Renee dudley is a Technology Reporter at propublica previously is an Investigative Reporter at reuters. She was named a 2017 Pulitzer Prize finalist. Her work uncovering systematic cheating on College Admission tests. She started her career at daily newspapers in South Carolina and new england and has won numerous journalism, including the Eugene PulliamFirst Amendment award, the Ransomware Hunting Team, a band of misfits, improbable crusade to save world from cyber crime is her first book. So with that you for joining us today, renee, im pleased be here. Thank you very. So your your first book and when you this my understanding is this wasnt necessarily going to be a book so did you stumble into writing a novel . Yeah. Well, its not not a novel its actually narrative nonfiction. Its a true and you know, my like you mentioned my is as a corporate investigator and reporter i worked at reuters and right before i joined as a tech reporter with virtually no Tech Experience background at all. I was i was reporting on on big fortune 500 companies and got know chief Information Security officers and top i. T. Folks from these from these companies. And one thing i would hear time and again from them is we cant get our boards of directors interested in investing cybersecurity even though we know this is a huge issue. And at that time this was around 2018. One of the things that they were increasingly worried about was ransomware. And ill just lay it out for those of you who may not be as familiar ransomware is a type of malware that encrypts files on your computer and it it demands a ransom to get those files back youll have to pay a hacker demands have have dramatically increased from hundreds of thousands of dollars a decade ago to millions and tens millions these days and i thought oh, thats interesting ransom where so when i when i joined propublica my my editor who later my coauthor he just about as tech savvy as me which is to say he was not at all tech savvy. And when i mentioned this phenomenon, john, that people werent investing as much as they should be in cybersecurity, he got interested away. And just the ransomware itself, he was blown away by the fact that there was ransom. Peoples computer files could be held for ransom, just like kidnap for ransom. And we decided to go all in on ransomware as a series in 2019 for propublica and. I started reporting it. We were convinced that there would be some us angle to ransomware beyond. The fact that there are so many us victims. And as i started, everybody who knew anything about it direct in me to this man that they knew by a demon slave. Three, three, five. And i. Okay, whats his real name . I dont know. We just know im by david slay three five. Okay, so i find on twitter where hes got, you know, a gazillion followers and i track him down to his employer, which was cannot make this up a nerds on call it a repair shop in the town of normal illinois. So you know as a reporter im thinking well this is fantastic i already love it im this is you know and i call him up and he was he was surprised to hear from me because hes, you know, a quiet humble, modest guy who doesnt with, you know, any press, let alone the national press, frequently. And we got talking about and when he saw that, i was serious and was asking the right kind of questions he really he went all in and we got to know each other. And he was very helpful in helping me report the series that will probably end up talking a little bit more about it in a while. But he he he was so great i wanted just his name was Michael Gillespie. And michael so great at making complex easily accessible somebody like me and was instrumental in helping us helping me prove you know who some of the bad actors were in this space beyond just the hackers themselves because in the on the us side of things there were some enablers were making this economy go round. And as i was reporting this series, you know, mike, michael continued to be a help and i learned that he was a part of this team called the Ransomware Hunting Team. And its a group of a dozen private researchers scattered across across the globe who devote their time and their resources to fighting the crime of ransomware for free and in their spare time, they develop tools to help people recover their files. Having to pay hackers without having to see that ransomware and. I learned that since been active in 2016, theyd saved of people from paying billions of dollars to hackers, which is remarkable because theyre not just saving people from paying this money, theyre also keeping money out of that ransomware economy. When youre not feeding the kidnaper of your files, youre making the crime less profitable and, less people are likely to get into into it. So i was really taken by the fact that there were these people out there doing this. And in the spring of 2019, i decided that it was time to go meet michael in person. So i did that he i flew from where im based boston to his his home base in rural and by this point i knew michael was the foremost code breaker. This team theres hundreds of strains of ransomware where 700 800 strains of ransomware and hed cracked more than 100 of them and he was cracking more than anybody else even on this team doing this remarkable work. But when i got to his house, it wasnt what i expected. So heres a guy who, you know, you know, i come come up as a, you know, corporate investigator, science reporter. You know, usually when somebody the worlds greatest at what they they have all the trappings of such they have handlers and schedulers they have people doing their public relations. You know, have your people to my people, not Michael Michael greets me from his front porch swing and a working neighborhood. His is in desperate need of repairs. Hes a big animal fanatic. Hed adopted eight cats and a dog and a couple bunnies from the local shelter. He took in. Theyre all kind of, you know, hairballs that are flying around like tumbleweeds. And, you, the one needs to be mowed and the leaves to be raked and his, you know, hey, come sit down on the swings, start swinging on the