Siemens Advertiser

Need real insight from industrial data Versit with a single source of everything and get the best outcomes. Transform the everyday with Siemens

Skyrizi Advertiser

My perfect day has sand, salt water and friends but my moderate to severe plaque psoriasis can take me out of the moment. Now I'm all in with clearer skin thanks to Skyrizi Risankizumab RZA a prescription only 150mg injection for adults who are candidates for systemic or phototherapy. With Skyrizi, Most people saw 90% clearer skin and many were even 100% plaque free at four months. Skyrizi is just four doses a year after two starter doses.

Siemens Advertiser

Don't use if allergic to Skyrizi. Serious allergic reactions, increased infections or lower ability to fight them may occur before treatment. Get checked for infections and tuberculosis. Tell your doctor about any flu like symptoms or vaccines.

Skyrizi Advertiser

Thanks to Skyrizi there's nothing on my skin and that means everything is everything. Ask your doctor about Skyrizi, the number one dermatologist prescribed biologic in psoriasis. Visit skyrizi.com or call 1-866-Skyrizi to learn more.

Professor Anya Shortland

The second generation of ransomware is human operated. So not the sort of commodity automated ransomware, but human operated where people take charge of targeting offsetting a ransom, maybe investigating how much the victim is worth, how much they might be able to pay. They might have investigated their profit and loss accounts as they're in the service anyway. They might even have found an insurance certificate.

Jonathan Sederbaum

It's the lawfare Podcast. I'm Jonathan Sederbaum, Book Review Editor at lawfare with Professor Anya Shortland, who is a professor of Political economy at King's

Professor Anya Shortland

College London, saying, oh, just let's take the profit motive out of it. That never worked because in the end, if their lives are at risk or livelihoods at risk and the company is hemorrhaging money, the commitment to saying we'll never pay ransoms is just not credible.

Jonathan Sederbaum

Today we're talking about her book Dark Hackers and Heroes in the Shadowy World of Ransomware. Let's start off by asking you to tell our audience a little bit about your professional background and how you came to write Dark Screens.

Professor Anya Shortland

My special subject at King's is economics of crime and I'm fascinated by the governance of criminal markets. It all started in 2010 when my 4 year old son and I got super interested in piracy off the coast of Somalia and I started asking some really difficult questions about how do you make prices in this world? Where does the trust come from? When you have A legal entity having to make a deal with a criminal group. How do you create a transaction between somebody who's just been victimized whose salvation is going to come from the criminals? So I've got a whole body of work around extortive crime and its governance, starting with piracy and kidnapping, then with art crime and art napping and art recovery. And ransomware is the third part of my unholy trinity of extortive crime. And they're asking the same sort of question. Who governs that gray space between ransomware groups and the businesses and individuals and governments that they victimize? Who makes that transaction work as well as it does? Why is this a business model? Why do we see branded crime in this space? Just the more you look, the more interesting it gets. And it's a really complex problem. So in the end, the only way to tackle it was in book format. And also the book is really trying to bring out the people aspect of computing and engage the ordinary computer user, which means anyone who has a phone with their own cybersecurity.

Jonathan Sederbaum

Very good. How big a problem is ransomware today?

Professor Anya Shortland

Well, it sets in a much bigger group of cybercrimes, but in 2025, estimates are around $75 billion of costs to the global economy from ransomware. Though, Interestingly, only about 900 million of that ended up in the hands of the criminals. So there's a lot of damage that does nobody any good. It's almost like wrecking a car to steal a pair of sunglasses.

Jonathan Sederbaum

Where does the rest of that money go?

Professor Anya Shortland

It's business interruption, it's possibly regulatory fines, it's litigation around third party liabilities, data breaches, confidential data being stolen, possibly revealed all the remedial action around that.

Jonathan Sederbaum

Very good. Now, the early chapters of your book offer a very engaging prehistory of ransomware through, as you say, very human stories about some of the quite dramatic individuals involved. You explain that as early as the 1980s and 1990s, hackers of various kinds, some that we might consider white hat hackers, some with darker shaded hats, had developed many of the techniques needed to infiltrate and encrypt computer systems and demand payment from the owners of those systems to free them from the shutdown. But you note that there were three key technical obstacles that hackers had to overcome in order to make ransomware, these basic techniques, a truly effective method of extortion. Could you tell us a little bit about those crucial technical successes that enabled hackers to turn ransomware into a major form of extortion?

