([20:00]). This includes a critical remote code execution flaw in the system component, underscoring the importance of promptly updating to ensure enhanced security across Android devices.

Regulatory Actions: FTC Settles with Data Brokers

At [21:20], the Federal Trade Commission (FTC) announced settlements with data brokers Gravy Analytics and Mobile Walla over allegations of selling sensitive location data without user consent. The FTC highlighted that these companies failed to verify or respect user consent, leading to the unauthorized sale of data encompassing visits to sensitive locations such as hospitals and places of worship.

“Both companies have agreed to delete improperly collected data, implement consent safeguards, and restrict the sale of information tied to sensitive locations.” – Dave Buettner [21:35]

This bipartisan and unanimous ruling signifies increasing regulatory scrutiny on data brokers, reinforcing the necessity for transparent and consent-based data handling practices.

Certbyte Segment: Navigating the CompTIA A Core Exam 1

Discussion on Exam Preparation

In the Certbyte segment at [23:00], hosts Chris Hare and Dan Neville delve into strategies for mastering the CompTIA A Core Exam 1 (Exam ID 220-1101), tailored for IT newcomers with approximately nine to twelve months of experience. They discuss the importance of understanding the troubleshooting process and recommend using flashcards to memorize essential ports and protocols.

“Make sure you understand the troubleshooting process. Also, I would use a lot of flashcards to help memorize the ports and protocols.” – Dan Neville [17:42]

Sample Exam Question Analysis

Dan poses a practice question regarding wireless network specifications for the 5 GHz band, challenging Chris to identify the correct 802.11 standards. Through collaborative reasoning, they elucidate that 802.11ac and 802.11n are suitable for the 5 GHz spectrum, providing insights into their respective capabilities.

“The correct answers are 802.11ac and 802.11n.” – Dan Neville [20:21]

The segment underscores the necessity of thorough preparation and familiarity with networking protocols to excel in certification exams.

Real-World Implications: Ransomware Hits Stoli Group

Concluding the episode at [23:50], Dave Buettner narrates the severe impact of ransomware on Stoli Group USA, renowned for its Stoliknaya vodka. In August 2024, a ransomware assault crippled the company's IT systems, forcing a shift to manual operations and delaying financial reporting until 2025. Complicating matters, Stoli faced geopolitical retaliation from Russia due to its pro-Ukraine stance, resulting in the confiscation of distilleries and protracting trademark disputes.

“This vodka tale serves as a sobering reminder of ransomware's potential to shake businesses to their core.” – Dave Buettner [24:10]

The incident exemplifies the multifaceted threats posed by ransomware, encompassing not only financial losses but also geopolitical tensions and reputational damage.

Conclusion

The December 4, 2024, episode of CyberWire Daily offers an in-depth exploration of pivotal events shaping the cybersecurity landscape. From significant law enforcement victories against cybercriminal networks to the unveiling of critical vulnerabilities across major platforms, the episode underscores the dynamic and ever-evolving nature of cyber threats. Additionally, regulatory advancements and real-world case studies like the Stoli Group incident highlight the broad implications of cybersecurity lapses. For IT professionals, the Certbyte segment provides valuable insights into certification preparation, further enriching the episode's informative offerings.

For more detailed insights and updates, visit CyberWire Daily.

Loading summary

Transcript33 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire network powered by N2K. Now a word about our sponsor, the Johns Hopkins University Information Security Institute. The JHU ISI is home to world class interdisciplinary experts dedicated to developing technologies to protect the world's vast online systems and infrastructure and working closely with US Government research agencies and industry partners. The Institute offers dual degree and joint programs in computer science and health informatics and has been designated as a Center of Academic Excellence in Cyber Research. Learn more at isi.jhu.edu International law enforcement takes down the Matrix messaging platform Sailpoint discloses a critical vulnerability in its Identity IQ platform A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its platform product. Researchers identify 16 zero day vulnerabilities in Fuji Electric's remote model monitoring software. Cisco urges users to patch a decade old vulnerability. CISA warns of active exploitation of ZYZL firewall devices. A critical cross site scripting vulnerability has been identified in mob SF. Google's December 2024 Android security update addresses 14 high severity vulnerabilities. The FTC settles with data brokers over alleged consent violations. On today's certbyte segment, Chris Hare and Dan Neville break down a question targeting the a core exam certification and a vodka company gets iced by ransomware. It's Wednesday, December 4th, 2024. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great as always to have you with us. International collaboration struck a blow against cybercrime yesterday with the dismantling of Matrix, a sophisticated encrypted messaging platform favored by organized crime. Led by Dutch and French authorities with support from Europol, Eurojust and other nations, the operation targeted Matrix's decentralized infrastructure which spanned over 40 servers, including key ones in France and Germany. Initially uncovered on a device linked to the 2021 murder of a Dutch journalist, Matrix was found to be a hub for illegal activities like drug trafficking, money laundering and arms smuggling. Offering invitation only access, end to end encryption and multi server hosting, Matrix became a secure tool for criminals seeking anonymity. However, authorities intercepted and deciphered 2.3 million messages over three months, unraveling its web of illegal operations. As criminals shift to other platforms like Signal Discord and session, law enforcement faces a growing challenge in tracking fragmented communication methods. Meanwhile, German police have dismantled Crime Network, that country's largest illegal dark web marketplace, and arrested a 29 year old suspected administrator. The platform, operational since 2012, facilitated the trade of stolen data, drugs, forged documents and other illegal goods with over 100,000 users and 100 sellers, primarily from German speaking countries. Authorities seized servers, luxury vehicles, evidence and $1.1 million in cryptocurrency assets. Crime Network reportedly enabled transactions worth nearly $100 million between 2018 and 2024, earning operators commissions of between 1 and 5%, plus seller fees buyers typically paid in cryptocurrency. The operation includes ongoing investigations into user and transaction data. The arrested individual faces charges of managing a criminal platform and drug trafficking. Sailpoint has disclosed a critical 10 out of 10 severity vulnerability in its identity, IQ, identity and access management platform. The flaw, a directory traversal vulnerability, allows attackers to access unauthorized directories, potentially exposing sensitive data and compromising systems. Such bugs, described by some as embarrassingly easy to exploit, stem from improper sanitization of user input, a basic security failure highlighted by the US Cybersecurity and Infrastructure Security Agency. Affected customers are urged to upgrade to patched versions immediately. Developers of decentralized applications on Solana unknowingly downloaded backdoored versions of the Solana Web3js library after a GitHub account was compromised. The malicious versions were available for five hours on December 2 and included code enabling attackers to steal private keys and drain funds. While non custodial wallets remain unaffected, projects handling private keys directly are at risk. Developers should immediately upgrade to the clean version and rotate any compromised keys. GitHub warns systems using the backdoored versions may be fully compromised, necessitating a complete reset of credentials from a different machine. Binance reported no major cryptocurrency wallets were hacked, though third party tools linked to private keys might have been affected. SolarWinds has disclosed a critical vulnerability in its platform product affecting the search and node information sections of its user interface. The cross site scripting flaw allows authenticated attackers to inject malicious code, potentially compromising system