Globalbob Show episode number 22 Less rock. Man listen to that rock and roll music feels so good to be back here in beautiful central Florida from my trip to Las Vegas. One thing that is different than here in Vegas, there's actually a lot of things that are different between here in Vegas, but one is the humidity. And you know, we're always at 80 plus percent on the humidity unlike in Vegas. And those of you that know that have traveled out west and come back to Florida. That's one of the first things that slaps you in the face as you're coming down that jetway is that that humidity. Like to thank everybody that continues to tune in to the show each and every week. The listenership continues to go up. And that is a good thing. But I am back. I am back in the Richard Cook broadcast facility and bringing you this wonderful show this week. Like to thank everybody that tunes in and those that get other people to subscribe. You can always find the Globalbob show, of course on the website, www dot Globalbob show.com. You can find us out on Facebook Globalbob Show and on Twitter at Globalbob show. And if you want to email me What do you think that email address is? That's right. Globalbob show@gmail.com So the old field commander here we made our way back from Las Vegas, in something that was interesting to me was is that the weather was really nice, no weather to speak of like clouds in the skies and stuff. Whenever I got to the wonderful McCarran Airport, McCarran Airport, and I boarded my flight, going to take a little short flight down to Phoenix and then catch the flight from Phoenix to Orlando. And whenever I got on the flight, the beautiful stewardess was asking everybody if they wanted a drink before the flight took off, and, of course, Commander, Bob's not going to pass up a free drink. And when we were getting ready to push back the taxi, the pilot came on and said that he has asked the stewardess to stay in their seats, asked everybody on the plane to stay in their seats, because it was going to be very bumpy and choppy going down to Phoenix. Which I thought was interesting, right? Because here in Florida, when the captain says it's going to be a rough walk ride, you can look outside and see the thunderclouds. And no, it's going to be a rough ride here in Florida. But there there was no clouds. But I can tell you right now, oh field commander Bob here, he was bouncing around like a BB in a boxcar. I mean, that was it's got to be the roughest flight. I had been on in quite some time. So all I could think of is that maybe the weather that we had out there was kind of moving through maybe some thermals off the desert. But yeah, that was something that was kind of interesting, you know, being a pilot myself, you know, usually you can look outside and see what the weather is, but on this particular one, that was not the case. So of course, we made it down to Phoenix, okay, and get on the second flight. But I'll tell you, I can tell you just from flying out to Vegas, you know, I used to do a lot of traveling myself. And people kind of took the seatbelt signs as a suggestion. Sometimes I saw people that were, you know, not listening to the stewardess and this is back before COVID But when that pilot said, Everybody stay in their seats. He followed on and told us that those stewards and stewardesses represent him in the cockpit and that it is a federal crime to disobey their orders. So apparently, I don't know if that is his talk that he gives people that are partying in Vegas and on their way home or what but that pilot was pretty stern, which I appreciate that, you know, these stewards and steward is first of all, they got to put up with us for hours on in, sitting in our seats and fidgeting and stuff. have, you know, when you're on the airplane, just listen to them do what you're supposed to do. They don't want any trouble. But I thought that was interesting also. All right, so let's get on with the show. Now I get this question from time to time. And it seems like I've been getting it more and more. Now back on Episode 17, we talked about how antivirus companies don't write viruses. Now, that is a something that we cleared up in Episode 17, that there are plenty of viruses to go around. We don't have to get out there and write viruses. So people buy antivirus. But what I want to do is, is expand on that a little bit and talk about a specific type of virus, or malware. And that is ransomware. And that is the title of this episode is ransom, were ready. Like I've explained before, a lot of times, the show that I put together is based off of previous week's conversations. And this show is no different. I was out in beautiful Vegas, and I get a phone call from a friend of mine. And I'll leave his name out of it because he is a friend and industry. And I don't want to reveal who their client was. But this was another one Globalbob, what can we do, I got a client whose computers have been infected with ransomware. Now, not just computer computers, so plural. And as you can imagine, that is a bad day for a client is to come into your office. And word quickly spreads that laptops and desktops are displaying the telltale sign of ransomware. Now, if you've never fallen victim to ransomware, you may not know what the message is that it displays, but there will be no doubt in your mind. Basically all ransomware display a message that says your files have been locked. A lot of times there is a countdown timer until complete destruction. So it may say you've been infected with ransomware, you have 24 hours or 48 hours to send whatever the amount of money is that it's displaying on the screen to a Bitcoin wallet. Now these ransomware folks, they know that not everybody has Bitcoin and Bitcoin wallets and even how to pay the ransomware actors. So a lot of times on the screen, they will tell you, this is what you need to do, you need to transfer some money to say one of these exchanges that are reputable. And then once you