Professor Anya Shortland

Yes, of course. So the first one was, if you wanted to scale up ransomware, you needed to find a way of encrypting systems in a unique way, so that every victim has to have a unique decryption key, otherwise victims can share. So they needed asymmetric key encryption, which means a virus that gently mutates every time it finds a new victim. And obviously some really good housekeeping behind the scenes to make sure you can match up each victim with a unique encryption key. So that was a big technical challenge. The second challenge that hackers had was how they were going to communicate with their victims without being caught. If they had just done that from their normal phone lines, and of course, it would be super easy to track them down. And it was actually the US Secret Service that gave them protocol, the onion router, the Tor protocol that allowed them to disguise their identities and have these pseudonymous conversations within the darknet, which helps them to get together as firms, as groups, but also communicate with their victims. All of that was in place quite early, and the really big missing piece of the puzzle was how to take payments safely from a criminal's point of view. And it was only the gift of cryptocurrencies that made it possible for them to take payment at scale and cash out pseudonymously without ever revealing their real world identities. And yeah, it was 2013 that all of these things came together. So quite a long gestation period from the first ransomware attempt in 1989.

Jonathan Sederbaum

Very good. And as you track the history of the development of ransomware, you identify what you call ransomware as a service emerging in that period around 2013 or the 2010s, as an important step forward, as it were, in the development of this kind of criminal industry. What is ransomware as a service, and why was its emergence so significant?

Professor Anya Shortland

Ransomware relies on very clever coders creating malware that can penetrate computer systems, that encrypts and reliably decrypts people's networks and individual computers. Once you've got that kind of technology, there probably isn't time for you to make money from each individual victim's area, because you can have thousands, you can have hundreds of thousands of victims. So what ransomware as a service does is that it leases that weapons grade malware to other people whose coding skills are not that great, but who might be able to scam or blag their way into a network. So you outsource, effectively, the time consuming part of the operation to others, and you have affiliates, loose affiliates, who do the breaking and entering part, and then the malware takes care of the extortion and ransoming part on their behalf. And it really drove the massive expansion of ransomware as a threat to the global economy.

Jonathan Sederbaum

And the malware distributors get a cut from each of those affiliates, as it were.

Professor Anya Shortland

That's right. So the affiliates are taking more risks, they're more traceable. So they take actually quite a significant cut initially. So 70% and 80% now, 90%. So yes, it can be very lucrative for the affiliates. The codas take the smaller part. But of course they also have the option that when somebody comes in with a huge ransom, that they just disappear and take the entire ransom. So there is no honor among thieves on this one.

Jonathan Sederbaum

In that same period. You also describe what you call ransomware settlement as a service, and it seems to be a development that I had the impression you were not happy about, or that you're concerned about some of the unfortunate consequences of the development of what you call ransomware settlement as a service. What do you mean by that term and what were some of its consequences that you were concerned about?

Professor Anya Shortland

Yes, indeed, it's something that's ambiguous. So for people who've been subject to a ransomware attack, the chances of them being really stumped by it and facing a really long business downtime and not knowing how to resolve it is of course great. So people started to outsource their recovery, which is a good idea because people do get it really wrong. And as far as insurance companies were concerned, putting the recovery in the hands of experts was a super idea. On the other hand, from a collective point of view, throwing money at the problem and making it easier to recover, less troublesome to source the bitcoin, speed up the transaction with the criminals also made it easier for the criminals to increase their activities because rather than holding somebody's hand as they were carefully rebuilding their system after an attack, they could use that time to run further attacks. So yes, it's a two sided sword here, so it's good. And it's problematic too also, because there were some, what I call ransomware payment mills who don't really add much value, but they give people the idea that they might be able to get out of their predicament without paying the hackers, but paying the ransomware payment mill or multiple of the ransom that the hackers demand. And then behind the back, of course, the ransomware payment mills just go back to the hackers. So nothing is gained except for the ransomware payment mills. So yeah, quite a lot of shady businesses in that space preying on people's predicament as a result of ransomware attacks as well. In that case, yes, I am lamenting.

