Richard Stephens, Vice President of Gray Leaf Technology Consultants, chats with Kyle Webb about the nature of ransomware attacks and why organizations should be taking proactive measures to protect their assets.
Richard: (00:13) Hey everybody, Richard Stevens with gray leaf technology consultants with me today, I got Kyle he's also a great lead Kyle Webb. And want to just we're going to have a chat today about ransomware and some of the things that we do to help organizations prevent that from affecting them. So Kyle, let's talk, let's chat about, you know, what is it, you know, what is ransomware
Kyle: (00:37) Ransomware? You know, it's just in the name, Richard ransom, you know, you hear, you know, from all the movies and stuff, people kidnapping, and so, you know, holding them up for ransom, right? It's exactly the name ransomware where hackers and other cyber threats will actually steal data from companies and hold it for ransom. So for sums of money and I'll, and I'll, you know, it's happening every single day, you know, a lot of it's not in the news, but there are a huge cases in the news most recently, you know, there've been a few tax there was an attack on the city of Florence, you know, down in Alabama. You know, you know, so, so it's actually not disclosed on how it happened, but the biggest thing is that the data was stolen from them. And it was actually held, held ransom against the city of Florence that, you know, they, the hackers wanted the city to pay them some money.
Kyle: (01:26) I think it was about like $300,000, actually. That's all, you know, it's a huge sum of money to you know, especially if, if it hits you, it's really hard to really come back from that. And then, and then now once you come back from it, you gotta figure out, okay, how can we prevent it from happening again? You know, cause the biggest thing with, with, you know, hackers nowadays, always learning, they're always finding new ways to, to get your data, you know, and I actually think in the article, it States that they believe the hackers were already in their system even a month or two previously to the actual attack happening. So, you know, for a lot of business out there, you got, you know, that are my already be hackers with your data, just waiting for the right time to strike.
Richard: (02:10) Yeah, that's crazy. I mean, it's, it sounds like, you know, every day, you know, we're hearing more and more about, you know, these, these things happening and they're happening all over all over the world, all over the country. You know local governments high profile businesses Honda is I think another one that, that, that just got hit with some ransomware. And so how's it, you know, what is it a piece of code or, you know, how does it tell us how it works? It's a little
Kyle: (02:34) Bit, so the biggest thing is there's a few ways you can kind of go about ransomware. You know, of course one is data injection. You can directly inject viruses. That's probably the most high level, high tech kind of way of doing it, but you know, it can range all the way from that all the way down to just clicking on a simple email, like, you know, you click on one link, you put in some information sometimes I'll ask for company information, sometimes they'll ask for personal information. But you're putting in some sort of personal information that they can get a hold of, that they can track down, you know, other ways to inject their virus or, you know, find ways to hijack your data and keep, you know, make it their own. And they say, Hey, you want this back, you're gonna have to pay up some dough.
Kyle: (03:15) Right. you know, and so with ransomware, you know, it's, it's a huge, huge, huge industry it's growing every single day. Like you said, I was reading an article earlier this year that I don't know from based on last year that attacks have actually gone up approximately 40% since, you know, within the last five years. So, you know, it's a, it's a huge, huge industry and it's not. And when you say industry, you're thinking like, Oh, financial industry, something like that, you know, tech industry, but no ransomware, cyber threats, you know, the people were actually trying to get your data and hack. There are actually a whole industry in themselves, you know, they that's their job, that's their job is to make money and, you know, the way they make money is by stealing other people's, you know, IPS or, you know, things like that. Yeah.
Richard: (04:00) You know, the way it works is these guys, you know, they encrypt data. And then of course they ransom it back. And, and, and a lot, a lot of security firms out there are telling them, you know, Hey, go ahead and pay the ransom, because, I mean, obviously these guys wouldn't have a good business model if they got paid a ransom and then released all that private information. So, you know, it's, it's, it's actually a pretty decent business model, you know, a brands may getting, getting paid, and then of course keeping your word. That's how, you know these security firms are, are, are telling these guys to pay. So you know, let's talk about how this is affecting organizations, you know, all kinds of organizations that they're getting hit, but, you know, how does it really impact them?