get your money transferred in, then you need to transfer that money to a bitcoin address. And from there, they will send you a key to unlock your files. And there's different variants of it. But that's generally what it is. Something that I find interesting is that they actually tell you how to get money out of the the banking system and then to the crypto wallet. And so they're giving you instructions on how to do this. And once you of course pay that ransom, then you're hoping they will send you the key, and you can unlock your computers and go on about your business. Now there's a bunch of issues with this right? One is, is that if they were able to land on your box, what other files did they take? What else do they do? You know, just like with any ransom in the real world, not in cyberspace? You don't know if they're actually going to give you that key or give you back that property of which they are asking the ransom for. Now, let's take a little sidetrack here, and I want to ask the listeners, especially my listeners that own businesses. Now, how do you know if your ransom were ready? How do you know you can survive one of these? Well, it's pretty simple. If you want to see what your survivability is. If ransomware lands at your company, just go to work, unplug all the desktop computers. And anybody that used a laptop the day before, they're not allowed to open the lid on it. Right? So basically, this is a lights out scenario, could you run your business and restore your business files without touching basically any computer that you use the day before? And that's essentially what ransomware does, it shuts down the computing systems inside of a company or this lands at your house, your house computer. So if you cannot go down to say BestBuy, or staples or whatever, big box store very quickly buy a generic laptop and restore all your business files and all your business processes, then you're not ransomware ready? Same thing for your house, take your desktop at your house if you have one. Or take your your laptop at your house if you're a parent, you know, not necessarily in the business. But if you're a parent to just can you restore all your personal files, maybe your your tax information, family photos? And if you cannot do that, then you are not ransom were ready. Now for my business owners, if you get one thing out of this episode, hopefully it is one day you could be hit with ransomware. So why not start today, to ensure that you are ransom were ready. And that we've thrown around the word malware we've thrown around the word virus and other terms. But let's talk about what is ransom, where. Now I define ransomware is a type of malware that blocks access to resources like files and computers, until a demand is met, like sending money. And whenever I say send money, I mean send lots of money. So according to Panda security, the average ransomware demand for like a business or some company is usually around $570,000. That's right $570,000. Now, there's a couple of different ways that people make money off of this ransomware. And we'll talk about a few. There are generally two ways that these folks make money off of ransomware. We've mentioned what the average demand is for ransomware. And so that is the people that have delivered the ransomware to the computer or computer network, and they're wanting the direct cash or money. But there's another way that these malware authors generate funds. And this is providing ransomware as a service. Now, I've been in the security business for a while now. And we've seen these as a service type models arise. But with this particular one, the people that are developing out this ransomware, they will advertise on the underground markets, like in the dark web and say that they have ransomware as a service. And if you subscribe to their service, they will send you everything you need to start distributing the ransomware. And we'll talk about some of those distribution methods later. But looking into this, it was kind of like a business advertisement, I found one on the dark web that actually offered 24 hour a day seven day a week Skype support. So I guess if you're a criminal and your ransomware isn't performing properly, then you can reach out to them for support. They also offer free updates if you continue to pay them their monthly service. And these updates can include new methods of distribution. He also if your ransomware gets picked up by antivirus before it's able to encrypt files, they'll be able to give you a another variant of that. So to me, I was thinking to myself, Wow, this is actually kind of crazy. I mean you have these malware authors that are selling this as a service to to people that are not technical enough to write their own ransomware, that then they can distribute it. And digging into this model a little bit more, I've found that a lot of times the actual bitcoin wallet that you send to isn't the bitcoin wallet of the actor that place the ransomware on your computer, you're actually sending it to the ransomware folks as a service, and they in turn, take their percentage or take out, you know, whatever compensation and then they forward the remaining bitcoins back to the person that is renting the ransomware. And it was just crazy, you know, the more I looked into it, it's almost like these guys were trying to run this as if it is a legitimate professional business. So what industries are under attack the most. And that happens to be the goods and service sectors. They're the largest ones that are being attacked by this ransomware. And you can only imagine why. Before when ransomware first started getting popular, it was more of a spray and pray, you had someone that would quickly create some ransomware. And they would just email it out to everybody. And so you had the person that was writing the ransomware. And the person delivering the ransomware being the same person. And they didn't necessarily care where all it landed at. And so anytime