Jonathan Sederbaum

Who were the folks behind those ransomware payment mills? Were they actually in league all along with the ransomware hackers or they're legal

Professor Anya Shortland

companies offering a legal service. They exist as long as the organization has. Taking the ransom is not a prescribed organization as nothing technically or legally wrong with making that payment. But sometimes a victimized company doesn't want to be involved in a direct transaction with a criminal company. And yeah, there is just some jiggery pokery in that space where they say, oh, you can pay us, well, you don't need to pay them. And then they're just very opaque about their methods. But people who have investigated them realize that they are just going back to the criminals.

Jonathan Sederbaum

I like that technical term jiggery pokery. That term may be unfamiliar to some of the English years from outside the uk. So let's continue with the history, the development of the ransomware industry. You described several generations of ransomware. First generation, second generation, third generation. What distinguished second generation ransomware from first generation?

Professor Anya Shortland

So the first generation ransomware was large scale, pretty automatic and taking very low ransoms. The second generation of ransomware is human operated, so not the sort of commodity automated ransomware, but human operator where people take charge of targeting, offsetting a ransom, maybe investigating how much the victim is worth, how much they might be able to pay. They might have investigated their profit and loss accounts as they're in the service anyway. They might even have found an insurance certificate so they can set the ransom and they might have to negotiate it. They might have a chat function where they can do a little bit of hand holding on the recovery. So it's much more involved. But it was in response to a lot of businesses getting wise to cybercrime in general and the ransomware threat in particular. So as the success rate of attacks was dropping, they made up with ever rising ransoms from the second generation type of ransomware.

Jonathan Sederbaum

Got it. You also help readers understand the ransomware industry by taking a deep look at several of the most prominent ransomware organizations and some of their most, I would say spectacular operations. Let's turn and spend a few minutes on a few of those major ransomware organizations. First one with perhaps my favorite name for a ransomware organization are evil that is Capital R smushed together with the word evil. You profile the Revil group and you describe one of their most well known attacks on a company called Kaseya. Can you just remind our audience or tell our audience what did that hack involve and what did it reveal about the methods of sophisticated ransomware organizations and how best to respond to them?

Professor Anya Shortland

Yes, so this was a really clever attack targeted at what's sometimes called the soft underbelly of computer security. So it was a managed service provider that they targeted here. So where companies outsource their computer security to someone else and have a really deep connection, frictionless communication between that managed service provider and their own computer. So if he can somehow get inside one of those companies, then everyone will take updates or malware from that provider without any questions. So by breaking into Kaseya servers, they had up to a million end users potentially in their hands. So this could have been one of the most spectacular ransomware attacks in history. In the end, it wasn't quite that spectacular. So it's a bad news story, but also a good news story because Kaseya found out pretty quickly that they had been breached, they had shut down the servers. In the end, only one server was compromised and about 1500 companies were affected, which, of course is a lot of victims, all in a tight place at one point. What was really lovely about the aftermath of that attack was that the companies that had used the Kaseya software all rallied around the ones that had been affected and really helped with the rebuild. So it was not as catastrophic as it could have been. And also it was not nearly as lucrative as it should have been. And the Revol leadership really got into trouble on the Darknet forums because people said, well, you did this amazing thing. Are you hiding the profits from this? Did you really only get that small amount of money for it? So it was also something that so distrust and contributed to the demise of that particular, particular ones in my group.

Jonathan Sederbaum

So it sounds as though one of the morals of that story, though, from the potential victim side, is speed of detection and response was crucial. Right. Kaseya's ability, as you said, to shut down many of its servers quickly.

Professor Anya Shortland

That's right. I mean, that's been the lesson of quite a few of the recent attacks, that those who just sort of bury their head in the sand and hope it's not a ransomware attack like Marks and Spencer's end up with a much bigger rebuild and a much larger problem than the companies like the co op who says, okay, this is happening, let's just shut it down, let's investigate. Yes, even if it's not a ransomware attack, we'd rather be safe than super sorry.

