What is Ransomware?

Summary: While ransomware attacks are terrifying, they can be prevented. Dave Hodgdon and Steve Ripper from PCT IT discuss what ransomware is and how to keep it from happening to your company’s devices. Listen or read more to find out about ransomware protection.

Mike:  It is Tech Tuesday. Everybody give a round of applause, round of applause. Tech Tuesday from the folks from Portsmouth Computer Group. Dave and Steve are with us here today on WTSN’s MIC. They’ve got convenient locations in Portsmouth and Dover, now open in Manchester, up in Portland, Maine as well. PCG IT for world-class IT service and customer support. Just go to How are things, gentlemen?

Steve Ripper: Very good.

Dave Hodgdon: Absolutely fabulous.

Steve: Thanks, Mike.

Dave: Summer’s starting.

Mike:  Yeah. Hey, summer’s on the calendar until September 21st and we will keep it that way.

Steve: 27 days. Let’s keep the heat going.

Mike:  We don’t care about the kids going to school. Who cares? Let them deal with that.

Steve: Big day today.

Dave: Exactly.

Mike:  So, today we’re going to talk a little bit about something, which I happened to see a big piece on “60 Minutes” this week, about ransomware. This is unbelievable. That’s like holding businesses hostage for real money.

Steve: Yeah.

What is Ransomware?

Mike:  What is ransomware, Steve?

Steve: So, ransomware, in other words another term that we use, like CryptoLocker, is the type of virus. So, ransomware is a general term for anything where a hacker or a bad actor will infect your systems. It’s not just that they’re infecting their systems, Mike, but they also are going to hold you hostage. They’re basically . . .  it’s like a kidnapping. They’re going to hack your machines, and we’ll talk a little bit about how they hack your machines, but they’re going to get this virus into your system. It’s going to see your files. It’s going to encrypt all of those files so that you can’t use them. You can see the files, but every time you click on them, nothing happens. You cannot unencrypt them. Then you get a notification from them, whether the virus itself pops it up or they email you, or there’s number of ways that they can do that where they say, “Hey, we’ve locked your files and we have the key for it. Give us this amount of money.”

Usually they want to be paid in Bitcoin because it can’t be tracked, but they’re going to hold your data hostage.

Mike:  This is unreal. And I saw this on “60 Minutes”, Dave, this week and this stuff is even coming to our phones now.

Dave: It’s everywhere. Kind of think of . . .  watch the movie “Ocean’s 11” — the heist and what these, these bad actors are doing. They’re planning this out, they’re getting in there and they’re waiting, they’re watching what’s going on. Once they have enough data at that point, they know it’s time to get you. So, they’ve planned it, they know what’s going on, and then when they’re ready, that’s when they kick it in and want the payload.

Mike:  See, this is what I call the downside of technology. We all love the bells and whistles. You guys are on the, on the cutting edge of technology.

Dave: Oh, this is it.

Mike:  These guys are ahead of us, whoever’s doing this, and they just want to be nasty.

Dave: Yeah. Yeah. So, the technology is one thing, but we’re talking about capitalism. We’re always talking about capitalism. So as long as you have computers in your office and a computer in your pocket, and everyone has computers in their pockets, they’re thinking of ways to make money on it. Whether it’s legitimate ways to make money on it, or illegitimate ways to make money on it.

How Companies are Affected by Ransomware

Mike:  And we hear this with all types of businesses. Big companies, small companies —

Dave: It’s anyone, Mike, they’re just phishing, they’re waiting for the right person to . . . we’ve got companies that five users with the data, if they have your data, you can almost go out of business. And the big part [of] that Steve and I want to emphasize today, it’s about planning and what you can do to help minimize that. And when it does happen, cause it’s going to happen to most of us in our lifetime, what are you going to do when it happens?

Mike:  So, first of all, let’s talk about it. So, they get in through emails and stuff?

Steve: They can get in through emails. We’ve talked on this show a couple times about phishing scams where they send you an email that looks legitimate. It’s not, but it looks like something from your bank, something from your company, something from a service that you’re a part of. Like a movie ticket buying service —

Mike:  But how would you not know, Steve, to click into something like that?

Steve: It’s hard. It’s really hard.

Mike:  If it looks so . . . it’s like counterfeit money.

Signs of Ransomware

Steve: It’s really hard and we get this call all the time. You have to look for the signs. So that’s where we’re going to go through a couple of the bullet points if we have time, but we’re going to talk about training. You got to train your people how to look for it and see this.

But anyway, it’s a phishing scam that gets you to put your password in. That’s what they want. They want your username and password because if they have your username and password, they can get in and start to do things that they want to do as you.

