BROADCASTS.com

Welcome!

Craig discusses the uptick in Ransomware and Phishing.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

7 reasons to pay for antivirus software and skip the free versions

YouTube TV jumps 30% in price effective immediately

Police roll up crime networks in Europe after infiltrating popular encrypted chat app

New Mac ransomware is even more sinister than it appears

Ransomware is now your biggest online security nightmare. And it's about to get worse

Apple's Silicon Macs promise screaming performance

TikTok and 32 other iOS apps still snoop your sensitive clipboard data

An embattled group of leakers picks up the WikiLeaks mantle

---

Automated Machine-Generated Transcript:

00:00:00] Hey, did you think WannaCry was the end, the final blow of ransomware. A couple of years back turns out it is back with a vengeance and I mean, vengeance.

You are listening to Craig Peterson. Of course, you'll find me online @craigpeterson.com. You'll find my podcasts. There you'll be able to subscribe to my email list. You'll be able to see some of the training stuff that I'm starting to do right now. You'll get announcements about Lives when I'm doing training.

So you can decide what makes sense for you in your move forward. Whether you're a career security person or maybe security is just yet another hat that you have to wear, right? If you're a business owner, it's one of a hundred hats you have to wear. Well, we try and have it all there for you. So, there's a good path to follow.

I had a really interesting discussion this last week

[00:01:00] because of a friend of mine. In fact, she's in one of my mastermind groups, she was saying that one of her best friends has been trying to learn about security and couldn't find any real courses on it. And the OpenCourseWare stuff is from 2014, which is in, you know, by today's standards very outdated and not of a whole lot of use because as I mentioned things like antivirus totally useless in this day and age. Okay.

So, there are so many things that we have to worry about and what I'm going to be doing more training on this stuff, but there's only one way to find out that is to be on my list.

So, let's get back into this. Cause this is just fascinating about ransomware. It was kind of a menace mainly for consumers. Back in the day, I had a couple of my clients that were hit with WannaCry. It never went anywhere inside their networks. It never encrypted –

[00:02:00] anything, at least the divisions I was covering.

The other divisions all got nailed. All got nailed very, very badly by the WannaCry ransomware. And they, I have one client who is a worldwide, a fortune 10 or 50 anyways, very, very big company. And they refuse to follow my advice corporate-wide. They did follow that my advice and one of their divisions and that division didn't get nailed with ransomware.

So, I'm pretty proud of that right now. All of the rest of them had to shut down all operations for a couple of weeks. Now with this whole COVID-19 shutdown, you know what that can do to a company. Very, very difficult. In fact, to this day, the division that we've been protecting is the only profitable division in the entire corporation, just absolutely amazing. So, the bad guys now

[00:03:00] realize they didn't have to steal data to make money. Like they used to do. All they had to do was make it almost impossible to access encrypting it. Unless we pay up. So there are some new twists now. Not only are they not just going after consumers, but they're also going after businesses, including large businesses.

Like for instance, the client I just mentioned, which is a huge company, many municipalities you probably heard about Atlanta. Got nailed with it. Like three times. They, everything went down, they lost everything. They couldn't collect taxes, even water payments, nothing. Oh, you know, they should have hired me.

Right. They hire these huge corporations that have no idea what they're doing. Right. They send out these kids that just graduated, paying them almost nothing with sleeping bags underneath the desks. That's a good way to tell, by the way, if you hired a good company, do they have sleeping bags under their desk? We're seeing

[00:04:00] now that they are also getting on to our computers. And usually, within about two weeks, they start what's called a lateral spread. So, they start to go from the one computer that they've compromised to other computers within the organization. So, they'll get on to the, you know, the CFO's computer, which we just found in one of our clients, a couple of weeks ago, that DOD contractor again, where they were using Malwarebytes, which is, as I said, pretty good.

They had some other antivirus software, but that computer, the CFO's computer ended up getting compromised and it had a back door and active back the back door on the computer. That's a huge deal, especially for the CFO, especially for a military subcontractor, just amazing the data that they

[00:05:00] were able to steal off of that computer.

They only found out because their Malwarebytes contract had expired. They said, Hey, you've been hounded us in us to put this AMP on it. So, let's put AMP on it. This whole anti-malware platform and a stack of software and you know, what the heck. It’s a lot more expensive, but let's try it out. So, we tried it out and bam right away.

On the first day, we found that as well as a number of other problems on their network. So, they'll spread laterally as they did in this organization here. This was just like a week or two ago. And that lateral spread is access to more data and then they will pull data off of the computers. So, there's another reason to monitor all of the outbound flow of data, which we do automatically for all of our mid-tier and above customers, where we're watching all of the outflows, right?