integrity and confidentiality. While the exploit requires user interaction and authentication, the flaw's severity is rated 7.0 on the CVSS scale. SolarWinds urges users to apply necessary updates to mitigate this high risk security issue. Security Researchers have identified 16 zero day vulnerabilities in Fuji Electric's remote monitoring software affecting critical infrastructure providers. These flaws impact Telus, Telus Light, vserver and VSFT modules, enabling attackers to execute arbitrary code through user interaction, such as visiting malicious pages or opening files. The zero day initiative attributes the vulnerabilities to improper validation of user supplied data, leading to out of bounds write issues. Previously, Fuji Electric patched similar vulnerabilities in 2021 addressing risks like denial of service attacks and sensitive data exposure. Cisco is urging users of its adaptive security appliance to patch a decade old vulnerability in its Web VPN login page, which is being actively exploited. The flaw, caused by insufficient input validation, allows attackers to execute cross site scripting attacks by luring victims to malicious links, potentially compromising sensitive information or injecting malware. Initially flagged in 2014, the vulnerability resurfaced this year with malware like Androx Ghost leveraging it for attacks. CISA added it to its Known Exploited Vulnerabilities catalog, requiring government agencies to address it by December 3rd with no workarounds available. Cisco strongly advises updating ASA software to the latest patched version to safeguard networks against these emerging threats. CISA has warned of active exploitation of a path traversal vulnerability in Zyzel firewall devices. The flaw allows attackers to download or upload files via crafted URLs, potentially leading to unauthorized access, credential theft and backdoor VPN creation. Zyzel addressed this issue in a Firmware update released September 3rd alongside fixes for other vulnerabilities. Users are urged to update their firmware, change admin passwords, and check for rogue accounts. CERT Germany emphasized that patching alone is insufficient without these additional steps. CISA has added this to its known Exploited Vulnerabilities catalog, requiring federal agencies to patch affected devices by December 24th. Additionally, CISA has added two other vulnerabilities to the KEV catalog. The first is an XML External entity flaw in proself, which allows unauthenticated attackers to read server files, exposing sensitive data. The second is an improper authentication vulnerability in Project Send, which enables attackers to exploit HTTP requests to modify configurations, create accounts, and upload web shells. A critical vulnerability has been identified in Mobile security framework version 4.2.8, allowing attackers to inject malicious scripts via stored cross site scripting. The flaw resides in the diff or compare functionality, which improperly handles file uploads containing script laden file names with special characters. Attackers can exploit this oversight to upload a malicious file, embedding scripts in its name. When the file is accessed, the script executes, compromising data confidentiality and posing a persistent threat. Mitigation requires stricter file name validation and restricting uploads to whitelisted characters. Mob SF developers are urged to address this issue immediately. Google's December 2024 Android security update addresses 14 high severity vulnerabilities, including a critical remote code execution flaw in the system component. This flaw allows attackers to execute code without additional privileges. The Update Split into two patch levels, fixes six framework system bugs and eight vulnerabilities in components from Imagine Technologies, MediaTek, and Qualcomm. Updated Android versions include these patches, now available in the Android Open Source Project repository. Google urges users to update promptly, emphasizing the improved security of newer Android versions. No active exploitation of these flaws has been reported, and updates for Android automotive OS and wear OS are also included. Pixel device specific updates are expected soon. The Federal Trade Commission has settled with data brokers Gravy analytics and Mobile Walla over allegations they sold sensitive location data without consent. The data collected from apps and tracking SDKs, revealed visits to hospitals, places of worship, protests, and even specific rooms in buildings. Gravy boasted of collecting billions of daily location signals, while Mobile Walla retained data on hundreds of millions of devices. The FTC claimed the brokers failed to verify user consent or knowingly ignored its absence. Both companies have agreed to delete improperly collected data, implement consent safeguards, and restrict the sale of information tied to sensitive locations like medical facilities and schools. The bipartisan ruling, passed unanimously, reflects growing scrutiny of data brokers. Coming up after the break on today's Cert Bites segment, Chris Hare and Dan Neville break down a question targeting the a Core Exam 1 certification and a vodka company gets iced by ransomware. Stay with us.
[13:34]
Unknown Sponsor Voice
And now a word from our sponsor, KnowBefore. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBe4, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35. Vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBe4 for sponsoring our show.
[15:07]
Dave Buettner
And now a message from Black Cloak. What's the easiest way for threat actors to bypass your company's cyber defenses targeting your executives at home. According to the latest Poneman research study, over 42% of CISOs have reported cyberattacks on their executives in their personal lives and this becomes your problem because executives are easy targets at home for account takeover, credential theft and reputational harm. Close the at home security gap with Black Cloak's Digital Executive Protection Platform Award winning 247365 protection for executives and their families. Learn more at BlackCloakIO it's time for our Cert Bites segment and today Chris Hare and Dan Neville break down a question targeting the A Core Exam 1 certification.
[16:10]
Chris Hare
Hi everyone, it's Chris. I'm a content developer and Project Management specialist here at N2K Networks. I'm also your host for this week's edition of certbyte, where I share a practice question from our suite of industry leading content and a study tip to help you achieve the professional certifications you need to fast track your career growth in IT, cybersecurity and project management. Today's question targets the CompTIA A Core Exam 1, which is Exam ID 220 1101. This exam is targeted for those candidates who are new to IT and have about nine to 12 months of experience, whether that's in the lab or in the field field. I have my teammate Dan here to help us out again today and as we've already established, after all, he is our captain of CompTIA. How are you today Dan?
[17:01]
Dan Neville
I'm doing great, Chris. Thanks for having me here today.
[17:04]
Chris Hare
Absolutely. So we're going to turn the tables again and have Dan ask me today's question. But before we get into it, Dan, is it true that candidates should take the A exam first before taking the Network plus and Security plus exams?
[17:18]
Dan Neville
Absolutely. It's highly recommended that you do that. Network builds on A security, builds on the content in A and network. So for anybody starting out in it, A is the way to start.
[17:34]
Chris Hare
Excellent. So while I gird my loins for your question, Dan, I understand you have a 10 second study bit for this test. What do you have for us?
[17:43]
Dan Neville
So from helping lots of people go for this exam, over the years I've seen two areas where people have problems. Okay, make sure you understand the troubleshooting process. Also, I would use a lot of flashcards to help memorize the ports and protocols.
[17:57]
Chris Hare
All right, those are great tips and we do have a lot of study materials to support this, so we will share where you can find those after this program. Okay, I'm ready for Your a core exam. One question, Dan. I don't know what to expect, so let's jump right in.
[18:13]
Dan Neville
Okay, so here's your question.
[18:15]
Chris Hare
Okay.
[18:15]
Dan Neville
You want to set up a wireless network that uses the 5 GHz band. Which two wireless specifications could you use? And you need to choose two.
[18:26]
Chris Hare
Oh boy.
[18:27]
Dan Neville
So your choices are 802.11n, 802.11ac, 802.11b and 802.11g. So which two?
[18:40]
Chris Hare
Aye aye, captain. I have a clue. I'm going to need your help thinking this through. This is part of the networking objective and more specifically, comparing and contrasting protocol for wireless networking. But where on earth do I begin? Can you please help steer me through this, Captain Dan?
[18:59]
Dan Neville
Sure. This is one of those memorization things. And if you Google 802.11 specifications chart, you'll see that there are many of them out there. And that's one of these things that you have to memorize. One thing to memorize is like the 802.11and the N or the AC, the B or the G. What gigahertz range it runs in? There's only two and what the what the bandwidth are. So if you were studying and googling that, you would be able to pull up, pull up that chart. And it's one of those things, if you take the exam in person, you can actually write that chart down on the whiteboard that they give you.
[19:40]
Chris Hare
So you can do a formula dump, as it were. That was a study bit that I shared with a previous practice test. So that would be a good thing to do a prior study dump or brain dump before you take the exam, right?
[19:53]
Dan Neville
Yep. As soon as you sit down, get all that stuff out of your head.
[19:56]
Chris Hare
Okay. All right. So given this is a memorization question and I do not have that related resource at my disposal, I am just going to take two wild guesses of A and D. So 802.11n and 802.11g respectively. Am I anywhere near the realm of being correct?
