Navigating Ransomware and Cybersecurity: Insights from Cryptocurrency Expert John Morrissey

Summary

In this episode of Chattinn Cyber, Mark Schein chats with John Morrissey, Cryptocurrency Operating Compliance Director for Arete, focusing on various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John explains how he ended up in his current role, combining his cybersecurity background with his passion for trading and investing. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC when it comes to making ransom payments. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats.

John shares his journey of how he becomes the Cryptocurrency Operating Compliance Director for Arete. He mentions that he met Joe Mann, the founder of Arete, while working in the Virginia DC area. John became Arete’s first client when he ran a DFIR (Digital Forensics and Incident Response) services organization. With his background in cybersecurity and his passion for trading and investing, John found a perfect fit in his current role, where he manages crypto relationships and helps clients navigate the complexities of the market.

The conversation then shifts to the concept of crypto puzzles and the volatility of the cryptocurrency market. John explains that crypto is the most volatile asset in the world, and its value can fluctuate significantly in response to market conditions. He gives an example of how Bitcoin’s value dropped from $69,000 to $16,000 during a market crash. John highlights the challenges of working with a new industry that lacks regulation and dealing with assets that are highly volatile. He emphasizes the need to understand how all these factors fit together.

The discussion then turns to ransomware attacks and the changing demands of adversaries. John mentions that during previous market crashes, ransom demands were often made in Bitcoin. However, after the crash, there has been a shift towards demanding cash instead of Bitcoin. He notes that the ransoms are increasing year over year, with some groups demanding even higher amounts. John also mentions the increasing scrutiny and compliance requirements imposed by organizations like OFAC (Office of Foreign Assets Control) when it comes to making ransom payments. He explains the steps Arete takes to ensure compliance, including analyzing threat actor wallets, conducting blockchain analysis, and verifying the absence of sanctions.

Mark asks John how Arete can help in situations involving ransomware attacks. John explains that Arete is a full-service organization specializing in digital forensics and incident response (DFIR). They offer assistance from the moment a hack is discovered, providing a 24/7 phone number and email for immediate response. Arete’s team helps clients through the entire process, from triage to recovery, and even offers guidance on planning and prevention. If necessary, Arete can also assist with the process of making ransom payments.

In conclusion, the conversation between Mark Schein and John covers various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John shares his background and how he ended up in his current role. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. Arete’s role in assisting clients with ransomware attacks is also discussed, highlighting their full-service approach and expertise in digital forensics and incident response.

Key Takeaways

  • Cryptocurrency prices and demand for ransom payments in crypto vs fiat currency fluctuate a lot based on market conditions. When crypto prices crashed, ransom demands shifted to be mostly in cash rather than bitcoin.
  • Ransom amounts continue to rise steadily, with increases of 20-30% year-over-year being common.
  • OFAC regulations and government scrutiny are making ransom payments more difficult with requirements to verify the ransomware group is not sanctioned.
  • Arete offers comprehensive incident response services including forensics, monitoring, planning, and facilitating ransom payments if needed. They have a 24/7 hotline to call for immediate assistance.
  • It’s important for organizations to take cybersecurity seriously and invest in good tools and processes to avoid becoming victims of ransomware. Arete recommends deploying technology like SentinelOne for prevention and detection.

Key Quotes

  • 1:25 – “So it’s great taking some cybersecurity background and melding it with my market background. I became the crypto operations and compliance director at Arete.”
  • 4:03 – “But after it crashed, we actually saw very few pure bitcoin ransoms, and most of them in cash. So whether it’s the psychology of it or just they wanted some consistency outside of the volatility, but today, 95 or more percent of the ransoms are all in pure cash versus bitcoin.”
  • 5:32 – “So we actually take it upon ourselves to look at really every cyber indicator compromise. You always take a threat actor wallet and throw it on the effect sanction list … But we do a lot of analysis on the blockchain of prior transactions that the threat actor might have done.”
  • 6:47 – “We have an Arete 911 phone number. You can just do a Google search of ‘Arete 911’ and find us. So we have a phone number that’s 24/7, we have an email that’s 24/7. Once we receive your email or call, we will be on the phone with you within half an hour to help script that.”
  • 8:33 – “But there’s a lot of great. Yeah, a lot. But there’s a lot of great process and a lot of great technology out there to help you. But I think just take cyber seriously and, or if not, you know, you’ll find yourself in trouble one day.”

ABOUT OUR GUEST:

John Morrissey is a seasoned Technology Sales and Services leader with a strong focus on Customer Success. With extensive experience in assisting National Defense, Civilian Agencies, and Commercial Enterprises, John specializes in successfully implementing cutting-edge technologies such as Analytics, Big Data, Machine Learning, Cyber Security, Fraud, Risk, eDiscovery, and Investigative technology. Throughout his career, John has demonstrated a remarkable ability to build and grow organizations, delivering high-end consulting and enterprise solutions. He is a results-oriented leader with a proven track record of overcoming complex business challenges and making critical decisions with experience, good judgment, a strong work ethic, and unwavering integrity. With a keen vision, determination, and exceptional skills, John is adept at driving increased revenue and profitability for organizations. 

FOLLOW OUR GUEST:

LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN