September 16, 2024 • 42 mins
In this episode of Ransomware Rewind, hosts Joe Erle, a cyber insurance expert, and Mike Dowdy, a cloud technology veteran, dive into the dark world of Ransomware as a Service (RaaS). RaaS is a business model that allows cybercriminals with little technical expertise to deploy ransomware attacks by purchasing services from expert developers on the dark web.
Joe and Mike break down how RaaS works, its rise in popularity, and the impact it has on businesses across the globe. They discuss the chilling trend of ransomware kits being sold like software subscriptions and the far-reaching consequences this has on industries and governments a like.
Tune in to learn about the evolving landscape of cyber threats, how companies can protect themselves, and what role both insurance and cloud solutions play in mitigating the risks of falling victim to these attacks.
Whether you're an IT professional, business owner, or simply interested in cybersecurity, this episode offers valuable insights into one of the most dangerous threats in today’s digital world.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Very rarely will
I go on public Wi-Fi it's so dirty haha
you're getting guilt for being on public Wi-Fi
I think public Wi-Fi is like a gas station bathroom
you know it really is
have you heard of this black phone called a nom
so I was listening to DarkNET Diaries
(00:22):
we're listening to this podcast
you should definitely listen to that one because they
their podcast is way better than ours
the defense would say okay
well how did you get this data and this information
and they start making up bullshit stories until they can't create
they can't commit perjury so
the biggest risk there is that somebody can steal credentials
(00:47):
hi and welcome everyone to the Ransomware Rewind podcast
in this episode we are talking about ransomware as a service or Raas
we go over a lot of different types of ransomware as a service
we talk about the low barrier of entry for hackers and scammers
there's a lot that we're covering here
we kind of jump around a little bit in this episode
(01:10):
but I think you'll find it entertaining and informative
enjoy the show
so the thing about the
gets me about ransomware as a service is no one knows about it
no one's talking about it
and makes it really easy for threat actors to get into the space
they literally have affiliate plans now
it's just that big where the people that right around somewhere
(01:34):
can tie in with just anyone laying in the clowns on the internet
they're in the affiliate space to go out there and commit crime
and the challenge I have with it is it's on the dark web
and it's just hard to track down
but now anyone can do it so think about it
if there's this low barrier the entry
(01:56):
then it just means it's gonna get take off
that that's the main thing that strikes me about
run somewhere as a service
so ransomware as a service is basically software that
is out there on the web that anyone can download
they pay for a license
just like they'd pay for a license with Microsoft
(02:17):
and then if they use it against somebody
then they pay like a kick
kick back to the person that actually created it
so like Alpha V Black Cat Hive
any of these ransomware companies have
used their expertise to create this ransomware
and they're selling it on the black market
on the dark web whatever to bad actors
(02:40):
just people that are trying to make money off others and scam them
and then they have to just pay them back
you know 30
40% of whatever they ransomed yep
and it's just like what they did
is they created a distribution market with everyone on the web
can just go on the dark web
(03:02):
which anyone can do and then you would buy it just like you would
you have your Microsoft license
and you have your Microsoft spa agreement well
you would do the same thing with the ransomware
and then you put it out there and then as long as they get their cut
you're good
and when I did a little bit of research on this and see all that
they actually have like support lines
(03:23):
they have that are available 24 7
it's a big money maker and not too many people are talking about it
how do you how do you get on the dark web
well there's this browser
torque browser that we're not going to talk about
and then you you've got to use a VPN to go into it
and then your it'll be on a private IP space
(03:43):
but basically what you want to do is you want to spoof your IP
use a torque browser and then um
there's specific IP addresses that you'd use to get into
and then when you get into it
it looks different looks like the old um
DOS yeah
like and there's like the the sites are like message boards
not that I know I'm not that I well
(04:04):
it's interesting because it's so like
ambiguous on what the dark web is
that I think of people knew like what it was
how easy it is to get on there
uh huh
that they would take the stuff a little bit more seriously as like
you know it's not me that thereafter you know
only hackers can get on the dark web
(04:25):
and we're seeing now that any criminal can get on the dark web
with probably a Google search for how to get on the dark web
uh huh um they find the uh
the sites the dot onion sites that they need to get to
and then they can download this ransomware as a service
and they may use it at a place they work
maybe they work at like a cleaning genitorial company
(04:49):
nothing against genitorial companies
but then they just like
insert USB drives as they walk around and clean
and then you know where we got ransomware
they're ransoming
they get a bunch of money
sometimes the Alpha V or Black Cat will do the negotiations for them
(05:09):
and they just take their cut and they give them the cut yeah
just just like a really low barrier
the entry and I don't think most people realize
how easy it is to be compromised
and they can run tools
to scan your network and see if you're compromised already
and you probably are most people are
it's just when I say compromises
where there's openings and someone could infect you with malware
(05:31):
if malware's not on your network as it is
but the
just what gets me
when I take a step back and I think about the whole Raz play is
if you go online I don't know about you
but whenever I seems I go on YouTube or anywhere else
it's like make money online to make 30 grand one month right
well
who do you think's gonna look at the Ransom words the service like
(05:51):
oh shit I can do that I
I'm up for 30 grand a month just by spreading ransomware all over
and oh I'll have the techies do it you know it's not um
it's just not really sophisticated group of people in this space
as far as the ones that are
that are executing it
and it's smart for all the hacker groups to stay in the back
and just manage it because they're getting paid
(06:14):
and there's no exposure for them yeah
it's a franchise distribution model
with no way of tying it back to them hmm
except for the money yeah
except for the money and obviously they're using Bitcoin and other
yeah minero yeah
no one's going on Venmo and see no hacking services malware
(06:37):
so it's track to them that that's not how it works
but I think it's really smart for people to just do the same
the same thing should always do is like keep your
run your patches and updates
the reason why your computer always has to do these updates
because the mowers out there
and these people are selling it to get on there
and if you don't run your updates there
(06:57):
you run a problem getting compromised um
before you go on
can you explain the vulnerability scans and how people can use them
how hackers use them to figure out who to attack on a very base label
the computer has ports that are open
ports are used to communicate with the internet
(07:18):
so what would happen is if you have an open port
and I have a vulnerability
let's say port 1088
and then that vulnerability will go straight to 1088
and it'll infect your system and you won't even know it
and there's certain ports that are common
like port 80 is to get on the internet
port 25 is a email port and so forth
(07:41):
but there's these whole upper level proxy
ports that aren't even monitor
and that's oftentimes how they get into it
so when you run the updates
when you run the scan so say oh
this port is open when it shouldn't be our
there's traffic on this port
when there shouldn't be traffic on the sport
and that's high level that's what the the port monitoring does
(08:02):
also talk about port scanning um
you people it's very easy
just run a port scan to see what ports are open
and what they'll look for is already
is that we know that's not protocol that Microsoft uses
and there's nothing wrong with that
everyone uses RDP it's just if those ports are open
and you don't have a firewall in place
(08:23):
or it's vulnerable
they're just gonna get right into all your data and for RDP
the biggest risk there is that somebody can steal credentials
uh huh and if you don't have multi factor authentication
uh huh enabled they can get into your computer through RDP
which is a legit tool yeah
nothing wrong with it but says it if they have your credentials
(08:45):
which they can get off LinkedIn breaches
ITNT breaches
any breach where your username and password has been taken
they can try all those
uh they also have uh
dictionaries that are specific for you know
cracking passwords so if they have your email and they have your IDP
they can probably crack your password within a few hours
(09:07):
if it's not very complicated
yeah that's
and that's what's concerning because then they have
every company is data and I'll say this
every episode and people need to realize this
need to protect the data just like he would protect your
but you are protecting your customers
you're cut protecting your life and it's so easy just to go okay
(09:27):
I'm gonna go in this marketplace
I'm gonna use this really sophisticated system
that's gonna inject malware into these people
and they're gonna have to pay me
and oh by the way
I'm gonna have these people that are gonna
support this infrastructure
and no one ever know it was me
if just really simple having the patches updates
having in point Protection like we said earlier like MFA
(09:50):
if I have RDP credentials for your business and I try to log into it
first thing it's gonna do
if it has in my face send a message to the phone like
oh shit I don't have my cell phone associated with this account
so I'm not gonna get in all right
and they'll do it with like thousands of accounts at once yeah