that it is very broad net, that is cast, I call that the spray and pray. But now times are changing. Because the antivirus companies and even your vendors that provide IP blocking DNS blocking, they're very quick to jump on these ransomware networks and enable to block them. And so what happens is, is that if you do the spray and pray method, then there's a good chance that the ransomware is going to get picked up by antivirus. And so now you're seeing that they're being a lot more methodical. I say they I mean, the ones that are getting these big ransoms, right, these half million dollar ransom. So they're not just doing the spray and pray. That's probably the ones that aren't technical. And they're written the ransomware as a service. And so they're going after the goods and services industry. Because as you know, and goods and services, it's very much real time. And if all of the computers are locked up, then time is money, and therefore, they're more apt to pay the ransom. So how does ransomware actually land on your devices? Well, it's the same as any other type of malware. But there's a couple more popular ways with this particular one. Now, it could land on your device via an email attachment. I know we say it over and over and over again, don't click on attachments don't that you don't know who they're from. But I mean, we got to keep saying it. Because that is one of the tried and true methods of delivering a payload. You got to think your computer's, as we talked about before, even at your home network, they're behind what they call a router. And without getting too technical. The router has a piece of software called a NAT, which stands for network address translation. And essentially what that does, as we mentioned in previous podcast that allows all your computers at your house to share one public IP. Now something that is inherent by running a NAT means that your computers at your house are not directly attached to the internet. That means a bad guy or girl outside of your network cannot drill through and touch the IP address of say, your laptop or your iPad that is on your home network. So what happens is just like in any malware, you have to be able to land on that network. And the only way really to land on that network is to get a user to somehow initiate a connection. And so email is one way that it can be delivered. And when you click on that attachment, or you click on that link, your computer's then going through the Nat and then to the internet, and that's when the malicious attachment or your browser window gets copied Mind and the attacker can then start doing things. So that's the main point I want you to remember here is, is that most of the time with ransomware, it is actually initiated by someone clicking on something. So, yes, the email attachment is a tried and true method to land on the network. There's also another way is, is that your one computer can get affected somewhere, and then they get on to your network. And once someone is on your network, let's say whenever Globalbob was traveling, if my laptop was to be infected, because I was at a internet cafe or something like that didn't even have internet cafes, we were back in the day when you'd go there and rent time on a computer to check your email. But so my computer could already be infected, I come home. Now I'm on my local network, and my computer may infect other computers. And of course, we got the thumb drive, or the removable media that could have the malware on there, which yet again, it's a user putting something into their computer, or someone doing something that's initiating this malware. And of course, this is one that's pretty popular is these website redirects where you're searching something on Google, you click on a link, and maybe Windows is spelt with a z instead of an S, you're in a hurry. And then you get prompted to download a file or, or your browser gets compromised by going to a bad site. Now, I mentioned the internet cafe. And really what I really should have said was, you know, malicious access points. And I've given this demonstration many, many times where I can run an access point your computer gets on it, it goes to the internet, but it's being fed through my access point that has a cellular modem in it. And then I can inject little things on to the computer. So some of these malware authors, what they'll do is they'll set up these malicious access points, and they'll go hang out in front of places that serve up free Wi Fi, like say, McDonald's and Starbucks and Chipotle. And the person that comes in, they don't know they just jump on the chipotle Wi Fi, but it may not be the real Chipotle Wi Fi, it could be the attackers and all that person's doing is putting malware on computers. So when you go home that can expand to your other network, or what they're really looking forward to is your office network. Now the last way I want to tell you that ransomware gets on computers is is that they'll send it via messages, right. So you get that pop up on your phone that says your credit card has been deactivated, please click here to re activate your card. I'm just giving an example. And I know that you may say well, I click that on my phone. But a lot of people, if you have a Mac, and you're logged in, then you get your messages on your Mac computer also. Or if you're in Google Hangouts, or AOL Instant Messenger, there you go. I'm dating myself. But however, so when those people are, are sending messages to your phone, I've heard people say, I don't know why they send this to my phone iPhone secure. I mean, I click on it, and it's it's not going to do anything. But it's not that what they're trying to do is get you to click on that when you're on your computer, and not on your phone to try to get that to be delivered. So back to the main defense against ransomware is the human. And you can't get on to people by saying hey, why did you click on that link? I mean, some of these ransomware folks, not