So phishing scams, if you have a server or you don’t have the right kind of network, your firewall isn’t protecting your stuff. If the server is accessible, they can get onto that server and then infect the rest of your network, your firewall. If you don’t have a good firewall solution that’s locked down, that’s being monitored by, by threat management systems, they can get through the firewall. They can come right in through the front door. So, we talk about email and we talk about phones in the network that are on unsecured wireless, but sometimes they come straight through the firewall if you didn’t get it configured correctly. There’s lots of ways in that you have to want worry about.

Mike:  “60 Minutes” was doing the piece on it and they were talking . . . I forget which company it was, I have to look it up again. But they ended up paying the money ‘cause they felt it was worth it to pay the money than to be ransomed and ransacked.

Dave: Downtown of Atlanta, there are many of those that are out there that at that point . . . that’s the biggest part of this, Mike, is planning, “What are we going to do if it happens?” And that’s why you want to have cyber insurance. You want to know what you’ll pay or how much you’ll pay. But even though you pay it, you still might not get it and they might come back again. So, you’ve got to put all the possible options to prevent it.

And this is what you know, that’s what ransomware’s about is preventing that it happens to me. And if it does happen, what are we going to do? Calling the police, your insurance, your lawyer, all the options that when it happens you are ready to make an action. Because once they hold, it could be three, four or five days before you do anything. You’re calling everyone, you’re in trouble.

Investigating a Ransomware Attack

Mike:  Are these people ever tracked down? Are these perpetrators ever tracked down?

Steve: The FBI works on this. They have, they have a division that works on this. Sometimes yes, a lot of times no.

Mike:  So, this is another division for the FBI to work on.

Steve: Sure, sure.

Mike:  This is all part of cybercrimes.

Steve: And the FBI can come, a lot of times what they’ll do is they’ll track the path, they’ll track how it got onto your machine. So, it goes out the firewall, then they’re going to talk to the ISP. So, if your company is using Comcast for internet, they’re going to talk to Comcast. They’re going to trace that path, then from how it got from Comcast, or hopefully . . .  and there’s people who are trained to do this, track it across the internet to see where it came from. They catch some people. More often than not, they don’t.

Mike:  This is scary stuff.

Steve: The internet is very big and vast, and it’s easy to hide in.

Mike:  Wow. Yeah. I like you said that, “It’s easy to hide in.”

Dave: One of the big things, Mike, is —

Mike:  — Creepy, it’s creepy.

Dave: — There’s enterprise antivirus and there’s new buzzword called a SIEM, S-I-E-M. Security Incident and Event Management. What it’s doing, it’s watching the IPs of information, where things are trying to come from.

So, if Mike’s working here in Dover, there’s no way Mike’s getting his email in Chicago. It’s recognizing the IPs of where you might have your houses, where you might vacation. But if something’s odd, that has the ability to stop it right then and there. So, think about these enterprise antivirus and these tools you can put in place to help minimize those risks. Because once they see unusual activity or they’re copying some data, or somebody’s in there, it’s a great way to prevent it.

Minimizing Ransomware Risk

Mike:  All right, so what do you guys do, Portsmouth Computer Group, what do you guys do to minimize this risk?

Steve: So, enterprise level firewalls, so we lock the front door. We’re putting Cisco firewalls in that we’re trained . . . very difficult to configure for just the average person, but enterprise grade firewalls to lock the front door. We’re making sure that you have security on all your PCs. You can’t even let one of them through.

We don’t even think about PCs anymore, Mike. I’m old school, so I said “PCs”, but we don’t even say “PCs” anymore. It’s “devices.” Because the truth is that people are walking around, their phones are . . . they have a computer in their pocket that is just as powerful as computers that you and I used to use in the ’90s.

So, we say “devices.” So, training the users. I talked a little bit just a few minutes ago about phishing scams. So, we’re training them what to look for because your people are probably the weakest link. It’s the people that let them in.

We’re also doing things like policy. Companies have to have a correct policy. If your employees are bringing their own home laptops in and plugging into the network, that’s a security risk.

Dave: Huge vulnerability.

Mike:  That’s dangerous.

Steve: So that’s not even really IT. That’s not really Dave and I. That’s us consulting with them saying, “You need to have an acceptable use policy and you need to say that, “You’re not bringing your . . . only our devices are coming in here.” So firewalls, training, antivirus, security tools . . .

Dave: Multifactor authentication’s huge right now.

Steve: And the big ones. So multifactor authentication, everyone’s going to see more and more and more of that. Because really what we call a hard counter to this problem is even though they get your password, they can’t use it. So multifactor authentication is a way where you’re going to type the password in but you also have to have a second way of doing it using your —

Mike:  This is something that our company just decided to do, how to set up multifactor authentication. That’s why I haven’t gone into my email yet because I haven’t had time to do it this morning. But I’ll figure it out, I’m sure.