so yeah that's it's scary when you think about it
(10:13):
and then think the other thing that that gets me is just
they're getting into this
where they're supplying their ransomware as a service
and people within a certain nation will
you know pay them get the injections in there and get it out there
so again it's just like a shotgun blast people
yeah and I don't think our nation is not guilty of that either
(10:36):
I mean the US government loves zero day exploits
they just don't want anyone else to have it
exactly and them hoarding these 0
2 exploits could lead to hackers getting in and stealing them
which happened with Wanna cry with zero blue right
uh huh clear blue no I think was Wanna cry and clear blue yeah
(11:01):
Clear blue was the Windows 0
pretty much almost brought down the entire world
hmm
so and it's it's concerning with all these centralized systems too
because when not take much to shut everything down
it really would
and it wouldn't have to take a sophisticated hacker either
it could be someone that
(11:23):
but I kind of made my notes is like the Uber of
of hacking is kind of like okay yeah
you want a car to the airport like yeah
I just want a hacker to take down this these company that I hate oh
by the way is this really sophisticated malware that came out of NSA
boom right yeah
so that's it's out there and then the
(11:44):
the nation states are concerning because now you've got like
the people that will be like the
the Uber of hackers
getting access to these really sophisticated solutions and just
wreaking havoc I know I tend to be on the the paranoid side
but it's here people need to be aware of it yeah
in the nation states
and the hackers that are using ransomware as a service
(12:08):
they're probably using similar stuff
the nation states have a little bit more resources
and they're probably writing some of this code
or taking this ransomware as service
as a service and making it their own
um and
they're very well funded
(12:29):
they anywhere there to stop or you know
here Saxis
admins that are at their desk waiting for something to come in and
and stop it hopefully diesel
it's just there's and those guys are so worked I mean
they're so overwhelmed and they're held liable for everything
which is not cool um
(12:49):
but yeah that's
that's my biggest concern and we know our own country is
is doing that to us and everything
why wouldn't they do that to other countries
and it'd be so easy for them to do it's like hey
it's not us I went on the dark web and some random person in China
yeah they got blame it on him meanwhile
(13:12):
it's our country you know
hiring people
I know I'm jumping down the rabbit hole here putting on my 10 hat
but what's the stopping from doing that
cause it's not track back to them
you can't say who knows the NSA would do that
and obviously the other countries do the same thing to us
and it's just so easy to do
have you heard of this black phone called a nom
(13:34):
yes okay
so I was reading now I was listening to Dark Knight Diaries
which if you haven't checked that out yet
you should definitely check it out
if you're into this kind of listening to this podcast
you should definitely listen to that one because they
their podcast is way better than ours
but hey they inspired us yeah
(13:54):
and then into that point I I know that we're not super technical
we're more on the business case however
I think the business world should start listening to Dark Diaries
and I do think that they need to be aware of that world
instead of just dismissing it as some geek stuff right
it's not an it problem it's the whole company's problem
(14:15):
exactly and that's kind of what by Joe and I into this world
as in obviously doing cloud sales and data center sales
but it's just when I started seeing
the attacks like DDoS attacks were they just shut down 10 gigs boom
and you back in the day is really expensive
now this falls right into what we're talking about
you can rent a DDoS attack for say
(14:37):
like $2,000 and take a company down
he did that to a financial services company
you can wipe them out you know
you shut down trading for a few hours so hey
you brought a baby point
I don't mean to be labor the point but darn it diaries is great
and I think people in
our side of the table that are on the business side
(14:57):
should pay heat to to what's going on in the in hacker world
I'm so fascinating too yeah
so this a non phone right
they got the guy that was
putting it out there and advertising it as like a phone for criminals
so they can talk and text and do everything
(15:17):
and the I don't know if it's a CIA or FBI got a hold of him and said
hey we we can you know
take you to jail or you can cooperate with us
and we're gonna bankroll your phone company
and you we want you to give these phones to like all your criminals
sell them out you know
(15:38):
like they're the most anonymous phones out there
and they were like
spying on every single person that had these phones
I remember that it was fascinating because they had like high
level people in the cartels
in various criminal organizations that were using these phones
under the guys that they were private
(15:59):
and in actuality it could have been worse
if that was a fascinating story
and the police had to
make like
little excuses of how they figured out how to take these people down
because court a law too they couldn't say like
we did it from the enomphone
because they wanted to keep that secret
so that they could keep taking down more and more people
(16:22):
so I think it there's some moral ambiguities there with with spying
like what crimes are we gonna actually pay attention to
just violent crimes or if Johnny's cheating on his taxes
should we like you know be spying on him
and then some of these people weren't you know broad
(16:43):
they were Americans
so are we allowed to spy on Americans if they have these phones too
the answer is yes obviously yeah
maybe not in a court of law
but the way it works
and I remember reading about that because it was so funny it's like
the defense would say okay
well how did you get this data and this information
and they start making up bullshit stories until they can't create
(17:05):
they can't commit perjury
so eventually had to come down say okay yeah
we have this whole phone is network and the guy Vietnam phone
but it's a fascinating story
I'm glad you brought that up I wanna read that again absolutely
and they funded it yeah
they funded it funded the phones
it was like a startup it was
they had like factories and phone fun factories and distribution
(17:30):
and it was legit yeah
it was legit company just all funded by the FBI
kind of like the
what was that one where they gave the guns to the criminals
I remember that they had one down in the border
it was the named after that horrible but really entertaining movie
fast and the furious fast and the furious yeah yeah
(17:54):
yeah
they were hand that franchise forever
they ran into the ground yeah
well it wasn't bad enough
but apparently they I mean
we got a freeway behind you
there's your episode of fast and the furious right
but yeah I remember that
you know that it's just so bizarre
like why would you
so they sold guns to criminals to catch the criminals
(18:14):
what's the logic in that but who knows
in the same way
goes into digital world or selling ransomware to criminals
which he ran up a good point though
or I kind of thought on top of my head
when you go to these exchanges
how do you know it's not a nation state
or someone like the CIA or FBI that's selling you the malware
(18:36):
you go out and commit the crimes
and they got all the evidence they ever need to convict you
it's a good idea yeah
it really is like that's what I would do if I was um
on the law enforcement side
well shit
I'll just I'll see you through the whole thing right Nicole
yeah I think exactly what it is undercut the competition and say no
(18:58):
we're only gonna take 15% of your take on these ransoms
and we're not gonna charge you a monthly fee
you should definitely buy ransomware as a service from us
and then it ends up being a big sting
hmm and it's faces
the ones doing it are not that sophisticated means ones buying it
because otherwise they would just execute it themselves
(19:19):
so the the law enforcement agencies can find a ton of people
we're not giving any suggestions
just say
be really easy to do
idiots Bunny ran somewhere online
(19:42):
just Google how to get by ran somewhere online
I'm sure it's easy haven't done it yet
make sure you Google it on a on a brave browser with a VPN
that's all I got to say an incognito mode
definitely be an incognito mode
just move your IP double spoof it
double spoof it yeah
(20:04):
have you seen that double spoofing yes
it's like a hopping what's it called
a IP hopping an IP hopping
but like with
the way you have to do is
you have to be on a completely different subnet
and then not only that you can go geographically
which is kind of funny he play with it like we're in San Diego
it'll make it look like I'm in Russia so when I run an attack
(20:25):
it'll look like it's coming from Russia
when actuality is coming from San Diego
right or the other way around
a few are a Russian hacker
and somebody's smart enough to make it so that
you can't hack from another country
then you can use the VPN directly hack from here right
(20:46):
cause
you know if you are configuring your
your settings if you don't have anyone abroad
you should have your setting set that nobody from abroad
get into your network exactly
or log in if they have credentials if you don't have MFA
that's one more Protection
hmm
and that's really common too
(21:07):
cause a lot of companies have their developers
or outsourced in other countries do you use a VPN
sometimes yes sometimes no
so the answer would be no
like when I'm at like on my work computer
yes at home on my regular computer now okay
I probably should I started using one
(21:27):
it's interesting
a lot of apps don't love VPNs
you kind of have some of problems with it but like I was saying before
like if I'm using my VPN and I have it accidentally in Canada or
or Zurich or Switzerland whatever um
then I can't get into my you know
(21:49):
email or anything like that
we have those settings right
yeah um
but then I switch it back to the US and then I'm in right
challenge I had is it just created lag and I think I've got
that's why I got kind of lazy with the VPN
it just created lag what I had to authenticate
and every time I went to go do something and had to authenticate
and I was like I just don't wanna deal with this I can see with work
but like on my personal computer
(22:11):
just looks like I don't even care how I deal with this
I got lazy quite frankly yeah
and I was using uh Z Scaler and I'm sure Z Scaler is a fine product
it was just
it's just anything that adds complexity in my life
I hate and I just hated authenticating
every time I went to go use these scaler
(22:32):
to use an application
yeah so that's an interesting point
I've been using Surf Shark
and I like it because they give you unlimited devices to
to do it on hmm
I haven't noticed too much lag um
so I've been enjoying using it
especially since
(22:54):
you know it's just one more way to protect myself
when I'm like using public Wi-Fi or
you know um
although I don't use public Wi-Fi I always use mobile Wi-Fi if I can
um very rarely well
I go on public Wi-Fi it's so dirty haha
(23:15):
you're getting guilt for being on public Wi-Fi
I think public Wi-Fi is like a gas station bathroom
you know it really is
don't wanna use it if you don't have to
that's just that you gonna scare people from using public Wi-Fi
that'll do it yeah
it is like to public bathroom just don't do it
airport Wi-Fi is like an airport bathroom
it's like it looks it looks clean
(23:35):
but you know it's not clean yeah
you know
it's not people from all over the world have been in and out of there
it will not pass the the blue light test of the black light test right
so yeah VPNs are good for for businesses and personal
I think I I had this video about how like maybe VPNs are obsolete
(23:57):
because there's this hack called tunnel vision
where people can sit on your network
and they can actually like redirect your VPN traffic
but then I thought about it
and it's only gonna be a really sophisticated hacker that can do that
and every type of control has some kind of
way of a hacker to get around it
(24:17):
but every time you put up a control like a little wall
it makes it harder and harder for them to go to you
and they'll go to the next day because you're too hard of a target
pack oh
absolutely
in human nature is we all take the path the least resistance
so the harder you make it for them the better
and it's I'd much rather have this minor inconvenience
(24:38):
even though I complain about like authentication and so forth
you'll be a lifesaver literally
and when they're scanning like thousands of computers
you don't want to be that one guy that's just sitting out there naked
getting this willing to get attacked
you know and going back to the scanning
um I think another thing that those
(24:59):
scanners look for is like legacy software
uh huh like end of life software
I think you wrote that up um
there's something's going on right now is Vmware stops
they got bought out by broughtcom as everyone knows
but they stopped supporting ESXI the free version
so what that means right now is there's people
(25:21):
that completely vulnerable using ESXI
the free version and hackers are taking advantage of it
there's already malware around it
and there's like
thousands of servers right now that are being compromised
because they're not getting patched
they're not getting update because you can't
you got to take
take them offline because they've already got viruses out for that
(25:42):
so if you running Vmware and you're running the free version
ESXI guarantee you're being compromised right now
can you explain what that is
yeah like well I know the m means virtual machine right
well BM are pretty much dominate
and I still do enterprise space for virtualizing servers
(26:05):
so when they virtualize the server
they have all the Vms they have to pay for the software
which is VM where to create those Vms and to to orchestra the Vms
what a lot of people did like
let's say you had an office
10 people and you don't wanna pay the licensing fee for VM
(26:26):
or you would get ESXI and then with ESXI
you can set up your little print VM
your little Active Directory VM and you can run your office from
it's pretty cool and um
now that they got rid of the free version of ESXI people
and it's just it was very introductory
(26:48):
it's just for like small offices
and that was the main thing it was used for
but now that broadcast purchase Vmware
the person that's running a small office that has like
say a server in the closet that's running the free version of Vmware
uh
running those little Vms like I was talking about
they're gonna be compromised
(27:08):
like whatever data is going in and out of there
and some people say what might
maybe the inpoints are protected
but no
the server itself or all that data is going in and out is compromised
if you're running that free version right
and if they can get to the Active Directory it's all over yeah
cause they can authenticate
huh
so if you're out there and you're running free Prius ESXI E X SSI Echo
(27:34):
Sierra X Ray India okay I'm not gonna get that
sorry
such a cyber security move it's fine I don't care yeah
people it's very common
there's millions of people that run that that operating system okay
(27:54):
yeah
yeah I mean
end of life software
people can scan for it
and they can put you in a category that's using the Vmware
and then they're gonna target you
you're gonna target and same with all the people on
I'm gonna go on a die trip
so bear with me
like all the people out there running Windows Server 2008
(28:17):
you you gotta upgrade I know you don't wanna do it
you either move to the the cloud
upgrade your operating system to the lives operating system
because people are looking for that all day long
I had a client in the past that was an attorney
and he was literally running uh
Windows 2003 he got malware and um
(28:37):
he didn't have enough insurance he got in the world of trouble
he didn't get this part or anything
but it really had a big effect on himself and more importantly
his family and his livelihood because they shut down everything
they shut down exchange
they didn't have the custody emails with his clients
and all it was
is just not upgrading his operating system to a version
(29:00):
it was an end of life
so what do you guys like want to cry
or are you remember the specific one
one of those old it was one of the older ones
but the point being is people scanned the network
and if you're sitting out there on an in the life operating system
that's they can't be patched when you call Microsoft say hey
can you patch my Windows 2003 server
(29:22):
they're gonna tell you go to hell it doesn't it doesn't exist so
that point being I kind of digress there
some of you go get ran somewhere as a service
they can go find anyone within the life software
and there's for whatever reasons
there's like attorneys accountants
people that have tons of exposure
(29:43):
are on these end of life operating systems
and boom the bad guys are in there and they're
they're just sitting out there like sitting ducks
okay I'm done with my rant
don't use end of life's operating systems God damn it yeah
I think there's like modems out there too I think the link just yes
(30:05):
but one of their modems out of service
or they're not gonna support any more
like something 8 9 4
if you have that in your modem
don't don't use that one anymore
and they're still like selling these modems
that's concerning in like South America and stuff
so that that is concerning
(30:26):
there's there's no support for them
there's no exploits and people are buying them because they're cheap
uh huh
they're not gonna be so cheap when they have all your data right
but yeah that's I know I kind of went off topic there
but it's it does tie into hey
I can go to this marketplace get ran somewhere and I'm gonna be the
(30:50):
I'm gonna get the easiest targets because of the in the life
operating system and not running patches
now the insurance only goes so far by the way
you got to have good insurance
and you've got to make sure that you have Protection in place
absolutely
you want to talk about defending against ransomware as a service yeah
the best thing to do is just like any other ransomware
(31:12):
is make sure you run your patches
make sure you're not running into life software
and make sure that you have in point Protection and MFA
so again you just don't want to be the target
you just don't want to make it easy
that's the main prevention you can do
and then I would suggest your larger organization
(31:33):
having an MSP or having a see
so look at your your environment
and how do you do that
you hire a C so like hired there's like rent a C
so there's like my company
Rapid Scale is managed service provider
where you're hiring someone
where that's what they do is monitor your network
and it
there's companies like where you would have sock is the service
(31:57):
it's all contention on the size of your company and the need
but you gotta do something it's cause if you don't
you are gonna pay the price
a few other things you could do regular backups test your backups
have an instant response plan
so you're so you're ready in case you do get hacked
(32:20):
you know exactly what you should do
you can learn a
lot from those incident response plans and tabletop exercises
in order to understand
if somebody got in through this network
or through one of our computers how far can they get
can they move laterally and how do we isolate them right
(32:42):
if you're looking at your table talk exercise
and there's no way to isolate them
because your network isn't segmented
then that's something that you should invest in
absolutely you need run books
you need to
and it's something I got called like the dead man process is like okay
so how long can we go without access to our data
(33:03):
a lot of companies is not that long
and you got to figure out a contingency plan and run back UPS
just disastrous recovery like hey
how long can we go and then you you adjust from there
but don't go to the table
thinking that it's never gonna happen to you
the more valuable your data
the more probability is gonna happen to you alright
(33:26):
and who are you gonna use
what vendors are you gonna use for your incident response
if you don't have insurance
insurance usually takes care of that
then do you have an instant response company that you're gonna go to
right
do you have a retainer with them because if it's a large scale event
they're gonna go with their clients and give them the service and not
(33:47):
you know Jim from IBO that's calling in yeah
exactly and then I
I like companies like Zurdel
Zurdel does a really good job of getting
think everything up and running quickly
