This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Everyone. I'm Drexon. This is the two minute drill where I cover some of the hottest security stories in healthcare, all part of the 2 29 project, cyber and risk community here at this week. Health, it's great to see you today. And don't forget, toward the end of the week, I publish a written version of the show.

It's called The Two Minute Drill Extra for people who would rather read their podcasts. It's a collection of all the weeks hottest security stories and a transcript of this show all. Put a link in the comment section for all the extra newsletters, and I hope you'll check 'em out. Okay? Uh, here's some other stuff you might wanna know about.

Let me tell you a story that still makes my head hurt when I think about it. So imagine that your health system gets hit by ransomware. It's bad. Systems are down, and phones are lighting up, and people are panicking. The community is in an uproar. So you do what you're supposed to do. You call the experts, you bring in an incident response firm, and you bring in a ransomware negotiator, and a bunch of other people.

These are the people you trust with your survival. But on December 30th, the Department of Justice accepted guilty pleas from two Americans. The first was Ryan Goldberg, a 40-year-old incident response manager at Signia, S-Y-G-N-I-A, a respected cybersecurity firm specializing in breach response. His job was to help companies recover when they get hacked.

And the other accomplice in this scheme was Kevin Martin. A ransomware threat negotiator at Digital Mint. A company that helps victims negotiate with attackers and pay ransom in cryptocurrency should they choose to do so. His job literally was to talk to ransomware gangs on behalf of victims. They were the kinds of firefighters that you're supposed to call when your organization is burning down during a ransomware attack.

But in this case, it turned out that the firefighters were also the pyromaniac who were setting the fires. They allegedly were connected to a ransomware as a service gang called Alpha V or a Black Cat, and you've heard me talk about them before. They're one of the most notorious ransomware as a service operations in the world.

It's the same hacking platform, allegedly the same pla uh, hacking platform that was used in the change healthcare attack that compromised 190 plus million patient records. So just a quick explainer with ransomware as a service affiliates like. Ryan and Kevin have an easy button to deploy. Ransomware, they leverage a Cyberg.

Gang's already written ransomware programs and infrastructure, and they use that to lock up victims and hold their data and their operations hostage. In this case a. Because they wrote the ransomware software. Alf V was supposed to get a portion of the proceeds as their payment. In this case, about 20% of the proceeds were supposed to go to the ransomware as a service provider, and 80% were going to the masterminds of this operation and the masterminds.

Um, an engineering company and a couple, I think, of defense adjacent manufacturing companies. Only one victim paid that payment though was for more than a million dollars, but it's estimated that there was nearly $10 million worth of damage done to those victims. The whole thing collapsed when the FBI seized the ransomware structure involved, and they got access to affiliate data, which included chats and payment records and a bunch of other stuff.

Whole ball of wax confessions followed. There was an attempted flight out of the country, and then there were arrests again. Both men pled guilty in December. Sentencing is scheduled for March 12th. They each face up to 20 years in prison. I'll keep you posted. That's it for today's two minute drill. Stay a little paranoid and I will see you around campus.