Bill.com Advertiser

This episode is brought to you by Bill. The intelligent finance platform that helps businesses and accounting Firms Scale with Proven Results when you're growing a business, the stakes get higher. You can't afford infrastructure that breaks under pressure. If you care about security, reliability and scale, I want to let you in on a secret. Bill is the foundational software that nearly half a million businesses and 90 of the top 100 US accounting firms use to automate back office workflows, add secure controls to payment processes and and scale without increased overhead. With AI powered Accounts Payable automation, Bill erases the busy work from capturing invoices, routing approvals and processing payments, syncing seamlessly with the top accounting software platforms so your books are always accurate. But Bill isn't just accounts payable. It supports the full payments workflow. Bill has processed over $1 trillion in transactions, leveraging that expertise to help you manage, move and maximize your finances. So stop the guesswork and start scaling with the proven Choice. Go to Bill.comProven to talk with a payments expert and get a $250 gift card as a thank you. That's Bill.comProven terms and conditions apply. See Offer page for details.

DeleteMe Advertiser

Deleteme makes it easy, quick and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable. Look, it does all the hard work. You give it the information that you want to get rid of from the public domain and it does the job of wiping you and your family's personal information from data broker websites. It isn't just a one time service. Delete Me is always working for you, constantly monitoring and removing the personal information you don't want on the Internet. The data brokers don't quit. They keep putting stuff about you back where the bad guys can get it. And Delete Me doesn't quit either. It keeps taking it down and it sends you regular personalized reports showing what information they found, where they found it, and what they removed. That's why the New York Times Wirecutter has named Deleteme their top pick for data removal services. I'm somebody with an online presence. I do a lot of commentary on things. I don't hold back on my opinions. I have people out there who really don't like me. And yet my privacy is important to me. I don't want things that I don't want about myself in public to be made public. I don't want people knowing where I live or knowing what my car's license plate is. They One time somebody defaced my car. I've been a victim of identity theft harassment. And if you haven't you probably will be at some point and you probably know someone who has Delete Me can help. So take control of your data and keep your private life private. By signing up for Delete Me now at a special discount for our listeners, you get 20% off your Delete Me plan when you go to JoinDeleteMe.com lawfare20 and use the promo code lawfare20 at checkout. The only way to get 20% off is to go to JoinDeleteMe.com Lawfare20 and enter the code lawfare20 at checkout. That's JoinDeleteMe.com Lawfare 20 code lawfare20.

Siemens Advertiser

Need real insight from industrial data versit with a single source of everything and get the best outcomes. Transform the everyday with Siemens A Better

BetterHelp Advertiser

Help Ad hold on one second Mommy, I just need to. What if you had a room where no one interrupts? No notifications, no expectations, just space to talk with better help. Therapy happens in a space that's yours. Visit betterhelp.com randompodcast for 10% off your first month of online therapy. Marketers, you know that feeling when your creative clicks, when that social post sends engagement through the roof, when your outside of the box campaign hits ROI positive. When a personalized homepage turns prospects into customers. It's utter marketing bliss. Contentful helps you create tailored omnichannel experiences without working overtime. No stress, no limits, only possibilities. Get the feels@contentful.com

Jonathan Sederbaum

okay, let's look at another of the groups you profile. That is the Conti Group and you feature an attack of theirs that also got a lot of attention. That is their attack on the government of Costa Rica, notably its Ministry of Finance. How was Conti organized and what do its operations show us about the nature of ransomware threats?

Professor Anya Shortland

Conti was an absolute gift to us as researchers of ransomware space. It was a pan European part of the Central and Eastern European crime group. They spectacularly collapsed in the aftermath of the Russian invasion of Ukraine when part of the group put up some message boards saying we are fully in in support of President Putin and his special military operation and some of the Eastern European and Ukrainian particular affiliates and associates and members of the group said no, we are really not happy about this. So we got a whole cache of leaked documents and communications going over months. So we know a lot about this particular group and it was organized like a proper firm. They had about 60 to 100 employees fluctuating over time. They were organized in six different departments. There were coders, there were pen testers, there were reverse engineers. There were the specialist hackers. There are those that maintained an attack infrastructure. But perhaps most interesting, I found the human resources department because it really show the problems of trust within such an organization when you only knew people by their pseudonyms. You don't know whether they're sitting in Ukraine, you don't know whether they're police or whether they are committed or not committed. Max Smeets has a book that has a lot more detail on Conti than my book has, which only has a chapter chapter on it. But he ends up concluding that it just sounds like a really badly run Internet startup. And I thought, yes, but that's exactly what it is. Because sitting in countries, specifically Russia, where the government tolerates, if not smiles on that kind of activity, they don't have to hide. They can even have an office. They can have a physical presence. It really shows a lot about the geopolitics of ransomware. And the attack on Costa Rica was just a really terrible way of dealing with the fundamental rupture of the Conti group where they said, okay, well, we've got to reconfigure. Let's create a big distraction somewhere. Let's that's pushed this poor country to the brink of ruin. Let people starve. Everyone will be looking at Costa Rica while we quietly reconfigure our operations to make them more Russian.