but yeah I caught the guy in the truck
you don't rely on the guy in the truck
that's just managing your local network to create a Dr plant for you
(34:08):
I definitely say go with the professionals
and some of these IR firms have $0 retainers
uh huh so you can retain them
get to know them maybe buy a few services from them if it makes sense
they get to know you get to know your network
and then if you do have an incident
you have somebody to go to
you already signed up with them
(34:28):
and that crucial four to 24 hours after the hack
you're not spending time signing paperwork and negotiating rates
that's a really good point and those four hours are critical
that's a really good point
you wanna be prepared it's like the the old adage
the punch that knocks you out is the one you don't see
(34:50):
if you're not prepared
you're gonna get knocked out you're not gonna see that punch
yeah
it gets real it's real really quick
it's just not real until you get punched in the face yeah
Mike Tyson quote Mike Tyson go yeah
everyone has a plan until they get punched in the face yeah
well that's pretty much what this world is like
(35:11):
you better have it better hold on to that plan cause you
are gonna get punched in the face
and I laugh at like I
I've seen it before like I I remember a company that was and uh
it's a hipaa compliant Sass company and they came into work
every last person in the work booted up their computer and boom
just had the ransomware message everyone
(35:32):
even the executives that were working remotely
so when it happens to you it's no joke
yeah it's pretty serious when you have a ransomware attack
that's why you should buy aside their insurance
it's right called Joe at c 3 right now
(35:54):
yeah cyber insurance solve so many problems um
because it kind of comes with
a panel of people that are already
pretty negotiated for you with the insurance company
even if it's like an uncovered claim and you go through
part of it's uncovered and you go through the insurance company
you're gonna still gonna get their discounted rates
(36:15):
which may be like three
50 an hour for like a junior partner where if you get off the street
you're paying like six 700 dollars an hour
um
they're gonna have the incident response team
they're gonna have the breach council
and these guys are on the spot
because they wanna get more and more business
these insurance companies
you know I see these guys at the insurance
(36:36):
the cyber insurance conventions and they're talking them up
dining them out you know
cause they wanna be the person they call when there's a cyber breach
now
having a $0 retainer
or some retainer with one of those companies already
is still gonna get you service a little bit faster
because there still is some kind of negotiation
(36:57):
and deciding on who you're gonna go with
and just that time and deciding like what vendor to use
can be a crucial amount of time as well
absolutely
and then I was shocked yesterday when I called you because the
the person I speaking to said yes
I was compromised
but it was only $15,000 and the insurance company covered the claim
(37:20):
and trust me my dad was a manufacturing company
my dad is way more important than that 15 grand
and it just like I was so grateful I paid that premium
and they just in their particular situation
they weren't that tech savvy they had all the data was on premise
but it had the you know proprietary information
on the manufacturing plan of the things that they're making
(37:44):
that their customers paid them to make
and the guy was just so grateful as like
I'm glad I had the insurance got to take care of it if I didn't
I would have been screwed and he said like again
I was fortunate was only 15 grand but by to have the insurance
where would that come from
oh by the way
the whoever was was very persistent so they were sophisticated
(38:05):
they just were not gonna give him access to his computers or his data
you could probably say that they could have asked for more money oh
yeah
15,000 is a very low request I think the average is about 800,000
which is probably why they paid the claim so quickly too right
I mean that's like a day of downtime is $15,000
(38:28):
you gotta just get that paid depending on
you know the size of your company
and that was what he experienced
it was so low that they just paid it right away
and then we're having conversations about obviously
securing everything up so it doesn't happen again
but it was cool that they they paid the claim that quickly
they got their data back bad guys left them alone
(38:50):
I don't know all the details
cause they're obviously only willing to disclose so much
and they don't wanna be liable
but yeah
I being after the fact and seeing what happens after the fact
I can't stress how important is to have cyber insurance yeah
and the insurance companies want to resolve it as fast as possible
because
(39:11):
most cyber insurance policies come with business income coverage
which means that they're gonna pay for the net loss
an income for that company if they're breached
so every day that they're out
the insurance company is gonna have to pay the company back
for the net their net losses yeah
so they're also they also have skin in the game
(39:33):
so they wanna either pay the guy off fast
get the claim
you know process as fast as can
and if you have to rebuild your systems
you know
don't spare an expense to like save some money because you know
you don't wanna have like 2 day shipping yeah
we gotta just like get these servers in here and and get it rebuilt
(39:55):
exactly and then
and then like the fact that
you made a good point
that the insurance companies have skin in the game
cause it is not like a car accident
and you want leverage and you want it to be
in your favor for the insurance company to get everything resolved
and they have a lot of professionals that can
can work with the infrastructure as well
(40:16):
so go insurance woohoo yeah
well I get on the cloud side and the data center side and I we laugh
but I gotta tell you after the fact
you're like goddamn
I wish they had insurance
cause I've seen companies be taken out
cause they didn't have insurance
yeah and that's so inexpensive right now
uh huh like
this is just a hypothetical
(40:38):
but maybe we had a call from a client that could have bought a forty
two hundred dollar cyberinsurance policy
he's been hacked he's been out
he's had over 10 days of downtime and it's like a you know
recycling company and he's refusing to pay the Ransom
(40:58):
it's like dude what are you doing
he hasn't even called an incident
response firm
he's trying to get like his it people to figure it out
I'm not gonna figure it out
it's no that's why I was actually
is the guy in the truck is not gonna figure it out
I mean like
let's so
let me say you got ransomware that was created by the NSA
that some kid bought
(41:20):
and now you think that you're gonna outsmart the NSA no
you're not
and you're not gonna just I don't I can just drive this every day
like people have like hey
my friend's a tech guy
just cause someone can configure a d link router
doesn't mean he's gonna be able to get your
your computer uncrypted it's just it's not the world we live in
(41:43):
no
it's okay to ask for help people yes
it is
and I hope eventually that person makes the right decision
cause he needs an instant response team to negotiate on his behalf
and figure it out
yep
so are there any trends and ransomwares of the service
(42:04):
like what what's happening like where's this going
is it growing
it's definitely growing what about like AI is that changing it
I'm sure it is I just added really confine too much about AI being it
what it is is just it's taken off because all the
it's the affiliate plans like the the Raz companies
(42:24):
if you want to call him companies have affiliate plans
so picture your guy that's sitting there watching
the Grant Cardones of the world like
oh shit I want to be rich like Grant Cardone
just fucking real estate shits hard
I can get into ransomware as a service sitting
I think you know
through that affiliate plan
and I think that's where the true danger is
(42:46):
the danger is not in the people that are sophisticated
it's not in the people that are living that world
I think the real danger is that it's going to the masses
the ignorant masses that can just now spread mawer everywhere
and and is it all on the dark web
or can you get some of this on the regular web
(43:06):
I'm sure you get some of the regular web
the majority of it's on the dark web
but again it's so sophisticated in the in the at the actual attack
but what they did is they created a distribution system
cause they're not gonna be held liable
let's say I went to go buy the buy this uh
malware from a company
(43:27):
they're gonna get a percentage of the money back
and law enforcement is gonna see my IP address
law enforcement's gonna see people that could be connected me
indirectly or directly they're not gonna find out the source
cause think about it's like the kernel
let's call it the like the kernel and if you're doing code
(43:48):
then I have access to the kernel
but they'll have access all to the end users and the
threat is
that they can just keep producing this malware and never be caught
all right the people be caught or the people think all right
I'm gonna make 30 grand a month with malware
and if these big hacker groups like Black Cat
(44:10):
um who was taken down by the FBI earlier this year go FBI um
they still will come back and they'll evolve
and it only makes him stronger exactly
it's like deliver practice
so it's a cat and mouse game
(44:33):
it really is you know where but it's all going on mice yeah
that's the real problem
you can only check the cat can only chase somebody mice yeah
and you have these uh dark Bert dark Bart um
fraud GPT AI is helping the common person that can't code
code malware
(44:54):
so even you know some college kid that's you know
a computer science major that just wants to mess around
can write some malware very easily
they're they're actually
the
computer science kids are
100 times better than the majority of people doing this
in my day cause they'll despite their own code
it's I go back to the frosters of the world
(45:18):
now you're opening up to the door to the fraudsters saying
people that were doing
oh god I don't know how many scams are out there
I saw one that was hilarious where oh yeah
solar power dryer and what they were selling is a clothesline so they
but hey that same guy that was selling the clothesline
(45:41):
