The Attack Japanese e-commerce giant Askul became the latest victim of a sophisticated ransomware attack that compromised over 700,000 customer and business partner records. The attack was carried out by the notorious Ransom House cybercriminal group in October 2024, causing massive operational disruptions that lasted for months. Double Extortion Tactics This incident showcases the evolving threat landscape where cybercriminals employ double extortion methods. Rather than simply encrypting files and demanding payment, the attackers first spent time quietly stealing over 1 terabyte of sensitive data before launching their encryption attack. This calculated approach leaves victims facing two devastating threats: pay the ransom to unlock systems and prevent data publication, or refuse payment and face both operational shutdown and public data exposure.Company ImpactAskul, a major player in Japan's B2B office supply and logistics sector, detected the breach on October 19th but couldn't fully restore many services until early December. Their highly automated logistics systems were completely shut down, affecting countless businesses that depend on Askul for daily operations. The company made the difficult decision not to pay the ransom, resulting in the attackers following through on their threats by publicly leaking stolen data in November and December.Attack MethodologyThe cybercriminals gained initial access through compromised credentials, then systematically explored the network, disabled security systems, and strategically deleted backup files before deploying file-encrypting malware. This methodical approach demonstrates the sophisticated nature of modern ransomware operations.Broader ImplicationsThis attack is part of a troubling trend affecting major Japanese corporations, with companies like Asahi breweries and media giant Nikkei also falling victim to similar attacks. The incident raises critical questions about corporate cybersecurity preparedness and the impossible choices companies face when targeted by ransomware groups.What's At StakeThe compromised data includes approximately 590,000 business customer records, 132,000 consumer records, plus thousands of records belonging to business partners, employees, and company executives. This breach highlights the far-reaching consequences of modern cyberattacks that extend well beyond the targeted organization to affect entire business ecosystems.Discussion PointsBen and Chloe explore the ethical dilemmas faced by companies under ransomware attack, the evolution of cybercriminal tactics, and the real-world impact on businesses and consumers. They examine whether paying ransoms truly protects victims or simply funds further criminal activity, making this a must-listen episode for anyone interested in cybersecurity and corporate crisis management.

The New Face of Cargo TheftTraditional highway robbery is dead. In its place, a sophisticated new breed of cybercriminals is using artificial intelligence, deepfake technology, and social engineering to steal billions of dollars in freight without ever touching a truck. This podcast examines the alarming rise of cyber-enabled cargo theft and its devastating impact on the transportation industry.Staggering StatisticsThe numbers tell a shocking story. Over 700 cargo thefts occurred in just one quarter of 2025 across the US and Canada, with stolen goods valued at more than $111 million. Annually, these crimes cost the American economy up to $35 billion, representing a fundamental shift in how cargo theft operates.How Digital Heists WorkModern cargo criminals operate like Fortune 500 companies, complete with structured enterprises, HR teams, and specialized departments. They purchase stolen credentials and company intelligence from the dark web, including shipping lanes, driver records, and billing templates. Using this information, they infiltrate logistics networks through social engineering, hijack legitimate accounts, and reroute valuable shipments to their own operatives.The AI Revolution in CrimeArtificial intelligence has become the criminal's most powerful weapon. Cyberthieves now generate convincing phishing emails and create deepfake voice calls that perfectly mimic trusted colleagues and drivers. These AI-generated communications can trick dispatchers into changing delivery addresses or authorizing fraudulent pickups, making detection nearly impossible through traditional methods.Beyond Traditional SecurityThese attacks go far beyond simple data breaches. Criminals infiltrate dispatch systems, spoof GPS signals, and use business email compromise to take control of legitimate communication channels. The line between digital compromise and physical theft has completely disappeared, with cyber intrusion often serving as the precursor to stolen freight.Fighting Back with Human IntelligenceDespite the sophisticated nature of these attacks, there is hope. Transportation companies investing in cybersecurity awareness training and phishing simulations are seeing measurable reductions in successful social engineering incidents. A well-trained, vigilant workforce has become the most effective defense against these evolving threats.The Future of Freight SecurityThe 2026 Transportation Industry Cybersecurity Trends Report warns that attack automation will soon move faster than human response capabilities. As criminals target the software and APIs connecting the entire supply chain, cybersecurity has evolved from an IT concern to a fundamental business survival issue.What This Means for YouWhether you work in logistics, transportation, or simply receive packages, understanding these evolving threats is crucial. This podcast explores how the convergence of digital technology and organized crime is reshaping cargo theft and what industries are doing to protect themselves.Join Ben and Chloe as they break down this complex cybersecurity landscape, examining real-world attack methods, industry responses, and the critical question of how to verify authentic communications in an age of perfect AI deception.

The Story

CyberVolk, a pro-Russian hacktivist collective that disappeared for most of 2025, has made their comeback with an updated ransomware-as-a-service operation. Operating entirely through Telegram, they're offering their malicious tools to aspiring cybercriminals in what appears to be a sophisticated franchise model for digital extortion.

The Critical Flaw

However, their new weapon called VolkLocker contains a devastating security blunder that renders it completely harmless. Cybersecurity researchers discovered that the encryption key needed to unlock victim files is hardcoded directly into the ransomware itself. This means anyone infected can recover their data for free without paying any ransom.

What This Means

This episode explores the fascinating contradiction between CyberVolk's modern delivery system and their fundamental technical incompetence. While their Telegram-based infrastructure includes slick automation features like automatic screenshots and real-time infection notifications, their core product fails at its most basic function.

The Bigger Questions

Ben and Chloe examine whether CyberVolk represents genuine hacktivism or simply financially motivated criminals hiding behind political rhetoric. The addition of ransomware to their traditional DDoS and cyber-espionage activities suggests a clear profit motive that contradicts typical hacktivist behavior.

Key Takeaways

This story serves as a reminder that not every cyber threat comes from untouchable criminal masterminds. Sometimes the most notorious groups make embarrassing mistakes that completely undermine their operations. The episode concludes by questioning whether easily accessible but flawed cybercrime tools still pose risks by lowering barriers to entry for potential attackers.

Discussion Points

The hosts analyze the technical sophistication versus operational failures, the blurry line between hacktivism and cybercrime, and the broader implications of ransomware-as-a-service models in today's threat landscape.