Kyle: (04:40) Yeah. So, you know, when you get your data stolen, of course, you know, right away red flag, okay. Data was mine. It's not here anymore. Someone else has it. I don't, I don't want them to have it. Right. Usually it's personal information that they're trying to get or, or something high level that actually gives companies incentive to buy back. It's like you said, you know, sometimes it's better to, you know, just say straight up, pay him, you know, to get it back, you know, and then in the future, you know, we'll just have to do some damage control after that. You know, some of the biggest things that happened to to companies is actually, you know, just, just, you know, when the date of loss, you know, you lose data, you're losing revenue, right. Because, you know, once that data is out, you can't get it back.
Kyle: (05:21) It could be files, documents, you know, very important files and documents for clients that you're working with, that you just can't get back, can lead to lawsuits, you know, and, you know, in the news, you learn that, you know, if you get hacked or you get ransomware attack, it can be, it can be very detrimental to a company's business and their reputation, right. So you don't want to do business with someone who's not, well-protected, you know, you give them some, you know, if you're, if you're a client with a company and you want to give them some of your personal information from a company, you know, whether you're doing some sort of project with them that requires them to pass it along, you know, giving up that personal information is very risky because you just say, okay, well, they already got tax earlier this year. Why would I do work with them? If there's a high chance that it could happen again, of course, that business come back and say, no, no, we figured out the problems, it's all fixed and everything. But, you know, like I said, earlier, hackers are learning every single day and they are finding new ways to, to dive into a company secrets and steal the data that, you know, it's not supposed to be out there every single day.
Richard: (06:25) Yeah. I mean, another example is the city of Baltimore, they they got hit with a big ransomware you know, a virus ransomware attack. And, you know, they were you know, they were asking, the attackers were asking for $80,000 in cryptocurrency. Well, city of Baltimore was saying, I'm not going to have it. Nope. Not pay it well, $18 million later. They are back to normal and that, I mean, pay the 80 grand that they're asking for or 18 million to clean up, you know? So I think a lot of reasons, another reason why, you know, sending the right you know, putting the right things in place, the right training, the right backups can help you, I think, recover from a an attack like that. So, so let's, let's chat about like how this happens, you know, how does, how does, how does the company get infected?
Kyle: (07:17) Sure. And I'm actually going to share my screen Richard, so that we can kind of take a look at this together. Alright, cool. Alright. Can you see that? All right, Richard. Awesome. So, yeah, so what I'm looking at here is just as actually a, a test template for what you might receive in your work email for a phishing attempt. So the biggest thing that we're looking at here is, you know, you look up here and the title of the email preview says link. So the biggest thing in emails are the links. So, you know, for, for the viewers at home, of course, when you receive an email and you see a link and you're really not sure who it's coming from, and you're not really sure about the topic of what it's covering and you see a link you're normally like, all right, let me click on that and let me see you know, what it's all about.
Kyle: (07:59) Well, you know, right then, and there, you're kinda, you know, when you're kind of one step out the door of, of being insecure, because, you know, click on that link, it's going to take you somewhere. The website, it takes you to might seem a little fishy, but it's like, you know, this seems normal enough to kind of continue on and see what's going on. Let me put, let me make an account and see, you know, maybe something from my work, you know, maybe they made something new. Business wise and they want us to make an account and, and getting information on it. But let me make a new account anyways, you know, you're putting some personal information and next thing, you know you know, bank account gets hacked or social security, something that something very important to you that you put in that they got their hands on.
Kyle: (08:39) Another way of doing this is actually through attachments, which are actually a little bit worse. I say a little bit very leniently then just clicking on links. When you have an attachment, you can see here that there's actually an Excel sheet attached to this this template here, click on that could actually just right away download a .exe or some sort of malicious file to your computer where right away it could you know, act on its own. You know, it's a, it's a, it's a premade code that can actually directly infect your computer with some sort of a, you know, Trojan virus or, or, you know, like I said, malicious malicious fires that can steal your data, it can affect other people's computers. You know, it could hack your email to send emails out to the rest of your corporation which in turn will, can cause more people to click on the attachments, say, Hey, this came from, you know, Richard Stevens.