[20:15]
Dan Neville
Well, surprisingly you might be surprised that you are half right.
[20:22]
Chris Hare
Okay.
[20:22]
Dan Neville
The correct answers are amb. You can use either 802.11 ac, which is commonly known nowadays as Wi Fi 5, or the 80211 N. Wi Fi 4 or the wireless N. Specifications 802.11 ac, Wi Fi 5 that uses the 5 GHz range. Okay. It's reported as capable to go up to 1.3 gigabits per second, which is pretty fast. But to remain backwards compatible with 802 11N 802.11ac includes protocol support for the 2.4 GHz band at speeds up to 450 Mbps.
[21:04]
Chris Hare
Okay, I'm sure this makes sense to most other people, so thank you for that. And you already told us where students can find that chart, so I appreciate you sharing all of that great information and for that brain twister. Daniel, I see also from the Comptia website that the A exam appears in more tech support job postings than any other IT credential. Can you share a little why you think this is the case?
[21:31]
Dan Neville
Sure. A is designed so that you need to have 9 to 12 months experience either in the lab or on the job to pass it. So employers expect you to be able to walk into most general tech support situations and solve their problems. They might need only to train you on their specific systems, but the principles that are embodied in A are going to be your most valuable tools.
[22:01]
Chris Hare
Okay, great. And I realize it's also really important that candidates know that they need for the A they have to take both Core 1 and Core 2 exams to earn this certification. Is that right?
[22:15]
Dan Neville
Yes, that's correct. You always have to pass both halves of the exam. In this case, it's Core one and Core two. And we have practice tests, training courses and labs for both exams on our website.
[22:31]
Chris Hare
Excellent. So thank you so much for being here today. Dan, are there any upcoming Comptia practice tests or courses you'd like to promote here?
[22:38]
Dan Neville
Ooh, you bet. We got Cloud plus coming out very shortly. IT Fundamentals has been updated and rebranded as tech and we'll have that shortly. Pen Test plus towards the end of the fall and the brand new Security X certification, which is replacing CAASPP plus hopefully by the beginning of the year. So we got lots of stuff coming out to update the COMPT exams.
[23:07]
Chris Hare
Lots of great stuff. Thank you so much, Daniel.
[23:09]
Dan Neville
Thank you.
[23:11]
Chris Hare
And thank you for joining me for this week's certbyte. If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see, please feel free to email me at certbiten2k.com that's C E R T B Y TK.com if you'd like to learn more about N2K's practice tests, visit our website at n2k.com for more resources, including our new N2K Pro offerings. Check out the cyberwire.com pro for sources and citations for this question. Please check out our show notes. Happy certifying everyone.
[24:01]
Dave Buettner
Today's question comes from N2K's CompTIA, a core Exam 1 practice test. We'll have links to that in our show notes. Check it out. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, our wine and spirits desk reminds us that even vodka isn't immune to the double whammy of ransomware and geopolitical drama. Stoli Group usa, famed for its Stoliknaya vodka, has filed for bankruptcy in the U.S. drowning in $78 million of debt. Among the culprits? A severe ransomware attack in August 2024 that crippled its IT systems, forcing manual operations and delaying financial reports until 2025. Talk about a hangover. Adding insult to injury, Stoly faced retaliation from Russia for its pro Ukraine stance. Founder Yuri Scheffler was labeled an extremist. Two distilleries worth $100 million were confiscated and the group burned through millions in a decades long trademark battle with Russian authorities. This vodka tale serves as a sobering reminder of ransomware's potential to shake businesses to their core, even as it remains unclear if Moscow had a hand in this particular digital assault. Still, in the battle of ransomware versus vodka, it seems ransomware took the top shelf. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@the cyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Carr. Simone Petrella is our president. Peter Kielpi is our publisher and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, taxes, all of those things that you need to go through when you're starting a business. The hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff. Launch, run and protect your business. To make it Official today@legalzoom.com you can use promo code CYBER10 to get 10% off any LegalZoom business information product, excluding subscriptions and renewals that expires at the end of this year. Get everything you need from setup to success@legalzoom.com and use promo code CYBER10. That's legalzoom.com and promo code CYBER10. Legalzoom provides access to independent attorneys and self service tools. Legalzoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ Legal Services llc.