The Security Ledger Podcast

The Security Ledger Podcast


Episode 151: Ransoming the City with Cesar Cerrudo of IOActive

June 27, 2019

In this week’s episode, #151: Cesar Cerrudo, the head of research at the firm IOActive joins us to talk about the recent spate of massive ransomware payouts and why municipal government networks are the favorite target of hackers these days.

It happened again. Less than a week after Riviera Beach Florida agreed to pay a whopping $600,000  ransom to get their data back from hackers, another Sunshine State city’s administration has been forced to do the same. On Monday, the City Council of  Lake City Florida, population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000.

Podcast Episode 141: Massive Data Breaches Just Keep Happening. We Talk about Why.

Cesar Cerrudo is the CTO at IOActive.

This follows incidents in bigger cities, including Baltimore which notoriously turned down a $70,000 ransom demand, and ended up paying upwards of $18 million to recover data from thousands of city systems. 

But why are cyber criminals going after the computers and networks of cash strapped municipalities?

Report: Obvious Security Flaws Make ICS Networks Easy Targets

To better understand what’s going on we invited Cesar Cerrudo, the Chief Technology officer in charge of Research at the firm IOActive. Cesar is the founder of Securing Smart Cities, a non profit that provides guidance and advice to city governments on how to secure their networks. 

He is also the author of the IOActive report “An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks.” (PDF)

I started our conversation by asking Cesar what explained the surge in attacks against cash-strapped municipal computer networks.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.