Topic Guide
What Is Ransomware?
Ransomware is a subject covered in depth across 3 podcast episodes in our database. Below you'll find key concepts, expert insights, and the top episodes to listen to — all distilled from hours of conversation by leading experts.
Key Concepts in Ransomware
Zero trust
A security model that verifies everything by default, granting the least amount of privileges necessary for users and applications to perform their job functions, rather than implicitly trusting entities within the network perimeter (35:24, 35:54). This episode presents it as a paradigm shift from traditional “castle-and-moat” security, offering superior protection against internal threats and sophisticated attacks by making trust explicit and continually validated.
Deny by default
An approach within Zero Trust where all applications and actions are blocked unless explicitly allowed by an authorized administrator (15:02, 36:56). Danny Jenkins highlights its importance as a fundamental change in security philosophy, making it effective against unknown malware and ransomware by preventing unauthorized execution rather than just detecting known threats, effectively turning application execution into a firewall-like function.
Script kitty
A derogatory term used to describe a beginner hacker who lacks deep technical skill and often relies on pre-made tools or exploits. Host Jack Rhysider suggests applying it to "Ransom Man" not for lack of skill, but for his 'reckless and careless' handling of extremely sensitive data [12:26].
Interpol red notice
An international alert issued by Interpol at the request of a member country, asking law enforcement worldwide to locate and provisionally arrest a person pending extradition. It was used by Finnish police to successfully track down Julius Kivimaki, leading to his arrest in Paris in 2023 [31:03, 37:17].
Wannacry ransomware
A devastating, wormable ransomware attack that rapidly spread globally in 2017, encrypting computers and demanding Bitcoin. It's attributed to North Korea and used the NSA's leaked EternalBlue exploit, making it uniquely dangerous because it spread without user interaction and often rendered files unrecoverable even after ransom payment [09:59].
Wannacry kill switch
An unregistered domain embedded in the WannaCry malware's code. MalwareTech accidentally activated this 'kill switch' by registering the domain, causing the malware to cease spreading. This mechanism checked if the domain was active before continuing its infection process [12:15].
What Experts Say About Ransomware
- 1.Ransomware attacks can be devastating, exemplified by a manufacturing company’s entire network of 250 servers and 350 endpoints being encrypted in 15 minutes by the Kanti gang, leading to a three-week business shutdown (04:05, 05:09, 10:23, 11:25).
- 2.Traditional antivirus and EDR solutions may not be sufficient to stop sophisticated ransomware, as one company found Malwarebytes enterprise platform “wasn’t really doing the job that we’d hoped” (13:33).
- 3.The “deny by default” or “Zero Trust” security model, implemented by ThreatLocker, blocks all applications from running unless explicitly approved, acting like a firewall for applications rather than a router (15:02, 36:56).
- 4.Zero Trust is not about saying “no” but granting the least privilege necessary for job functions, contrasting with “detection and response” models that only block detected anomalies (35:54).
- 5.Layered security (defense in depth) is crucial; ThreatLocker successfully stopped a ransomware attack at a hospital even after a threat actor gained full domain admin access via compromised VPN credentials because MFA was not implemented (21:03, 22:53, 23:26).
- 6.The effectiveness of ThreatLocker is supported by Danny Jenkins' claim that among 70,000 companies using the product, there has never been a ransomware case where policies were correctly followed, emphasizing its preventative power (43:53, 44:37).