The exfiltration of

[00:06:00] data, where's it going? What's it doing? Is this normal? Is this normal for this time of day? Is this normal for this machine? Is this normal for this type of data? We do that all automatically. If we notice something. Oh, we have another client that we saw. That there was some data exfiltration going on to Mexico, which was not normal. Was not something expected? So, the systems automatically shut it down, set off our pagers. We had a look and indeed somebody had gotten into their network through a portion of the network. We did not control. So, we were able to catch that. Thank goodness. They were able to get a few gigabytes of data out versus the entire file server. Right.

Very, very big deal. So that's one way that the bad guys are doing it right now. They take your data and then they try and ransom it to you now. Yeah, they may encrypt all of your data. And part of the reason they do that is just to get you on your

[00:07:00] toes. So, you realize, Oh my gosh, somebody has been in here.

But the other reason they do that is so that they can come back to you and say, Hey, we have all of your customer's information. We have all of your intellectual property. If you don't pay us, we are going to post this up on the internet. Usually, they'll post it on the dark web. So the bad guys have full access to it.

Many times they will sell it and make a few extra bucks off of it. So, you know, you can pay them or the other bad guys can pay them. So we get, we've got to be careful about all of this. There are a lot of ransomware attacks going on right now. These groups are smart and sophisticated about half of the companies pay the ransoms.

So these bad guys are frankly, very well funded. They are skilled and you've got to have the right type of stuff. You've got to have the firepower firewalls.

[00:08:00] You've got to have the stuff that's constantly monitoring them. So you're looking for in intrusion detection systems and intrusion prevention systems, which the Cisco firepower stuff provides, but you have to be able to monitor it.

You have to have special, not just rules in place, but rules to watch the logs and everything. Okay. they also, by the way, the bad guys now are searching out encrypting any backups that organizations are leaving connected to the network. So think about that hard drive, you have connected to your computer that has all of this data on it.

And the bad guys will see that backup data and encrypted as well. So if you, if your only backup is something attached to your computer, It ain't going to help much in the event of ransomware. In fact, it's not going to help at all. So make sure at the very least you disconnect it when you're not backing up and that you back up every day or

[00:09:00] follow the training that I gave on backups, do a three, two, one backup, and that is going to keep you safe.

Okay. by the way, the police departments, the FBI, et cetera. They are not going to do much follow up on any of this type of stuff. Any of this ransomware, if it happens to you. And I've had so many listeners contact me M E @craigpeterson.com asking what do they do and how do they report it to the police and how do they get it escalated?

Cause the police don't seem to be doing anything. Okay. So be, be very careful out there, frankly. There's also some new ransomware that's out there for Macintoshes. Now you have to be a complete idiot for this ransomware to take, hold on your Mac, because it is going to pop up on your Mac multiple times asking you, Hey, do you really want to install this?

[00:10:00] This is from an unidentified developer. So, again, be careful when you are downloading software. It's, you know, my, one of my mantras, if you are grabbing software from an unknown source online, Be extra, extra careful, even if it is properly signed with an Apple ID, all that's going to happen is it gives Apple the opportunity to trace back where it came from, who might've been the developer behind it.

So this is real ransomware. It's called theft quest. It's got all kinds of menacing features, but it's very unlikely to infect your Mac anytime soon unless you're in the habit of downloading pirated embedded software. Cause what they're doing is they are packing this in with software on some of these BitTorrent sites.

So, so, yeah, it's a little bit of a problem, right?

[00:11:00] So yeah, first of all, you're getting there from a torrent site, which is probably questionable. Now there are legitimate torrent sites. I use them as well for downloading things like versions of, of, Linux, et cetera, et cetera. So there are legitimate sites out there, but there are many that are illegitimate.

So be careful. That's how you get nailed on a Mac. So we are going to be disappearing from most of these stations. And I appreciate you being with me today. If you miss part of today's show, or you'd like to hear the rest of it, just spend a minute here and go to Craig peterson.com/itunes or go to your favorite podcast program and right there do a search for Craig Peterson, but you know what?

It's even easier if you use iHeart or tune-in or iTunes, just go to Craig peterson.com/. For instance, slash  Iheart, slash tune-in. It'll take you right to my

[00:12:00] podcast and please consider subscribing because that really helps the numbers, which helps me to know that there are people listening. And if you are listening, drop me a note.

Let me know what you like about the show and some of the changes that have been underway and some of the changes that are coming up. Drop me a note as well. Craig peterson.com. Everybody, take care. And stick around or we'll talk next week. Bye-bye.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553