Attila:
basketball they're like it's football season you moron
Matt:
and you know who shohei is
Attila:
no i don't
Narrator:
you're listening to the cyber secured podcast helping you become safer in every way now your hosts Matt and Attila
Attila:
Welcome to the Cybersecurity Podcast, Hawaii's number one cybersecurity podcast.
Matt:
Welcome back. This is Matt.
Attila:
And this is Attila. And today we're going to talk about the anatomy of ransomware. Anatomy is what goes on underneath the skin.
Matt:
Yeah, what's happening?
Attila:
So ransomware is a bad guy who's gone inside of a computer, somewhere inside of a network, and they've decided to encrypt the data.
Matt:
And it's usually more than one computer, right?
Attila:
More than one, yes. And so they've wormed their way around the network. and they decided to encrypt. And encrypting means that they use military-grade encryption to take all your files and change them in such a way so that you can't access them.
Matt:
Well, they just actually use what's on the computer, which is military-grade, but there's certain cryptography tools within the operating system that allow you to do that.
Attila:
BitLocker's the big one.
Matt:
Yeah.
Attila:
And once it's encrypted, if you want to get those files back, you have to either call the number or reach out onto a website or do whatever they ask on the screen to be able to pay them a ransom. and have a decryption key sent over along with the utility they usually provide which doesn't work very well but different topic and they'll they'll give you the key and then you can decrypt the files and you're back in business and if you're someone who's you know just using your computer for day-to-day email and you know social media no big deal but if you have all of your wedding photos on there or your baby pictures or pictures of your grandparents who are no longer with you. That's a problem,
Matt:
Right.
Attila:
And then the one step up from that is imagine that you're a business and you have 50 to 100 employees or 150 employees. Every hour that they're unable to work, you still have to pay them. That's thousands or tens of thousands of dollars per hour. You're dead in the water.
Matt:
Well, that data will usually include archive of information, stuff that goes back years because you've been in business for how many years and you need to be able to reference documents and stuff that goes back to old client data, historical things, compliance needs. That's a lot of stuff that once it gets encrypted, yeah, you're stuck in the water.
Attila:
But you know what everyone wants to know? How much money are they asking for? That's the question I always get. So I will share with you what we have firsthand personally seen in terms of ransomware.
Matt:
I actually don't know this number.
Attila:
The smallest number I've seen is $15,000. The largest I've seen is about $815,000.
Matt:
Really? Okay.
Attila:
So it's a big variety.
Matt:
A lot Smaller than I thought. They've got to be realistic.
Attila:
You're not going to get $100 million out of a company that's out here. But if you do get encrypted, let's say you're a bank or a hospital, they're asking for $100 million. I think Colonial Pipeline, if I remember right, was around $120 million. And they paid it in such a way so that they could trace it. And they were able to claw some of that money back and figure out who the bad guys were.
Matt:
I know that in recent years, there's been the ability to reverse wire transfers and be able to also track down things called...
Attila:
Pachinko?
Matt:
yeah. So in... Japan, we have this in the United States, but in Japan they have this game where there's a little marble that starts at the top and then hits all these different little nubs and then it falls and your desire is for that marble to fall into like a specific bucket at the bottom. And depending on the bucket it falls into, you win or don't win or you win a lot or you win a little. But the point is, it's very random where that marble is going. so the bad guys when they get paid in crypto they have a system like this where the crypto is funneling through all these little pegs these little wallets and it's just constantly sifting through it was their way of being able to make crypto transfers kind of untraceable and then they would like you know put it into a single wallet and at that point they would like sit on it until they're able to get it out some way physically They've traced this with the Lazarus heist, the North Korean hackers that have been able to funnel money into North Korea.
Attila:
But I've heard that they can't actually cash out.
Matt:
Right. They have a hard time cashing out, especially when it's large, large sums of money.
Attila:
The big question is, of course, you know, am I going to get my money back? And I just want to make sure that for anyone listening, there's no false hope here. Most of the time, the money's gone.
Matt:
Yeah.
Attila:
Like, we're talking like 99.99% of the time. Money's gone.
Matt:
Yeah, absolutely.
Attila:
Ransomware is not just a shot in the dark. It is part of a larger attack chain and ecosystem that can really destroy a company.
Matt:
So back to the anatomy.
Attila:
Initial access brokers.
Matt:
Yeah.
Attila:
Double extortion. Triple extortion.
Matt:
They probably exported all your data.
Attila:
Exfiltrate is the big word.
Matt:
Yeah.
Attila:
The best defense is really good detection and really good rapid response.
Matt:
Not everyone needs to be a cybersecurity expert.
Attila:
Exactly.
Matt:
We need people to fly planes and fix pipes.
Attila:
Ransomware. We got sidetracked.
Matt:
That always happens.
Attila:
Stay tuned for our next episode.
Narrator:
This episode was brought to you by Cypac. To learn more about keeping your business safe from threat, crime, and disaster, visit Cypac.com.