you know he has this big pitch
you know this ad copy like
oh save energy
save the environment he sent you the clothes line
that's the same guy that's gonna be selling malware
solar power dryer oh my God
good repackaging yeah
exactly something old
how's that for add copy yeah
that's pretty much all I got on on Raz
(46:04):
but it's just I keep going back to the same thing is like
be careful and don't make yourself honorable
have disaster recovery plan in place
make sure your end points are protected
and make sure you have insurance
absolutely
Very rarely will
I go on public Wi-Fi it's so dirty haha
you're getting guilt for being on public Wi-Fi
I think public Wi-Fi is like a gas station bathroom
you know it really is
have you heard of this black phone called a nom
so I was listening to DarkNET Diaries
(00:22):
we're listening to this podcast
you should definitely listen to that one because they
their podcast is way better than ours
the defense would say okay
well how did you get this data and this information
and they start making up bullshit stories until they can't create
they can't commit perjury so
the biggest risk there is that somebody can steal credentials
(00:47):
hi and welcome everyone to the Ransomware Rewind podcast
in this episode we are talking about ransomware as a service or Raas
we go over a lot of different types of ransomware as a service
we talk about the low barrier of entry for hackers and scammers
there's a lot that we're covering here
we kind of jump around a little bit in this episode
(01:10):
but I think you'll find it entertaining and informative
enjoy the show
so the thing about the
gets me about ransomware as a service is no one knows about it
no one's talking about it
and makes it really easy for threat actors to get into the space
they literally have affiliate plans now
it's just that big where the people that right around somewhere
(01:34):
can tie in with just anyone laying in the clowns on the internet
they're in the affiliate space to go out there and commit crime
and the challenge I have with it is it's on the dark web
and it's just hard to track down
but now anyone can do it so think about it
if there's this low barrier the entry
(01:56):
then it just means it's gonna get take off
that that's the main thing that strikes me about
run somewhere as a service
so ransomware as a service is basically software that
is out there on the web that anyone can download
they pay for a license
just like they'd pay for a license with Microsoft
(02:17):
and then if they use it against somebody
then they pay like a kick
kick back to the person that actually created it
so like Alpha V Black Cat Hive
any of these ransomware companies have
used their expertise to create this ransomware
and they're selling it on the black market
on the dark web whatever to bad actors
(02:40):
just people that are trying to make money off others and scam them
and then they have to just pay them back
you know 30
40% of whatever they ransomed yep
and it's just like what they did
is they created a distribution market with everyone on the web
can just go on the dark web
(03:02):
which anyone can do and then you would buy it just like you would
you have your Microsoft license
and you have your Microsoft spa agreement well
you would do the same thing with the ransomware
and then you put it out there and then as long as they get their cut
you're good
and when I did a little bit of research on this and see all that
they actually have like support lines
(03:23):
they have that are available 24 7
it's a big money maker and not too many people are talking about it
how do you how do you get on the dark web
well there's this browser
torque browser that we're not going to talk about
and then you you've got to use a VPN to go into it
and then your it'll be on a private IP space
(03:43):
but basically what you want to do is you want to spoof your IP
use a torque browser and then um
there's specific IP addresses that you'd use to get into
and then when you get into it
it looks different looks like the old um
DOS yeah
like and there's like the the sites are like message boards
not that I know I'm not that I well
(04:04):
it's interesting because it's so like
ambiguous on what the dark web is
that I think of people knew like what it was
how easy it is to get on there
uh huh
that they would take the stuff a little bit more seriously as like
you know it's not me that thereafter you know
only hackers can get on the dark web
(04:25):
and we're seeing now that any criminal can get on the dark web
with probably a Google search for how to get on the dark web
uh huh um they find the uh
the sites the dot onion sites that they need to get to
and then they can download this ransomware as a service
and they may use it at a place they work
maybe they work at like a cleaning genitorial company
(04:49):
nothing against genitorial companies
but then they just like
insert USB drives as they walk around and clean
and then you know where we got ransomware
they're ransoming
they get a bunch of money
sometimes the Alpha V or Black Cat will do the negotiations for them
(05:09):
and they just take their cut and they give them the cut yeah
just just like a really low barrier
the entry and I don't think most people realize
how easy it is to be compromised
and they can run tools
to scan your network and see if you're compromised already
and you probably are most people are
it's just when I say compromises
where there's openings and someone could infect you with malware
(05:31):
if malware's not on your network as it is
but the
just what gets me
when I take a step back and I think about the whole Raz play is
if you go online I don't know about you
but whenever I seems I go on YouTube or anywhere else
it's like make money online to make 30 grand one month right
well
who do you think's gonna look at the Ransom words the service like
(05:51):
oh shit I can do that I
I'm up for 30 grand a month just by spreading ransomware all over
and oh I'll have the techies do it you know it's not um
it's just not really sophisticated group of people in this space
as far as the ones that are
that are executing it
and it's smart for all the hacker groups to stay in the back
and just manage it because they're getting paid
(06:14):
and there's no exposure for them yeah
it's a franchise distribution model
with no way of tying it back to them hmm
except for the money yeah
except for the money and obviously they're using Bitcoin and other
yeah minero yeah
no one's going on Venmo and see no hacking services malware
(06:37):
so it's track to them that that's not how it works
but I think it's really smart for people to just do the same
the same thing should always do is like keep your
run your patches and updates
the reason why your computer always has to do these updates
because the mowers out there
and these people are selling it to get on there
and if you don't run your updates there
(06:57):
you run a problem getting compromised um
before you go on
can you explain the vulnerability scans and how people can use them
how hackers use them to figure out who to attack on a very base label
the computer has ports that are open
ports are used to communicate with the internet
(07:18):
so what would happen is if you have an open port
and I have a vulnerability
let's say port 1088
and then that vulnerability will go straight to 1088
and it'll infect your system and you won't even know it
and there's certain ports that are common
like port 80 is to get on the internet
port 25 is a email port and so forth
(07:41):
but there's these whole upper level proxy
ports that aren't even monitor
and that's oftentimes how they get into it
so when you run the updates
when you run the scan so say oh
this port is open when it shouldn't be our
there's traffic on this port
when there shouldn't be traffic on the sport
and that's high level that's what the the port monitoring does
(08:02):
also talk about port scanning um
you people it's very easy
just run a port scan to see what ports are open
and what they'll look for is already
is that we know that's not protocol that Microsoft uses
and there's nothing wrong with that
everyone uses RDP it's just if those ports are open
and you don't have a firewall in place
(08:23):
or it's vulnerable
they're just gonna get right into all your data and for RDP
the biggest risk there is that somebody can steal credentials
uh huh and if you don't have multi factor authentication
uh huh enabled they can get into your computer through RDP
which is a legit tool yeah
nothing wrong with it but says it if they have your credentials
(08:45):
which they can get off LinkedIn breaches
ITNT breaches
any breach where your username and password has been taken
they can try all those
uh they also have uh
dictionaries that are specific for you know
cracking passwords so if they have your email and they have your IDP
they can probably crack your password within a few hours
(09:07):
if it's not very complicated
yeah that's
and that's what's concerning because then they have
every company is data and I'll say this
every episode and people need to realize this
need to protect the data just like he would protect your
but you are protecting your customers
you're cut protecting your life and it's so easy just to go okay
(09:27):
I'm gonna go in this marketplace
I'm gonna use this really sophisticated system
that's gonna inject malware into these people
and they're gonna have to pay me
and oh by the way
I'm gonna have these people that are gonna
support this infrastructure
and no one ever know it was me
if just really simple having the patches updates
having in point Protection like we said earlier like MFA
(09:50):
if I have RDP credentials for your business and I try to log into it
first thing it's gonna do
if it has in my face send a message to the phone like
oh shit I don't have my cell phone associated with this account
so I'm not gonna get in all right
and they'll do it with like thousands of accounts at once yeah
so yeah that's it's scary when you think about it
(10:13):
and then think the other thing that that gets me is just
they're getting into this
where they're supplying their ransomware as a service
and people within a certain nation will
you know pay them get the injections in there and get it out there
so again it's just like a shotgun blast people
yeah and I don't think our nation is not guilty of that either
(10:36):
I mean the US government loves zero day exploits
they just don't want anyone else to have it
exactly and them hoarding these 0
2 exploits could lead to hackers getting in and stealing them