Jonathan Sederbaum

Very good. I want to echo your recommendation of Max Smith's book Ransom War. Max, as some of our listeners may know, is a brilliant scholar of cybersecurity. And he was just a few months ago a guest on the warfare podcast we actually had him on, just as we were having you on Professor Shortland to discuss his book. So listeners maybe who are interested in your book may be interested in his as well. Let's talk a little bit about just one more of these sophisticated ransomware organizations that you analyze, and that is the lock bit organization. And you not only describe the organization, but the efforts of law enforcement to take them down. What are some of the morals of the rise and fall of Lockbit?

Professor Anya Shortland

Well, Lochbert was centered on a rather nasty, but perhaps not uncharismatic character who ran his operation fairly loosely or somewhat lax in his attitude to their own cybersecurity. And while they were super profitable and really egregious in their attacks, he also managed to let in law enforcement into their communication channels. And the National Crime Agency of the uk, joined by a lot of other law enforcement agencies, spent many happy weeks going around the servers and finding out absolutely everything about the Lock, bit, machine, and then decided to implode it spectacularly by hijacking the site and really revealing a lot of the internal workings of that group with the intention and successfully to undermine the trust that victims have in the promises of these ransomware gangs. So there has been a change from the second generation to the third generation ransomware, where data exfiltration is at the heart of the extortion. So you're relying on the honor of thieves again that say, well, we've exfiltrated your data, but if you pay us a ransom, we won't reveal it. In fact, we will delete it. Well, it turned out they hadn't. So that trust was destroyed by this law enforcement operation. But they also really targeted the affiliates they targeted. They revealed the identity of the leader of the Lockbit group. So hopefully, and apparently Lockbit imploded, has not come back, even though the leader was very determined to do so. But yeah, it's changed. The ransomware landscape has become much more fractured as a result of that operation. One of the NCA leaders of the law enforcement action there calls it Frankenware. And I think you get the point.

Jonathan Sederbaum

Well, speaking of that landscape, putting aside North Korea's very capable state sponsored hacking groups, which you also devote a chapter to, are there any significant ransomware organizations that are based outside of Russia and Eastern Europe, particularly Russian controlled portions of Ukraine? It seems as though this industry really is geographically concentrated.

Professor Anya Shortland

Well, there's lots more. Cybercrime.

Jonathan Sederbaum

Yes, of course, there are cybercrime groups of different kinds in other places. But just focusing on ransomware, is that a real specialty of Russia and its. I was going to say satellites. I'll say neighbors, sympathetic neighbors.

Professor Anya Shortland

It is, because it does need a great degree of technical sophistication that the Russians and the North Koreans have. But it also requires that focus, that profit motivation and that real hostility that says, well, we don't care if people die in medical facilities, we don't mind switching intensive care unit equipment off. That requires something that not many countries. That antagonism doesn't exist in that many countries. China of course, has great technical capabilities, but they're using it for espionage. They don't need to earn money through that kind of insidious threat. There are some groups sponsored out of Iran, but of course Iran doesn't have an Internet at the moment at all. But if you are a hacktivist who is looking to cause destruction, then you can rely on Iranian sponsored groups to provide you with ransomware malware. So that exists. And the HANDELA group in particular, but it's not as big and it's not as well organized, and it's not on that industrial scale.

Jonathan Sederbaum

Very good. We've been talking a lot about the ransomware industry. Let's flip over and talk a little bit about responses to ransomware efforts to reduce the threat of ransomware. You discussed several of those approaches. One of them you talk about was an effort actually organized through the private sector in the US Though, drawing on people from many parts of society, and that is the ransomware task force that put out an extensive report with many recommendations about how to defend against ransomware and reduce the burden of ransomware. Can you tell us a little bit about that task force and what some of its key recommendations were?