swing and and then he picks up his phone and theres 40 new direct messages on twitter and another dozen messages this popular, you know, computer help site, you know, called bleeping computer. And hes responding to people who are just clamoring, desperate for his help to retrieve their personal their university theses. Theyre corporate trade secrets, their law firms, client records. You know, just ran the whole spectrum. And he had respond to a few and then come to me, respond to a few more, come back to and as the day on he he he we went from talking about ransomware to talking his his his life and what the toll that ransomware had taken on it. He told me he was 28 years old at the time. He had just overcome cancer. He was struggling, make ends meet. He and his wife fell behind on their payments and they had to surrender their car to the bank. They fell behind their mortgage payments and they almost lost their one month. Theyd have to turn off the water so that they could pay the electric and then theyd switch it the next month. They were really and all the while responding to thousands of victims a month and helping them for free and doing all of this without without any kind of recognition or thanks or payment and. I was so taken. I was really blown away that he was not motivated by the typical things that motivate people, fame, money, power. Hes doing it because its there. He knows can hes knows he is one of the only people in the world who is going to do this. And, you know, as somebody was bullied in his youth, this was his way. Like other members of the team, a lot of them feel its their way to get back at the boys of their youth, to protect place that they feel intellectually at home, which is the internet and and gone on to help millions of from paying billions of dollars and so it became a profile for propublica and the series that ran in 2019 got after especially once that profile ran got quite a bit of attention from literary agents and subsequent life became the book. Yeah, with that opening you can see why is not just a 1200 word article that runs once its a deep about people thats also going to have the theme of ransomware, the ethics and other through it. And well cover some of that as we continue to have our chat here today. So youve get to this. You meet michael, youve written this series on this. And so as youre going series to book here and as youre laying this out, so lets go through and talk some. So youve talked about the Ransomware Hunting Team, but who is our arch nemesis in this . So who is the other piece that the the people that are doing the ransomware, are they just 100 completely evil or is its a little more complicated . Yes, it is. Although one of the criminal organizations that ill talk about is appropriately named evil corp. So, i mean, if youre doing the crime, youre going to that spirit and you. But its a good question and this is one of the things that we weve really to get at in the book. Who is the other side of this . And one of the things there are some unexpected things, you know, maybe i shouldnt have been surprised this, but one of the things that i found that i found surprising is the hunters and the hackers. Remarkable similarities. Theyre mostly young men. Theyre mostly selftaught the hunting team. You know a number of the members, the only one or two of them graduated, college. Some of them didnt even finish high school. They learned their craft, their craft, the cryptography, the reverse engineering malware. They learned this from watching youtube tutorials, getting books out of the library. And the evidence suggests that what the hackers do to theyre not theyre not they dont have, you know, a huge record of Higher Education. Theyre selftaught. You know, the evidence suggests many of them are gamers, just like the team, and they have even similar interests in movies. A number of the team members, theyre with disney, Michael Gillespie, his Favorite Movie is the lion king. And theres a strain of ransomware called acuna, which had and so theyre theyre obsessed with cryptography, which is, you know, the study of codes and code breaking and and theyre using their skills the same for two different reasons. One is creating ransomware, and one is fighting it. Theyre the thing that separates them more than anything is their greed. Now, that said, know theres been some interesting back and forth banter among among the hackers and hunters. And its one of the things that that keeps exciting for them. You know, the hackers know that the are picking apart the code, their ransomware. So then insert little messages in it and from time to time there will be a little recruitment message, you know, use your skills, come to our side. We love your skills. You can clear, you know, a couple hundred thousand in one weekend if you just, you know, put them to use the way that we think should. Of course, the team would never do. But in darker moments you know any of a number of them like michael are with a financial stresses you know they know if they they applied this for the you know the wrong they would be able to those those problems go away but course they would never do this. You know the hackers themselves cause you know they run the gamut too. I got to know a hacker, adrianne, who described himself as in it, a professional who couldnt a job. And he was living in the middle east. And so he to put food on the table. Well, how did he do that by ransomware . He decided to start a strain that he called ziggy. And he hit people. He said he was politically motivated. He hit people in the us and israel charging them few hundred dollars a pop to get their files back and was his way of feeding his family can find a job he wasnt interested in guy because to hundred dollars at the time that he was active which was in 2020 even then was you know that was a small change i mean that was really not this was as ransomware amounts were really drastically exploding and so eventually adrian decides he feels badly about what hes done and it may be coincidental or not, that he was having this these guilty of a global Law Enforcement