Steve: Yeah. And really everybody should be doing multi-factor even if it’s not for their company. Like for their bank accounts, for if they have —

Mike:  Social media, your LinkedIn.

Steve: . . . Your email, your everything.

Mike:  Everything.

Recovering from a Ransomware Attack

Steve: And then, Mike, before we go, I know we’re running out of time, but the last one, the biggest one. Probably the biggest one is because how do you recover from this? If you don’t have the ability to pay, your backup solution, your disaster recovery solution —

Mike:  So, what happens?

Steve: . . . Is how you are going to get out of this if you don’t have . . . so they ask for $1 million and you’re looking at your business going, “I don’t have $1 million.” So, you’re going to call us. What we’re going to do is we’re going to say, “We’re going to have to recover all of the files to a time before this infection happened.” So, if you don’t, and your I.S.P., and your computer guy doesn’t know what the backup is, hasn’t tested it, hasn’t done a recovery scenario, you are ready to just go out of business or pay this money. You have to have a good backup.

Mike:  That’s pretty scary.

Dave: It’s just scary. So, we find, Mike, that having that security risk assessment is key to any business. Where do I stand? Where am I weak? What do I don’t have, so you can plan, as Steve just mentioned right there, the backup’s important, but you go through all the steps. There’s like 15, 20 steps.

Do you have cyber insurance? If you don’t have cyber insurance, you’re in trouble. Average small business should probably at least put 2 or $3 million on it. You insure your car, you insure your business.

Mike:  Now when you say, “cyber insurance”, what type of things would that cover, Dave?

Dave: It would cover these types, like a cyberattack. Someone taking the ransomware. So, it’s almost like the checkbox, do you have a firewall? Do you have a password management policy? Are you providing security awareness training? Do you use multifactor authentication? If you’re following those steps, just like when you have insurance for your car, they will help pay for part of that ransom.

Mike:  Interesting. Wow.

Dave: It’s cool stuff. Well, it’s scary stuff, I should say. It’s cool stuff.

Mike:  And you’re staying this stuff can happen on our phones as well?

Dave: On our phones.

Steve: Phones are less of an attack vector at this point, but that’s not going to stay the same. They want to target Windows PCs because that’s pretty much where everything is centered for a business. Both the software, the access to the servers.

Generally, your phones don’t have direct access to servers that might be in the building. So, while they can hack a phone, it’s not as valuable to them as it is hacking your PC.

So, you have what they want. The golden egg for them is the accountant’s PC inside the network. Whoever’s doing A.P., whoever’s doing A.R., because that box is probably the most important one. It’s doing the finances for the company. It is connected to everything. So, if they can get ahold of that one, just to give you an idea of what we talk about in a tech surface, what is a big one? The accountant’s PC in your network is the big one. Phones not so much.

Think of phones as a way in. If you’re talking about phones, a lot of times what you’re doing is you’re saying, “So there’s 35 phones in this building that are all connected to the wireless network. Maybe the wireless network isn’t secured. Maybe it’s not separate from the corporate network. Can we get in by using a person’s phone?”

Mike:  So, should we be more concerned with our work computers and our work servers as opposed to our personal home computers and things like that? Or both?

Steve: This is for everybody. It’s rare that you’re going to see a home user get CryptoLocker, ransomed like this. But it does happen. So where you see that one is in the Windows, it’ll get infected and it’ll say that there’s a virus. It’ll pretend that it is the virus software-

Mike:  And then you start clicking on stuff.

Steve: . . . And it tells you to pay $35 and they will clean the thing up even though they’re the ones who put the thing there in the first place. That’s a version of a home ransomware type attack.

Dave: That’s just little chump change to them right now. They’ve gone past the grandma going after them and they call in, “Hey, this is Microsoft.”

Mike:  So, if you see that, Dave, are you already infected? If you see that, or as long as you don’t click on it?

Dave: There’s a very good chance if they’re calling you, they’re already in.

Steve: Or if you have a pop up to an antivirus service that you didn’t install or didn’t come with the laptop.

Dave: Yeah. You’re already infected.

Mike:  Wow.

Dave: But the big one right now, I know we’re out of time, is AI, artificial intelligence. And that’s why some of your data being in the cloud, these bigger players, they have that AI in place looking for these oddities and behaviors.

Mike:  Interesting.

Steve: Cool stuff.

Mike:  All right. Tech Tuesday, very fascinating stuff. Ransomware. It’s happening to all kinds of businesses, big and small. PCG your cybersecurity experts, they can help you out. Check them out