which happened with Wanna cry with zero blue right
uh huh clear blue no I think was Wanna cry and clear blue yeah
(11:01):
Clear blue was the Windows 0
pretty much almost brought down the entire world
hmm
so and it's it's concerning with all these centralized systems too
because when not take much to shut everything down
it really would
and it wouldn't have to take a sophisticated hacker either
it could be someone that
(11:23):
but I kind of made my notes is like the Uber of
of hacking is kind of like okay yeah
you want a car to the airport like yeah
I just want a hacker to take down this these company that I hate oh
by the way is this really sophisticated malware that came out of NSA
boom right yeah
so that's it's out there and then the
(11:44):
the nation states are concerning because now you've got like
the people that will be like the
the Uber of hackers
getting access to these really sophisticated solutions and just
wreaking havoc I know I tend to be on the the paranoid side
but it's here people need to be aware of it yeah
in the nation states
and the hackers that are using ransomware as a service
(12:08):
they're probably using similar stuff
the nation states have a little bit more resources
and they're probably writing some of this code
or taking this ransomware as service
as a service and making it their own
um and
they're very well funded
(12:29):
they anywhere there to stop or you know
here Saxis
admins that are at their desk waiting for something to come in and
and stop it hopefully diesel
it's just there's and those guys are so worked I mean
they're so overwhelmed and they're held liable for everything
which is not cool um
(12:49):
but yeah that's
that's my biggest concern and we know our own country is
is doing that to us and everything
why wouldn't they do that to other countries
and it'd be so easy for them to do it's like hey
it's not us I went on the dark web and some random person in China
yeah they got blame it on him meanwhile
(13:12):
it's our country you know
hiring people
I know I'm jumping down the rabbit hole here putting on my 10 hat
but what's the stopping from doing that
cause it's not track back to them
you can't say who knows the NSA would do that
and obviously the other countries do the same thing to us
and it's just so easy to do
have you heard of this black phone called a nom
(13:34):
yes okay
so I was reading now I was listening to Dark Knight Diaries
which if you haven't checked that out yet
you should definitely check it out
if you're into this kind of listening to this podcast
you should definitely listen to that one because they
their podcast is way better than ours
but hey they inspired us yeah
(13:54):
and then into that point I I know that we're not super technical
we're more on the business case however
I think the business world should start listening to Dark Diaries
and I do think that they need to be aware of that world
instead of just dismissing it as some geek stuff right
it's not an it problem it's the whole company's problem
(14:15):
exactly and that's kind of what by Joe and I into this world
as in obviously doing cloud sales and data center sales
but it's just when I started seeing
the attacks like DDoS attacks were they just shut down 10 gigs boom
and you back in the day is really expensive
now this falls right into what we're talking about
you can rent a DDoS attack for say
(14:37):
like $2,000 and take a company down
he did that to a financial services company
you can wipe them out you know
you shut down trading for a few hours so hey
you brought a baby point
I don't mean to be labor the point but darn it diaries is great
and I think people in
our side of the table that are on the business side
(14:57):
should pay heat to to what's going on in the in hacker world
I'm so fascinating too yeah
so this a non phone right
they got the guy that was
putting it out there and advertising it as like a phone for criminals
so they can talk and text and do everything
(15:17):
and the I don't know if it's a CIA or FBI got a hold of him and said
hey we we can you know
take you to jail or you can cooperate with us
and we're gonna bankroll your phone company
and you we want you to give these phones to like all your criminals
sell them out you know
(15:38):
like they're the most anonymous phones out there
and they were like
spying on every single person that had these phones
I remember that it was fascinating because they had like high
level people in the cartels
in various criminal organizations that were using these phones
under the guys that they were private
(15:59):
and in actuality it could have been worse
if that was a fascinating story
and the police had to
make like
little excuses of how they figured out how to take these people down
because court a law too they couldn't say like
we did it from the enomphone
because they wanted to keep that secret
so that they could keep taking down more and more people
(16:22):
so I think it there's some moral ambiguities there with with spying
like what crimes are we gonna actually pay attention to
just violent crimes or if Johnny's cheating on his taxes
should we like you know be spying on him
and then some of these people weren't you know broad
(16:43):
they were Americans
so are we allowed to spy on Americans if they have these phones too
the answer is yes obviously yeah
maybe not in a court of law
but the way it works
and I remember reading about that because it was so funny it's like
the defense would say okay
well how did you get this data and this information
and they start making up bullshit stories until they can't create
(17:05):
they can't commit perjury
so eventually had to come down say okay yeah
we have this whole phone is network and the guy Vietnam phone
but it's a fascinating story
I'm glad you brought that up I wanna read that again absolutely
and they funded it yeah
they funded it funded the phones
it was like a startup it was
they had like factories and phone fun factories and distribution
(17:30):
and it was legit yeah
it was legit company just all funded by the FBI
kind of like the
what was that one where they gave the guns to the criminals
I remember that they had one down in the border
it was the named after that horrible but really entertaining movie
fast and the furious fast and the furious yeah yeah
(17:54):
yeah
they were hand that franchise forever
they ran into the ground yeah
well it wasn't bad enough
but apparently they I mean
we got a freeway behind you
there's your episode of fast and the furious right
but yeah I remember that
you know that it's just so bizarre
like why would you
so they sold guns to criminals to catch the criminals
(18:14):
what's the logic in that but who knows
in the same way
goes into digital world or selling ransomware to criminals
which he ran up a good point though
or I kind of thought on top of my head
when you go to these exchanges
how do you know it's not a nation state
or someone like the CIA or FBI that's selling you the malware
(18:36):
you go out and commit the crimes
and they got all the evidence they ever need to convict you
it's a good idea yeah
it really is like that's what I would do if I was um
on the law enforcement side
well shit
I'll just I'll see you through the whole thing right Nicole
yeah I think exactly what it is undercut the competition and say no
(18:58):
we're only gonna take 15% of your take on these ransoms
and we're not gonna charge you a monthly fee
you should definitely buy ransomware as a service from us
and then it ends up being a big sting
hmm and it's faces
the ones doing it are not that sophisticated means ones buying it
because otherwise they would just execute it themselves
(19:19):
so the the law enforcement agencies can find a ton of people
we're not giving any suggestions
just say
be really easy to do
idiots Bunny ran somewhere online
(19:42):
just Google how to get by ran somewhere online
I'm sure it's easy haven't done it yet
make sure you Google it on a on a brave browser with a VPN
that's all I got to say an incognito mode
definitely be an incognito mode
just move your IP double spoof it
double spoof it yeah
(20:04):
have you seen that double spoofing yes
it's like a hopping what's it called
a IP hopping an IP hopping
but like with
the way you have to do is
you have to be on a completely different subnet
and then not only that you can go geographically
which is kind of funny he play with it like we're in San Diego
it'll make it look like I'm in Russia so when I run an attack
(20:25):
it'll look like it's coming from Russia
when actuality is coming from San Diego
right or the other way around
a few are a Russian hacker
and somebody's smart enough to make it so that
you can't hack from another country
then you can use the VPN directly hack from here right
(20:46):
cause
you know if you are configuring your
your settings if you don't have anyone abroad
you should have your setting set that nobody from abroad
get into your network exactly
or log in if they have credentials if you don't have MFA
that's one more Protection
hmm
and that's really common too
(21:07):
cause a lot of companies have their developers
or outsourced in other countries do you use a VPN
sometimes yes sometimes no
so the answer would be no
like when I'm at like on my work computer
yes at home on my regular computer now okay
I probably should I started using one
(21:27):
it's interesting
a lot of apps don't love VPNs
you kind of have some of problems with it but like I was saying before
like if I'm using my VPN and I have it accidentally in Canada or
or Zurich or Switzerland whatever um
then I can't get into my you know
(21:49):
email or anything like that
we have those settings right
yeah um
but then I switch it back to the US and then I'm in right
challenge I had is it just created lag and I think I've got
that's why I got kind of lazy with the VPN
it just created lag what I had to authenticate
and every time I went to go do something and had to authenticate
and I was like I just don't wanna deal with this I can see with work
but like on my personal computer
(22:11):
just looks like I don't even care how I deal with this
I got lazy quite frankly yeah
and I was using uh Z Scaler and I'm sure Z Scaler is a fine product
it was just
it's just anything that adds complexity in my life
I hate and I just hated authenticating
every time I went to go use these scaler
(22:32):
to use an application
yeah so that's an interesting point
I've been using Surf Shark
and I like it because they give you unlimited devices to
to do it on hmm
I haven't noticed too much lag um