crackdown, ransomware. But in any case adrian decides to get out of it and like everybody else in ransomware, he approaches this. Damon say three, three, five in terms over the keys and, michael develops a tool so that people can recover their files for free and and he does that and adrian ends up giving refunds to people who had already paid. Thats on one side that sort of the quaint ten days of ransomware thats not evil, its not evil corp. Evil corp really represents the side of things. Ransomware these days is much more likely to be sprawl and criminal organizations that in many ways reflect typical corporate structures of of normal, aboveboard. Theyll have Human Resources departments, payrolls, theyll have specialized missions. Theres people who do everything creating the malware itself. Theres people theres a separate department to do the vulnerabilities, you know oftentimes these hackers are located in Eastern Europe and theyll theyll have who are english language specialists will run the negotiations because know oftentimes you can negotiate the hackers to lower the ransom demand. Theres people who do the money launder and its become very highly and evil corp run by hacker whos now indictment by the u. S. Justice department. His name is maxime jacob. Its it really represents this new era of ransomware and. This is the way that most of these gangs, the most successful gangs that are these days are structured. You cubits is interesting for a number of reasons. One is that he, although hes under indictment, he feels so secure in freedom because hes in his in moscow and he you know, he feels so secure. He drives around moscow in a lamborghini with the license plate that translates to because he knows that hes never yet, even though hes under u. S. Indictment, hes never going to be extradited because the us does not have an extradition agreement with russia. Obvious only his father in is a known friend of vladimir and at the time of his indictment you qubits was known to be working on behalf of the fsb, russias intelligence agency. So its its its scary for a number reasons. One is just the sprawling nature of these criminal organizations, these days, but also the fact that so many ransomware gangs if theyre working at the behest of enemies of the u. S. , theyre at least working under their protection. And in the case of evil corp and and many other ransomware gangs these days ransomware historically, you know, a decade ago and and and even more recently had the Main Objective was to lock your files so that your parents nowadays hackers will steal your files before lock them. So when you think about that in terms of like. Maxine mckew bits working on behalf of the fsb, and youre thinking about the kinds victims of ransomware that youve read about in the news, its anything you know, he and his gang are taking anything from Health Records and, you know, corporate, intellectual to potentially state secrets. So its yet another disturbing new twist in. Yeah, so youve got this idea of this lone hacker individual which like adrian not really whats driving most this its well run criminal organized enterprises they have 800 numbers as you said you can call because in order to pay ransom is cryptocurrency and more have learned about it now. But if you go back to 2016, even me being the tech industry, figuring out how to get a Crypto Wallet and all of that stuff to pay ransom was so they set up one 800 call number help center. So that you could call them and talk to them and they would teach you how to get your your cryptocurrencies. You could pay them. So you go through this transitioning here, paying these ransoms. So ethical, not ethical, good idea, bad idea. Walk some of the things you cover in the book about should you pay the ransom or not. Yeah i mean its its the ethical dilemma of book and we you know our inscription at the beginning of the book is if once you paid the dan guild, you never get rid of the dan the kipling the kipling poem and same was true of the dan guild is true of ransomware. If you pay a ransom youre feeding the ransomware economy youre making the crime more profit. More hackers will get into it and then they can charge more money, theyll have more victims. And the crime keeps going round and round and round. On the other hand, you know, when you look at it from the victims side, things if you are a victim without adequate of your files and you you, you know, say, you know, a business or a hospital and you need to get your files restored to get up and running, you may not feel like you have a choice and it really becomes becomes this dilemma. We at a few cases one and then theres cases where you want to pay, but it cant happen fast enough. And there was a case involving a hospital in alabama. You know, the electronic Health Records were down and the various systems monitoring were shut down. And newborn baby died because ransomware shut down the fetal monitoring and it was all know where where this monitoring ordinarily would have happened at the nurses station and the nurses would have seen the distress, the fetus they didnt see that the baby died severe, would have delivered by csection. But ended up, you know, being delivered normally and and with severe brain damage. Died, died shortly after being born. We looked at the case of baltimore, which was in the news a few years ago. Some of you may remember this the baltimore was hit ransomware and the mayor famously resisted paying the ransom and it was widely seen as being a brave ethical decision. You know, especially, you know, theres a lot of sensitivities when taxpayer dollars are at stake, especially. Well, what ended up happening is the cost of recovering from backups without. Paying the ransom ended up being orders of magnitude more than the itself, which drew other types of criticism, of course, but its thing that a that that all victims have to struggle with and is the reason why members of the ransomware hunting would and the fbi and everybody else would suggest that prevention is the best is the best approach. You dont want to you dont want to need the services of a Ransom