In this episode of Security Nation, we're joined by Philipp Amann of Europol. Jen and Tod chat with Philipp about No More Ransom, a Europol-lead effort to combat ransomware by providing technical means to unlock encrypted drives, covering dozens of ransomware kits from Alpha to Ziggy, as well as working with a bunch of countries' national police forces around the world. Oh, and here's a spoiler: NMR estimates they're responsible for saving almost 1 billion dollars in ransom demands over its 5-years-and-counting run. Amazing! NMR also:
- Features 121 decryption tools addressing 151 ransomware families
- Has been downloaded approximately 6 million times
- Saved victim orgs approximately $900 million in unpaid ransoms
- Read more on NMR in Jen’s recent blog!
Tod and Jen then lament the COVID-19 situation in Las Vegas (stay safe and healthy out there, everyone!) and chat about the latest NTLM attack technique, dubbed PetitPotam. And new on the blog this week: show notes! Just head to the bottom of the page for all the references you could ever want.
Philipp Amann is the Head of Strategy at the European Cybercrime Centre (EC3). EC3 Strategy is responsible for assessing and acting on relevant trends and threats related to cybercrime and cybersecurity. Other key areas of responsibility include managing EC3’s industry advisory groups, prevention and awareness, and capacity building.
Philipp has worked in various fields; these include the financial sector, global disarmament, international investigations, and on issues related to safety and security in cyberspace, all topics about which he cares deeply.
- Philipp Amann Head of Strategy at European Cybercrime Center
- No More Ransom, an incredibly useful self-serve library of ransomware crackers
- Need some specific guidance on what to do if you suffer a ransomware attack? Check out NMR's publication!
- Also mentioned in the show was Europol's annual Internet Organised Crime Threat Assessment report, which is a great read.
- Interested in partnering with NMR? Send in a request here!
- The Rapid Rundown is mostly about the PetitPotam proof of concept NTLM attack, as discovered by @topotam77
- Microsoft's helpful mitigation KB for the sameSANS Diary writeup of this novel NTLM attack that demonstrates the risks