This is CBSI in the world. I'm John Bachelors. The headline, US Energy Department, other

agencies hit in global hacking spree. The word ransomware is used in the explanation.

For my understanding, I need any fixer of the Foundation for the Director of Democracy.

The director of the Center on Cyber and Technology for FDD. Any a very good day to you.

Ransomware and ransomware associated with a Russia-based group, which has the usual puzzling

name of C10P. What is ransomware? And what is the extent of the damage we understand so

far? Good evening to you. Good evening, thanks so much for having me.

So this is very much an evolving attack and the scale is significant, but how damaging

this is is still something we're trying to decipher. The organization that you mentioned

exploited a particular vulnerability in a particular piece of software called Move It, that many

organizations including government agencies use to transfer data from one place to another.

And so this particular vulnerability, the organization exploited it. They launched an attack

using that software and they have gathered data from a bunch of different organizations.

And then what we would appear to be the cases that they are extorting the victims saying,

if you do not pay us, we will release your data. And then it's one avenue that ransomware

groups use to try to collect payment. Another way is that they will encrypt your data.

They basically lock it up so you can't access it. And then again, extort you for payment

so they'll really, so they'll give you back your data. And so they can sort of go one

of two routes. It appears they're just threatening to release data, but it is hit a number

of very large multinational companies and something like a dozen US federal agencies.

We're still trying to understand the scope.

My reading in the past has told me many private companies do not publicize that they've

...