Risky Bulletin Podcast Summary

Title: Srsly Risky Biz: Law Enforcement Is Finally Making Progress on Ransomware
Host: Patrick Gray
Guest: Tom Uren, Policy and Intelligence Expertise Editor
Release Date: June 5, 2025

In this episode of Risky Bulletin, hosts Patrick Gray and Tom Uren delve into significant developments in the cybersecurity landscape, focusing on law enforcement's strides against ransomware, the controversial use of mobile spyware in the Syrian conflict, and the Russian GRU's evolving cyber operations. Below is a detailed summary capturing the essence of their discussions.

1. Law Enforcement Progress on Ransomware

Tom Uren opens the conversation by highlighting a shift in law enforcement strategies targeting the ransomware ecosystem.

Tom Uren (00:05): "The lesson here is that law enforcement is actually finally kicking some goals against the ransomware ecosystem by being actually quite smart about where they're choosing to prioritise their sort of disruption and investigative efforts."

Traditionally, apprehending individuals directly responsible for ransomware attacks has been challenging. However, recent efforts focus on dismantling the supporting infrastructure, such as info stealers, initial access malware, and botnets. By seizing domains and disrupting command-and-control operations, authorities are effectively crippling the mechanisms that enable ransomware activities.

Tom elaborates on this approach:

Tom Uren (01:47): "So the approach that they've taken is to look at the whole ecosystem... where the botnets themselves are amenable to law enforcement action, where they can seize domains, take control of command and control, and disrupt the actual operation of that malware."

Patrick Gray adds that disrupting these shared criminal services doesn't eliminate cybercrime but increases the operational burden on malicious actors, forcing them to invest more time in foundational tasks rather than high-impact attacks.

Patrick Gray (03:56): "It might not stop cybercrime, but it definitely just raises the effort that they have to spend on doing mundane, annoying stuff and turns it... into kind of being like you may as well get a day job at that point."

The hosts agree that while these measures don't eradicate ransomware, they significantly hinder the efficiency and effectiveness of criminal operations, potentially leading to a gradual decline in ransomware incidents.

2. Mobile Spyware and the Collapse of the Syrian Regime

The discussion transitions to a report from New Lines Magazine concerning the deployment of mobile spyware on Syrian army soldiers' personal devices, allegedly contributing to the rapid fall of the Assad regime.

Patrick Gray (05:52): "We had a look at that report from New Lines magazine that talked about some mobile spyware that was popping up on the personal devices of Syrian army soldiers in the lead up to the regime's fall."

Tom Uren scrutinizes the claim that the spyware was instrumental in the regime's collapse:

Tom Uren (05:52): "It was instrumental in the rapid collapse of the Assad regime... like a phishing page, and they're paying a little bit of money. And it seems to me to turn intelligence into military advantage is actually a lot of work."

They discuss the economic incentives behind the spyware distribution, noting that the modest compensation provided to soldiers was significant in the context of the Syrian economy. This likely facilitated widespread installation of the spyware, potentially granting opposition forces valuable intelligence.

Patrick Gray (07:33): "When 40 bucks seems like salvation... that person is probably not terribly committed to the cause they're allegedly, well, supposed to be fighting for, right?"

However, both hosts express skepticism regarding the extent to which the spyware alone could have precipitated the regime's downfall, suggesting that it was one of many contributing factors in an already collapsing system.

Patrick Gray (10:36): "It's drawing such a long bow... you can't wait for someone... to get their hands on this thing and actually pick it apart and see if they can figure out who done it."

They anticipate further investigations by cybersecurity experts to unravel the true impact and origins of the spyware operation.

3. Russian GRU’s Cyber Operations: Unit 29155

In the final segment, Patrick and Tom examine a detailed report from The Insider on Russia's GRU Unit 29155, shedding light on its cyber operations.

Patrick Gray (11:28): "GRU is the Russian military sort of intelligence unit, unit 29155 of GRU, which does a lot of like... assassinating foreign dissidents and sabotage operations and things like that... linked to various cyber operations."

Tom Uren expresses confusion over the unit's involvement in cyber activities, given its traditional focus on sabotage and direct action.

Tom Uren (12:15): "So to me, the mystery about unit 29155 is you've got a sabotage and blowing stuff up unit... and how does a unit like that get into hacking?"

The report reveals that the GRU recruited cybercriminals with poor operational security, leading to significant leaks of internal communications and operational details. This mismanagement has exposed the unit's cyber endeavors, including hack-and-leak and false flag operations.

Tom Uren (13:29): "Stigall did a number of hack and leak operations... and he was allowed to recruit other criminal criminals into the hacking operation."

The unit's bizarre and often ineffective cyber tactics, such as funding graffiti campaigns to foment dissent, contrast sharply with more destructive operations like smuggling incendiary devices disguised in innocuous items.

Tom Uren (15:00): "They're trying to foment dissent with a graffiti campaign... hundreds of thousands of dollars used in this campaign."

The hosts highlight the unit's dual nature—engaging in both low-impact information operations and high-stakes sabotage attempts—while also pointing out the corruption and lack of strategic direction within the unit.

Patrick Gray (17:50): "They got into it because they felt like it. It's not really advancing any objective, but it's nasty."

The discussion underscores the inefficacy and internal issues plaguing Unit 29155, painting a picture of a once-formidable intelligence unit now struggling with operational coherence and ethical standards.

Conclusion

Patrick Gray and Tom Uren provide a comprehensive overview of pivotal cybersecurity issues, emphasizing the nuanced and multifaceted nature of modern cyber threats and responses. From law enforcement's tactical disruptions of ransomware infrastructure to the questionable efficacy of mobile spyware in geopolitical conflicts, and the chaotic cyber operations of Russia's GRU Unit 29155, the episode underscores the complexity and evolving challenges in the cybersecurity domain.

Listeners gain valuable insights into how strategic enforcement efforts can impact cybercrime, the implications of cyber tools in warfare, and the internal dynamics of state-sponsored cyber units. This episode serves as a crucial update for cybersecurity professionals, policy makers, and enthusiasts keen on understanding the current landscape and future directions of cyber policy and intelligence.