the ones that are doing the spray and pray, but the ones that are actually targeting a company, they are very, very good. And the way that they could distribute the ransomware is is to actually break into the web portal for your mail. So if you have Office 365 Or you have Google Docs or your Gmail, what they'll do is they'll compromise a mail account, because what do we say over and over? Don't click on any external links from people you don't know. But what they'll do is they'll compromise that and then start sending the files from that account to other people in that company. Case in point, if, say, the owner of your company was to send you an email instead As here's the attachment for the quarterly report, you'd probably click on it. I mean, everything checks out, okay? But what it is, is that they compromised that person of authorities account, and you can't go get on to the person that clicked on it, because it's like, they followed all the rules, we say, you know, it was from the owner, I rolled over the email address, and it looked like it checked out. And that's just how crafty that they are. All right, so we talked about how to see if your ransomware ready, which probably about, I'd say 99% of the listeners probably are not. Hopefully after this, you'll go back to your companies and think about your personal devices and see what you can do to ensure that you are ransomware. Ready. Now, I can't have the show here. Without giving a little bit of history, I find that a lot of my listeners love hearing the history behind things. So here we go. Where did ransomware actually start? Now, whenever I was researching this show, I thought, in my mind, were probably around the 2000s is when this started to happen. But actually, the first piece of ransomware was written by your host here, global Bob. I'm just kidding. I will tell you this here. So my cousin, she got a computer. And she was in high school. And this was a monochrome computer, we're talking about like the 386 days. And just being a funny person like myself, I took and wrote a little batch file that when the computer started up, I told her display a message it says, order me a pizza, or you'll never log into your computer again. Well, she wasn't at her house whenever I did this, and I actually forgot I had done it and went home, I didn't live too far away. couple miles away, I get this frantic phone call from her saying that she knows I messed up her computer, and she's not buying me a pizza. She had a few expletives in there, and that I needed to tell her the password to get past the screen. So I told her the password, and she went on about her way. And so maybe that could be the first piece of ransomware. That was actually written but no, that's a joke. The story is true, but it was not ransomware, all she had to do is hit control break, and it would have got her out of the program. But anyways, when was the first one written, and like I said, doing the research, I was pleasantly surprised. It was written in 1989. And it was called PC cyborg when it was first written. And it was written by a fella named Joseph pop, who was a PhD, and AIDS researcher. So this guy is pretty dang smart. You know, he's a PhD and researching AIDS. And what he did was now this is crazy. So whenever I talk about ransomware, and that someone has to do something or trick you into doing something, this guy actually distributed over 20,000 floppy disks. Now, for my young listeners out there, the floppy disk was a, I think it was five and a quarter, five and a half inch, actually floppy little disk that had magnets in it, and the data was written to it. So he distributed 20,000 floppy disks, to AIDS researchers and AIDS research facilities in over 90 countries. Now this is a 1989. Now somebody needs to unravel with his story and do some more research. I mean, if those discs were $1 apiece, and I do believe they were more than$1 apiece back then. I mean, that's $20,000 This dude had wrapped up. But anyways, he told them that the disc contained a program that could analyze a questionnaire and it would put a risk score associated with that person on the chances of them contracting AIDS. Now, I haven't seen the questionnaire but kind of the way I would think this is is is that you know you answer all these questions. Do you do this? Do you do that? Bah, bah, bah, bah. And then at the end, this program would analyze and say, hey, you know, you're a high risk person for AIDS. So, now, going back to what we just talked about the email from the boss. I mean, this is a trust factor, right? Your boss sends you an email, and you click on it and it contains ransomware. Well, this guy, I mean, he was a PhD. He was doing AIDS research and so people probably trusted him. So when they got a disk from him, you know, it was no big deal they inserted, it wasn't like they found this discount in a parking lot, I'm sure. Now, what happened was is that once this ran, some malware would demand a payment of $189. And then there was another demand for $378 for software licenses. I'm trying to think to myself, I can see, you know, the, some money for this, but why $189 Or why 378. So, I'm sure there's something behind that. Now, when this went out, this was amazing, because this was the first piece of ransomware. And they dubbed this the AIDS virus just because of the person that put it together and the folks that it was targeting. So back in 1989, was kind of the stage being set that early on for ransomware. And we've talked a little bit about, you know, that being distributed on floppies, and then the later becoming the ransomware as a service. And then by 2015, we started getting these ransom wares that we all know about. So you can see the delta between 1989 and 2015 is when like crypto wall and scatter and fury, and all of those started to show up on the scene. So there we have it, that is a little bit about ransomware, how to see if your ransomware ready, and just do the test. I mean, just, you