In today's podcast, we learn that Shamoon is back, again probably from Iran, and again hitting Saudi targets. Mirai infestations are turning up in the UK; observers see a criminal race to round up the biggest bot herd. Fancy Bear is also back, and still pawing at WADA. Good backup practices enabled San Francisco's Muni light rail to recover from ransomware. Palo Alto warns of a new Android Trojan. Facebook says there's no way ransomware was hidden in Messenger images. Firefox patches the zero-day that threatens Tor anonymity. Professor Jonathan Katz from the University of Maryland explains why ransomware crypto is hard, and Group iB's Dmitry Volkov describes ATM jacking group Colbalt. Germany mulls going for more surveillance, less privacy, as investigations of ISIS operations continue.