Kyle: (09:30) I know that guy, you know, he sent me something, you know, cool. Or he sent me something important for work, click on it. You know, now it's infected two, four, eight, 16 computers. So it's not just, you know, ransomware, I mean, this could be any kind of virus, any kind of malicious code or anything like that. Right. Absolutely. You know, it could, it could it's any kind of code that can coding and that can infect your computer and even bigger, you know, for all those all the companies that are using, you know, one drive for business and, you know, Dropbox and things like that, you know, you have your files backed up into that, you know, well, that's not always super safe either because now you're one drive's infected because the file that you just downloaded it, you know, got a hold of your one drive.
Kyle: (10:10) Now all those are infected printed, every basically encrypted everything connected to your computer. Right. That's how these, these, these guys, you know, encrypt network, app assets and things like that. Right? Yeah. So, you know, their, their main priority really here is to steal as much data as much as much important data I say as possible. So to give the company more incentive, to buy it back, right. And like you said, the city Baltimore, they have that opportunity to buy it back. They didn't really wait, you know, the results of not buying it back. And like you said, $18 million later, which is a lot of dough, a lot of money you know, you know, it makes you rethink, you already think, okay, what's the best case scenario in this situation, you know, and how do you prevent this? Right. You know, what, what happens when you prevent it?
Kyle: (10:54) You know, so really going back into this, you know, what I'm kind of looking at here is our automated security awareness program. Right. So right here is just a dashboard of, kind of goes over the metrics that we kind of, you know, we kind of show and w you know, the biggest thing is we kind of look at, or, you know, who, who clicks on these emails that we're sending out and, you know, what they clicked on, things like that. So the way this works is, you know, over a course of a month, each month, we'll monitor and we'll send out simulated phishing emails that you would actually see out in the real world. You know, some are kind of easy to detect others, not so much, you know, look, it was really just training to, to help protect an organization, you know, from being you know, from being attacked really, right.
Kyle: (11:37) You're, you're, you're training its users on despite these phishing emails. Right? Absolutely. Yeah. In Richard, you and I have talked, you know, off, off camera as well, you know, talking about, you know, what happens if you actually do get hacked or what happens when you hit a ransomware attack? You know, it's like, you know, what do you do? And really the biggest thing that we kind of specialize in and help to prevent that, to prevent it before it even happens. So you don't even have to worry about it. You know, I always say your, your employees are your, you're your strongest line of defense, but also your weakest, right? Cause they're not only the first ones to receive an email, but they're the first ones to make a decision. Am I going to click or am I going to report, right. So the way this operates is we'll send simulated phishing emails to staff determine who's actually going to click in the case of a potential ransomware attack.
Kyle: (12:22) And then you, and then we'll offer training and, you know, ongoing, consistent, high quality training to these staff members to to help instill in their minds that, Hey, this is very real. This is a very real threat. People are dealing with this every single day, even more so every single day, I wouldn't be surprised we've dealt with companies that have been attacked before. Absolutely. Yeah. And I wouldn't even be surprised about your 2022, 2023, you know, the, you know, the 40% number I, I I found earlier rises to 60 or 65%, you know, it's, it's, it's a huge, huge industry that's growing every single day. And you know, with COVID-19 going on, there's a lot of templates and a lot of emails that we actually use now, because there's a lot of hackers that have actually adapted to that virus and made their own viruses based on that.
Kyle: (13:11) So there's, there's a lot of things growing, and there's a lot of, there's a lot of things that staff and employees and companies need to learn about before they really feel like they're secure. So talk a little bit more about our process. Like we, you know, with our ASAP you know, training module and training program, like walk us through the process of, you know, how you you know, you send out these phishing emails, we see who clicks on these, and then from that we can design training regimens for repeat offenders. Right. Right. Sure. so yeah, looking at this, you know, again, like I said before, this is our dashboard kind of just goes over, you know, an overall risk score. We monitor, you know, who clicks on what, who replies to fishing the simulated phishing emails, such as say, we can see how many are sent out.