know, think about that. Because, you know, once your files are locked, your field commander here cannot unlock them. There's a lot of stuff they do with the encryption. And at one time, you know, they would publish some keys or some white hat hackers would figure out a flaw in the ransomware and then publish those decrypt keys. But as you can see, when they're charging ransomware as a service, these folks are very good at this now. And so the chances of you getting back your files without paying the ransom, is probably next to impossible. But here are some things that you can do to try to get yourself in a better position, create backups, and not just Well, I backed it up last month, I backed it up last week, you need to create really good backups. And if you don't take anything from this podcast whatsoever, just please take away that you need good backups. And you need to test those backups. Don't just say, Well, I'm backing it up. Because when ransomware lands on your computer, especially the ones that are lying dormant, to get the big ransom, then they could have landed on your computer systems, maybe a month ahead of time. So what happened is, and I've seen this happen is that ransomware hits, someone says, All right, we got the backups, let's back it up to yesterday. And they back it up to yesterday. And then the next day they come in they're hit again because that ransomware is lying dormant. And so you're basically backing it up to a day that still had ransomware. So what I recommend on backups is backup once a day, and you know, have that backup. So you got a 24 hour backup, then backup once a week. So you can take one day and go back seven days to be one week. And then one month, because what you'll have to do is figure out the deltas between those backups to see where can I back up to or the various files I can back up to where I don't put the ransomware back on. So backups are what is the number one defense against or number one recovery from without paying the ransom. Now of course you need to have antivirus on all of your boxes. That is another you know, no brainer. But here's another thing too is is that when you have your guest Wi Fi at your offices, I've seen this more times than not there's nothing different between the guest Wi Fi and the corporate Wi Fi other than it is a SSID that's being broadcast that says guest but you jump on there and I'm telling you most of the time it's the same network. So what you should do for your vendors and people that are coming in and out is actually have a separate network that is completely separate and that's just for the guest network. So when those folks Come in, then they're virus laden, laptops, and devices do not start infecting your network. And then, you know, a lot of times people are doing this bring your own device to work, something that you can do is subscribe to a service that will do what they call DNS filtering. And matter of fact, there's a service that I use, they're not affiliated with Globalbob show at all. I'm not invested in them, but I just know that I use them, it's called DNS filter. And what you do with DNS filter is, is that you take your home Wi Fi or your business, Wi Fi access point, and you got to fill out some basic information from your ISP. And your ISP gives you DNS servers to set your access point to well, if you set them to DNS filter, then what what they'll do is, is that if it's a malicious domain that that computer is trying to get to, they will block it. So it's very, super simple. Go out to DNS filter.com. And within a few minutes, you'll have an account set up. And then the other thing that's nice about that, I mean, there are ways around it. But another nice feature of DNS filter is that you can see the the websites that people are going to that are on your network, and you can control what they can see like maybe at your office, you want to block porn, or you don't want them to be able to get to various sites. And so with DNS filter, you get a lot, but what I like about DNS filter is that it's very simple. And anybody that comes onto your network, if you have that set, then it is a basic way to offer a lot of protection for everybody without having to put antivirus software on their computers. So I mean, I'm not saying it takes the place of antivirus. But it is a good way. The other thing is, like I mentioned for these big big ransoms, they're actually compromising user accounts. First. I know everybody hates two factor authentication. But please, especially your executives, because they're usually the ones that are targeted, make sure you have two factor authentication. And it doesn't have to be the very intrusive one where every 24 hours, when you check your email, you have to, you know, type in the magic numbers off the authenticator, you just have it for new devices. So make sure you turn on two factor authentication. And then of course, you strong password. So everything that we've talked about before is very, very relevant here. All right, well, we're at the bottom of the half hour, actually a little past the bottom of the half hour. So hopefully you learn something. Hopefully, I didn't scare you too much, but just enough where you'll go to your companies and look and think about their posture for how would you recover your business. If everything that you touched electronically, yesterday is not available today. And in your personal life, I hope you evaluate where all your pictures are stored at and you take measures to ensure that if you were to become victim of ransomware that you don't lose all of those pictures and tax documents and personal files are well I just like to thank everybody for riding along here with Globalbob as we cruise the highways and byways of cyberspace and do what we can to make sure that you are well informed, well educated and in this podcast, make sure that you are ready for ransomware if it ever was to land on your devices, to thank you so much and I will see everybody next week.