One year after the Colonial Pipeline hack

A new plan to combat Russian-built malware. [View in browser]( [Bloomberg]( Hey, it’s Jordan in London. A new kind of cyber software aims to disrupt ransomware groups. But first... Today’s must-reads: • Megacap tech stocks [are sinking again](, dashing hopes that the worst is over • Oyo Hotels is [shelving plans]( for an initial public offering in 2022 • YouTube CEO Susan Wojcicki [said the business is still]( working to curb misinformation A new approach to an old hacking problem When a Russian ransomware gang crippled the computer network of Colonial Pipeline last year, disrupting US fuel supplies, a group of cyber pros who were selling hacking tools to American intelligence and law enforcement agencies say they had a disturbing insight. That attack showed that cybercriminals were willing to damage US critical infrastructure in ways that many nation-states are reluctant to do outside of wartime. “It made them the largest threat to us,” said Jon Miller, a prominent security researcher and entrepreneur in southern California.  Why not—Miller and his colleagues thought—adapt the offensive techniques they’d developed to infiltrate foreign computer networks into defensive tools designed to counter ransomware? The result is a type of security software that seeks not only to block ransomware before it can cause damage, but also to hunt for weaknesses in ransomware code to trick the virus into self-sabotaging, then reveal secrets about how it works—classic hacker techniques. If ransomware still slips through, the software immediately records everything happening on the system, so the damage can be reversed, and victims won’t have to pay. “We know how people are doing all these attacks undetected, and we’ve literally built our product to stop it,” said Miller, co-founder and chief executive officer of two companies: Boldend, a maker of offensive hacking software for the US government, and Halcyon, an anti-ransomware startup. The key, he said: “We know all the dirty secrets that they use because we use them, too.” Boldend made news in January after [the New York Times reported]( that the firm claimed it was capable of hacking WhatsApp, an encrypted messaging app, before the service published a software update. Miller declined to discuss the company’s offensive hacking technology in detail, describing it only as a “platform used by the US government to architect, design, build and test cyberattacks.” Boldend doesn’t sell zero-day flaws, a reference to unknown software vulnerabilities that technology firms have spent zero days fixing, Miller said in a reference to the New York Times report. Companies spend billions of dollars trying to stop hackers, and yet many attacks slip through. What makes Miller’s company Halcyon different, he says, is that it only has to be good at stopping ransomware—the opposite of how many omnibus security products work. The Halcyon product uses some traditional approaches to scanning unknown files to block ransomware, but Miller said the company’s key innovations are an “exploitation engine” it developed, which uses automated tools to look for vulnerabilities in the code, and a “resiliency engine,” which immediately records the actions of any ransomware mistakenly allowed through. For instance, Miller cites the fact that Russian hackers program their ransomware so it only functions outside of Russia. By manipulating the automated checks the malware performs, Halycon’s software can trick it into believing it’s landed in Russia and to stay inert. Miller said that on the offensive side, understanding how to create attack software that can locate and defeat such defensive countermeasures is crucial for developing nation state-level hacking tools. “The idea is to exploit their software development and find holes that we can use to detect and block ransomware,” he said. “There are dozens of these.” As an example of the latter, Miller said the recording function can be used to recover decryption keys hidden in the ransomware’s code, and to understand each step it took to damage the machine, so that damage can be undone without paying. That function is not an outgrowth of offensive work. “It just seemed like the most reasonable way to do it,” Miller said. —[Jordan Robertson](mailto: jrobertson40@bloomberg.net) The big story Wall Street lenders are [calling on the US government]( to hold off on launching a digital dollar, arguing that a virtual currency backed by the Federal Reserve risks draining hundreds of billions of dollars out of the banking system. What else you need to know Tencent’s billionaire co-founder Pony Ma [shared a viral piece]( on the economic costs of China’s Covid Zero measures, a rare public show of frustration. Private equity firm EQT is [considering the sale]( of a minority stake in Nordic fiber network operator GlobalConnect. Uber signed a deal with [Italy’s largest taxi dispatcher]( that will add more than 12,000 drivers to the US company’s platform. Adam Neumann of WeWork fame has raised $70 million for a new [carbon-credit startup](. Twitter’s annual shareholder meeting Wednesday will be like “ragnarok,” a former board member told [Bloomberg TV](. Follow Us More from Bloomberg Dig gadgets or video games? [Sign up for Power On]( to get Apple scoops, consumer tech news and more in your inbox on Sundays. [Sign up for Game On]( to go deep inside the video game business, delivered on Fridays. Why not try both? Like getting this newsletter? [Subscribe to Bloomberg.com]( for unlimited access to trusted, data-driven journalism and subscriber-only insights.​​​​​​​ You received this message because you are subscribed to Bloomberg's Fully Charged newsletter. If a friend forwarded you this message, [sign up here]( to get it in your inbox. [Unsubscribe]( [Bloomberg.com]( [Contact Us]( Bloomberg L.P. 731 Lexington Avenue, New York, NY 10022 [Ads Powered By Liveintent]( [Ad Choices](