Kyle: (14:00) Essentially this is all, this is all, you know, month by month basis. This is just us monitoring. Now, once we understand who's clicking, you know, we can actually go in straight into the you know, the training part of it. So the training part is we'll actually create a training module based very tailored based on who's clicking and what they're clicking on. So if people, you know, it's very tailored to the company as well, right? So if you have a company that's, you know, doing stuff with like food or health, health regimes and things like that, you're not going to do a whole lot of like sports equipment emails and things like that, right. You're not going to send out emails about you know, Dick's sporting goods is having a sale on this or that there might be some people in the company.
Kyle: (14:42) But again, the main thing to really look at is really tailored to the company and then make them the most secure. So the way we do it is, you know, based on the company will send out simulated phishing emails, tailored for them, and then we'll see who's clicking, enroll them in training programs. So that way we kinda, you know, first we pinpoint all of our efforts on those who are most willing to click on things that we have monitored. But that doesn't mean we're leaving out everyone else. It just means that they're going to have the most, they're going to, we're going to have the most focus on those. And then of course over time, the main goal really is to lower the amount of basically zero people clicking. Usually over the course of a year, we'll actually we'll monitor month by month and figure out by the end of the year, if we have zero clicks, we can say we have had a success, but it doesn't mean we stop.
Kyle: (15:32) Right? Because every day, like I said, people are learning attackers are adapting. You know, these, these people are sending out fish, real phishing, email attack attacks, you know, they're learning and, you know, learning ways around firewalls and spam filters. And you know, it's not a One-Stop, you know, the emails that were sent, the phishing attacks that are sent out in 2012 are far inferior as the ones in 2020. And this year 2020, these are far inferior to the ones that are gonna be down in 2030. Right. These are like, you know, the, a play toys compared to what we're going to be facing here next five, 10 years.
Richard: (16:09) Yeah. So really the biggest thing is, you know, training organizations to spot these things. It's an ongoing process. You know, setting up these, the, these, these training regimens you know, for an organization to really, because really all it is is one click, one click can infect one user, but within minutes it can spread. In fact, the organization same thing with, you know, in, in regards to SharePoint, you're connected to a lot of document libraries for those of those for people that know SharePoint. And if you're connected with one drive, it's, you know, it's, it's, it's obviously anything that you're connected to, it's going to encrypt those and then it basically encrypts it for everybody. So you know, tell us, you know, let's talk a little bit about how I think there's a free portion that people can kind of dip their toes in. Right. And, and see what it's about. Right.
Kyle: (17:01) Absolutely. Yeah. We actually offer a free tool that way you know, for, for those that are kind of skeptical. Okay. How's, how's, I feel like we're very secure. Our company is very secure, but I'm not quite sure we just aren't, you know, on boarded like five new employees last month. I'm not really sure how, you know, how good they are at you know, spotting, phishing emails. We actually offer a free tool that you can sign up for a, you know, feel free to, you know, we'll have a link below to make sure that, you know, you can reach out to us, but you know, what, what it does is it, you know, you can sign up with a set amount of staff in your company. We'll send out a phishing email, just, just a single one to your entire staff. And we'll actually monitor for free the first month that, you know, how many clickers you actually have.
Kyle: (17:46) So that way people can kind of monitor and see, okay, actually the people I thought were secure are actually clicking more than the people we designed boarded, right. Or, you know, like where, you know, we gotta figure out where are we most insecure. So that way we can kind of fill in those holes because when you're running a business or you're working in business, you know, there's a lot of things going on that, you know, half the time security is in your you're in, isn't in the front of your mind, right. It's kind of like
Richard: (18:13) Sometimes they have other people, you know, there's, there's other groups that are taking care of your security. And, you know, for us, obviously we talked to a lot of clients and it's a very important part of their overall stature is a business and, and having that in their toolbox to help train their users, cause you can have the best security, you can have the best firewalls, but in emails and email, and once you click on it, you're giving that access you know, to download and, you know, you're, you're doing that as a user. So really ASAP is perfect to to, to, to train and, and really provide your, your, your staff and your organization, that, that knowledge to make sure that, you know, nothing happens. If they want to check out what we have to say on our ASAP program, please go to, everyone could go to go gray leaf.com. We have a a page dedicated for our ASAP program. And anything else they can, they can reach out to us firstname.lastname@example.org. Kyle, thanks a lot for talking us through this. And yeah, hopefully we go and we can protect some organizations.