so I've been enjoying using it
especially since
(22:54):
you know it's just one more way to protect myself
when I'm like using public Wi-Fi or
you know um
although I don't use public Wi-Fi I always use mobile Wi-Fi if I can
um very rarely well
I go on public Wi-Fi it's so dirty haha
(23:15):
you're getting guilt for being on public Wi-Fi
I think public Wi-Fi is like a gas station bathroom
you know it really is
don't wanna use it if you don't have to
that's just that you gonna scare people from using public Wi-Fi
that'll do it yeah
it is like to public bathroom just don't do it
airport Wi-Fi is like an airport bathroom
it's like it looks it looks clean
(23:35):
but you know it's not clean yeah
you know
it's not people from all over the world have been in and out of there
it will not pass the the blue light test of the black light test right
so yeah VPNs are good for for businesses and personal
I think I I had this video about how like maybe VPNs are obsolete
(23:57):
because there's this hack called tunnel vision
where people can sit on your network
and they can actually like redirect your VPN traffic
but then I thought about it
and it's only gonna be a really sophisticated hacker that can do that
and every type of control has some kind of
way of a hacker to get around it
(24:17):
but every time you put up a control like a little wall
it makes it harder and harder for them to go to you
and they'll go to the next day because you're too hard of a target
pack oh
absolutely
in human nature is we all take the path the least resistance
so the harder you make it for them the better
and it's I'd much rather have this minor inconvenience
(24:38):
even though I complain about like authentication and so forth
you'll be a lifesaver literally
and when they're scanning like thousands of computers
you don't want to be that one guy that's just sitting out there naked
getting this willing to get attacked
you know and going back to the scanning
um I think another thing that those
(24:59):
scanners look for is like legacy software
uh huh like end of life software
I think you wrote that up um
there's something's going on right now is Vmware stops
they got bought out by broughtcom as everyone knows
but they stopped supporting ESXI the free version
so what that means right now is there's people
(25:21):
that completely vulnerable using ESXI
the free version and hackers are taking advantage of it
there's already malware around it
and there's like
thousands of servers right now that are being compromised
because they're not getting patched
they're not getting update because you can't
you got to take
take them offline because they've already got viruses out for that
(25:42):
so if you running Vmware and you're running the free version
ESXI guarantee you're being compromised right now
can you explain what that is
yeah like well I know the m means virtual machine right
well BM are pretty much dominate
and I still do enterprise space for virtualizing servers
(26:05):
so when they virtualize the server
they have all the Vms they have to pay for the software
which is VM where to create those Vms and to to orchestra the Vms
what a lot of people did like
let's say you had an office
10 people and you don't wanna pay the licensing fee for VM
(26:26):
or you would get ESXI and then with ESXI
you can set up your little print VM
your little Active Directory VM and you can run your office from
it's pretty cool and um
now that they got rid of the free version of ESXI people
and it's just it was very introductory
(26:48):
it's just for like small offices
and that was the main thing it was used for
but now that broadcast purchase Vmware
the person that's running a small office that has like
say a server in the closet that's running the free version of Vmware
uh
running those little Vms like I was talking about
they're gonna be compromised
(27:08):
like whatever data is going in and out of there
and some people say what might
maybe the inpoints are protected
but no
the server itself or all that data is going in and out is compromised
if you're running that free version right
and if they can get to the Active Directory it's all over yeah
cause they can authenticate
huh
so if you're out there and you're running free Prius ESXI E X SSI Echo
(27:34):
Sierra X Ray India okay I'm not gonna get that
sorry
such a cyber security move it's fine I don't care yeah
people it's very common
there's millions of people that run that that operating system okay
(27:54):
yeah
yeah I mean
end of life software
people can scan for it
and they can put you in a category that's using the Vmware
and then they're gonna target you
you're gonna target and same with all the people on
I'm gonna go on a die trip
so bear with me
like all the people out there running Windows Server 2008
(28:17):
you you gotta upgrade I know you don't wanna do it
you either move to the the cloud
upgrade your operating system to the lives operating system
because people are looking for that all day long
I had a client in the past that was an attorney
and he was literally running uh
Windows 2003 he got malware and um
(28:37):
he didn't have enough insurance he got in the world of trouble
he didn't get this part or anything
but it really had a big effect on himself and more importantly
his family and his livelihood because they shut down everything
they shut down exchange
they didn't have the custody emails with his clients
and all it was
is just not upgrading his operating system to a version
(29:00):
it was an end of life
so what do you guys like want to cry
or are you remember the specific one
one of those old it was one of the older ones
but the point being is people scanned the network
and if you're sitting out there on an in the life operating system
that's they can't be patched when you call Microsoft say hey
can you patch my Windows 2003 server
(29:22):
they're gonna tell you go to hell it doesn't it doesn't exist so
that point being I kind of digress there
some of you go get ran somewhere as a service
they can go find anyone within the life software
and there's for whatever reasons
there's like attorneys accountants
people that have tons of exposure
(29:43):
are on these end of life operating systems
and boom the bad guys are in there and they're
they're just sitting out there like sitting ducks
okay I'm done with my rant
don't use end of life's operating systems God damn it yeah
I think there's like modems out there too I think the link just yes
(30:05):
but one of their modems out of service
or they're not gonna support any more
like something 8 9 4
if you have that in your modem
don't don't use that one anymore
and they're still like selling these modems
that's concerning in like South America and stuff
so that that is concerning
(30:26):
there's there's no support for them
there's no exploits and people are buying them because they're cheap
uh huh
they're not gonna be so cheap when they have all your data right
but yeah that's I know I kind of went off topic there
but it's it does tie into hey
I can go to this marketplace get ran somewhere and I'm gonna be the
(30:50):
I'm gonna get the easiest targets because of the in the life
operating system and not running patches
now the insurance only goes so far by the way
you got to have good insurance
and you've got to make sure that you have Protection in place
absolutely
you want to talk about defending against ransomware as a service yeah
the best thing to do is just like any other ransomware
(31:12):
is make sure you run your patches
make sure you're not running into life software
and make sure that you have in point Protection and MFA
so again you just don't want to be the target
you just don't want to make it easy
that's the main prevention you can do
and then I would suggest your larger organization
(31:33):
having an MSP or having a see
so look at your your environment
and how do you do that
you hire a C so like hired there's like rent a C
so there's like my company
Rapid Scale is managed service provider
where you're hiring someone
where that's what they do is monitor your network
and it
there's companies like where you would have sock is the service
(31:57):
it's all contention on the size of your company and the need
but you gotta do something it's cause if you don't
you are gonna pay the price
a few other things you could do regular backups test your backups
have an instant response plan
so you're so you're ready in case you do get hacked
(32:20):
you know exactly what you should do
you can learn a
lot from those incident response plans and tabletop exercises
in order to understand
if somebody got in through this network
or through one of our computers how far can they get
can they move laterally and how do we isolate them right
(32:42):
if you're looking at your table talk exercise
and there's no way to isolate them
because your network isn't segmented
then that's something that you should invest in
absolutely you need run books
you need to
and it's something I got called like the dead man process is like okay
so how long can we go without access to our data
(33:03):
a lot of companies is not that long
and you got to figure out a contingency plan and run back UPS
just disastrous recovery like hey
how long can we go and then you you adjust from there
but don't go to the table
thinking that it's never gonna happen to you
the more valuable your data
the more probability is gonna happen to you alright
(33:26):
and who are you gonna use
what vendors are you gonna use for your incident response
if you don't have insurance
insurance usually takes care of that
then do you have an instant response company that you're gonna go to
right
do you have a retainer with them because if it's a large scale event
they're gonna go with their clients and give them the service and not
(33:47):
you know Jim from IBO that's calling in yeah
exactly and then I
I like companies like Zurdel
Zurdel does a really good job of getting
think everything up and running quickly
but yeah I caught the guy in the truck
you don't rely on the guy in the truck
that's just managing your local network to create a Dr plant for you
(34:08):
I definitely say go with the professionals
and some of these IR firms have $0 retainers
uh huh so you can retain them
get to know them maybe buy a few services from them if it makes sense
they get to know you get to know your network
and then if you do have an incident
you have somebody to go to
you already signed up with them
(34:28):
and that crucial four to 24 hours after the hack
you're not spending time signing paperwork and negotiating rates