Professor Anya Shortland

Yes, of course. So it started in 2020, when private sector was absolutely aware of the problem of ransomware, and it was so, so difficult to get the government, particularly the US Government, interested in tackling what is a wicked problem. It's super complex. And in effect, they couldn't really get any politician to run with an agenda. So what they thought is, let's get everyone together, everyone who's active in this space, everyone get a voice. Let's discuss what we can do, and when the Biden administration comes in, let's give them a cheat sheet of what they could do. It was a real effort to put the computer security and law enforcement and think tanks and policymakers in the room and really discuss what to do about preparation, about resilience, about computer safety, about policy, about regulation. They managed to come up with a list of 48 recommendations. And they said, you can't really choose. Pick and choose. You've got to do all of this, and it's going to be so much better. And it was such a hard sell. Except a week later, there was the attack on Colonial Pipeline, which finally focused political attention on the threat of ransomware. And there was some diplomatic activity with President Biden having a conversation, a direct conversation, with President Putin, saying critical national infrastructure is off limits and civilized nations don't harbor criminals who do that sort of thing. So we've been relying on that rather fragile consensus ever since. But, yeah, unfortunately, the community could not come up with one big policy idea that would solve the problem. The idea of a ransom ban, saying, I won't just let's take the profit motive out of it. That never worked. Because in the end, if their lives are at risk or livelihoods at risk and a company is hemorrhaging money, the commitment to saying we'll never pay ransoms is just not credible.

Jonathan Sederbaum

If you look back at that list of the 48 recommendations from the ransomware task force, were there any on that list that proved influential in practice?

Professor Anya Shortland

Yes, of course. Lots of things that we could do as individuals and we still can do more. But really, basic cyber hygiene recommendations of multi factor authentication, having sensible passwords, not recycling those passwords, patching the computer where the update comes up, all of that is so important. And of course, the vigilance against all these social engineering attacks. I think a lot of companies have learned many, many lessons over the last years, but this is a co evolution of crime and security. We've also learned a great deal about resilience. So one thing is not getting breached, but the other thing is, well, how likely is it that you can say, well, thanks but no thanks, I don't need a decryption key, I've got my offline backup, here's my memory stick, I'm good. It's about what you put online in the first place, what data you hold, what confidential data you collect. So I think we've become a lot wiser in terms of that. In terms of really resourcing law enforcement. Well, I think more could be done. I think we have to have a really grown up debate about how ready we want to be for this threat, but also what our plan B is when the light goes off somewhere part of the country or there's no drinking water because somebody's decided that they're going to target that part of our national infrastructure. We still have to have that conversation, unfortunately.

Jonathan Sederbaum

Anya Shortland, thank you so much for joining us on the Lawfare Podcast. Professor Shortland's book, Hackers and Heroes in the Shadowy World of Ransomware, will be on bookstore shelves, at least in the United States, on April 28th. You can learn more by getting yourself a copy.

Lawfare Podcast Host

The Lawfare Podcast is produced by the Lawfare Institute. If you want to support the show and listen ad free, you can become a Lawfare material supporter@lawfairmedia.org support supporters also get access to special events and other bonus content we don't share anywhere else. If you enjoy the podcast, please rate and review us wherever you listen. It really does help. And be sure to check out our other shows, including Rational Security, Allies, the Aftermath and Escalation, our latest Lawfare Presents podcast series about the war in Ukraine. You can also find all of our written work@lawfaremedia.org the podcast is edited by Jen Pacha with audio engineering by Kara Schillen of Goat Rodeo. Our theme song is from Alibi music and as always thank you for listening.

Skyrizi Advertiser

My perfect day has sand, salt water and friends, but my moderate to severe plaque psoriasis can take me out of the moment. Now I'm all in with clearer skin thanks to Skyrizi Risankizumab RZA, a prescription only 150mg injection for adults who are candidates for systemic or phototherapy. With Skyrizi. Most people saw 90% clearer skin and many were even 100% plaque free at four months. Skyrizi is just four doses a year after two starter doses.

Siemens Advertiser

Don't use if allergic to Skyrizi. Serious allergic reactions, increased infections or lower ability to fight them may occur before treatment. Get checked for an infections and tuberculosis. Tell your doctor about any flu like symptoms or vaccines.

Skyrizi Advertiser

Thanks to Skyrizi there's nothing on my skin and that means everything is everything. Ask your doctor about Skyrizi, the number one dermatologist prescribed biologic in psoriasis. Visit skyrizi.com or call 1-866-Skyrizi to learn more.