that's a really good point and those four hours are critical
that's a really good point
you wanna be prepared it's like the the old adage
the punch that knocks you out is the one you don't see
(34:50):
if you're not prepared
you're gonna get knocked out you're not gonna see that punch
yeah
it gets real it's real really quick
it's just not real until you get punched in the face yeah
Mike Tyson quote Mike Tyson go yeah
everyone has a plan until they get punched in the face yeah
well that's pretty much what this world is like
(35:11):
you better have it better hold on to that plan cause you
are gonna get punched in the face
and I laugh at like I
I've seen it before like I I remember a company that was and uh
it's a hipaa compliant Sass company and they came into work
every last person in the work booted up their computer and boom
just had the ransomware message everyone
(35:32):
even the executives that were working remotely
so when it happens to you it's no joke
yeah it's pretty serious when you have a ransomware attack
that's why you should buy aside their insurance
it's right called Joe at c 3 right now
(35:54):
yeah cyber insurance solve so many problems um
because it kind of comes with
a panel of people that are already
pretty negotiated for you with the insurance company
even if it's like an uncovered claim and you go through
part of it's uncovered and you go through the insurance company
you're gonna still gonna get their discounted rates
(36:15):
which may be like three
50 an hour for like a junior partner where if you get off the street
you're paying like six 700 dollars an hour
um
they're gonna have the incident response team
they're gonna have the breach council
and these guys are on the spot
because they wanna get more and more business
these insurance companies
you know I see these guys at the insurance
(36:36):
the cyber insurance conventions and they're talking them up
dining them out you know
cause they wanna be the person they call when there's a cyber breach
now
having a $0 retainer
or some retainer with one of those companies already
is still gonna get you service a little bit faster
because there still is some kind of negotiation
(36:57):
and deciding on who you're gonna go with
and just that time and deciding like what vendor to use
can be a crucial amount of time as well
absolutely
and then I was shocked yesterday when I called you because the
the person I speaking to said yes
I was compromised
but it was only $15,000 and the insurance company covered the claim
(37:20):
and trust me my dad was a manufacturing company
my dad is way more important than that 15 grand
and it just like I was so grateful I paid that premium
and they just in their particular situation
they weren't that tech savvy they had all the data was on premise
but it had the you know proprietary information
on the manufacturing plan of the things that they're making
(37:44):
that their customers paid them to make
and the guy was just so grateful as like
I'm glad I had the insurance got to take care of it if I didn't
I would have been screwed and he said like again
I was fortunate was only 15 grand but by to have the insurance
where would that come from
oh by the way
the whoever was was very persistent so they were sophisticated
(38:05):
they just were not gonna give him access to his computers or his data
you could probably say that they could have asked for more money oh
yeah
15,000 is a very low request I think the average is about 800,000
which is probably why they paid the claim so quickly too right
I mean that's like a day of downtime is $15,000
(38:28):
you gotta just get that paid depending on
you know the size of your company
and that was what he experienced
it was so low that they just paid it right away
and then we're having conversations about obviously
securing everything up so it doesn't happen again
but it was cool that they they paid the claim that quickly
they got their data back bad guys left them alone
(38:50):
I don't know all the details
cause they're obviously only willing to disclose so much
and they don't wanna be liable
but yeah
I being after the fact and seeing what happens after the fact
I can't stress how important is to have cyber insurance yeah
and the insurance companies want to resolve it as fast as possible
because
(39:11):
most cyber insurance policies come with business income coverage
which means that they're gonna pay for the net loss
an income for that company if they're breached
so every day that they're out
the insurance company is gonna have to pay the company back
for the net their net losses yeah
so they're also they also have skin in the game
(39:33):
so they wanna either pay the guy off fast
get the claim
you know process as fast as can
and if you have to rebuild your systems
you know
don't spare an expense to like save some money because you know
you don't wanna have like 2 day shipping yeah
we gotta just like get these servers in here and and get it rebuilt
(39:55):
exactly and then
and then like the fact that
you made a good point
that the insurance companies have skin in the game
cause it is not like a car accident
and you want leverage and you want it to be
in your favor for the insurance company to get everything resolved
and they have a lot of professionals that can
can work with the infrastructure as well
(40:16):
so go insurance woohoo yeah
well I get on the cloud side and the data center side and I we laugh
but I gotta tell you after the fact
you're like goddamn
I wish they had insurance
cause I've seen companies be taken out
cause they didn't have insurance
yeah and that's so inexpensive right now
uh huh like
this is just a hypothetical
(40:38):
but maybe we had a call from a client that could have bought a forty
two hundred dollar cyberinsurance policy
he's been hacked he's been out
he's had over 10 days of downtime and it's like a you know
recycling company and he's refusing to pay the Ransom
(40:58):
it's like dude what are you doing
he hasn't even called an incident
response firm
he's trying to get like his it people to figure it out
I'm not gonna figure it out
it's no that's why I was actually
is the guy in the truck is not gonna figure it out
I mean like
let's so
let me say you got ransomware that was created by the NSA
that some kid bought
(41:20):
and now you think that you're gonna outsmart the NSA no
you're not
and you're not gonna just I don't I can just drive this every day
like people have like hey
my friend's a tech guy
just cause someone can configure a d link router
doesn't mean he's gonna be able to get your
your computer uncrypted it's just it's not the world we live in
(41:43):
no
it's okay to ask for help people yes
it is
and I hope eventually that person makes the right decision
cause he needs an instant response team to negotiate on his behalf
and figure it out
yep
so are there any trends and ransomwares of the service
(42:04):
like what what's happening like where's this going
is it growing
it's definitely growing what about like AI is that changing it
I'm sure it is I just added really confine too much about AI being it
what it is is just it's taken off because all the
it's the affiliate plans like the the Raz companies
(42:24):
if you want to call him companies have affiliate plans
so picture your guy that's sitting there watching
the Grant Cardones of the world like
oh shit I want to be rich like Grant Cardone
just fucking real estate shits hard
I can get into ransomware as a service sitting
I think you know
through that affiliate plan
and I think that's where the true danger is
(42:46):
the danger is not in the people that are sophisticated
it's not in the people that are living that world
I think the real danger is that it's going to the masses
the ignorant masses that can just now spread mawer everywhere
and and is it all on the dark web
or can you get some of this on the regular web
(43:06):
I'm sure you get some of the regular web
the majority of it's on the dark web
but again it's so sophisticated in the in the at the actual attack
but what they did is they created a distribution system
cause they're not gonna be held liable
let's say I went to go buy the buy this uh
malware from a company
(43:27):
they're gonna get a percentage of the money back
and law enforcement is gonna see my IP address
law enforcement's gonna see people that could be connected me
indirectly or directly they're not gonna find out the source
cause think about it's like the kernel
let's call it the like the kernel and if you're doing code
(43:48):
then I have access to the kernel
but they'll have access all to the end users and the
threat is
that they can just keep producing this malware and never be caught
all right the people be caught or the people think all right
I'm gonna make 30 grand a month with malware
and if these big hacker groups like Black Cat
(44:10):
um who was taken down by the FBI earlier this year go FBI um
they still will come back and they'll evolve
and it only makes him stronger exactly
it's like deliver practice
so it's a cat and mouse game
(44:33):
it really is you know where but it's all going on mice yeah
that's the real problem
you can only check the cat can only chase somebody mice yeah
and you have these uh dark Bert dark Bart um
fraud GPT AI is helping the common person that can't code
code malware
(44:54):
so even you know some college kid that's you know
a computer science major that just wants to mess around
can write some malware very easily
they're they're actually
the
computer science kids are
100 times better than the majority of people doing this
in my day cause they'll despite their own code
it's I go back to the frosters of the world
(45:18):
now you're opening up to the door to the fraudsters saying
people that were doing
oh god I don't know how many scams are out there
I saw one that was hilarious where oh yeah
solar power dryer and what they were selling is a clothesline so they
but hey that same guy that was selling the clothesline
(45:41):
you know he has this big pitch
you know this ad copy like
oh save energy
save the environment he sent you the clothes line
that's the same guy that's gonna be selling malware
solar power dryer oh my God
good repackaging yeah
exactly something old
how's that for add copy yeah
that's pretty much all I got on on Raz
(46:04):
but it's just I keep going back to the same thing is like
be careful and don't make yourself honorable
have disaster recovery plan in place
make sure your end points are protected
and make sure you have insurance
absolutely
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.