[2017-05-15] NH Today – Tech Talk
On This Episode…
Joining Jack today for a quick talk about the recent ransomware attack, and how it was accidentally stopped. Plus, some quick tips on how to prevent being a target for attack.
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 05/15/2017
What you can do Against the Current Ransomware Attack
Craig Peterson: Hey, if you want to know more about how to protect yourself from what to do after this ransomware attack, I went through with Jack Heath this morning. Busy morning. I’ve had like 5 radio hits today.
Jack Heath: Joining us now to tee off the next segment, Craig Peterson. Busy guy this week and I don’t think he stops since word of this ransomware really broke Friday afternoon. He joins us back on the Auto Fair listener lines when he gets your back after the break as well. But Craig, let’s just take a few moments. Do you expect more problems and more headaches for businesses as people log on and get going in this Monday morning?
Craig: Yeah. This is a big, big day. This is the biggest we’ve ever had from a ransomware attack standpoint. It is truly worldwide. There were so many countries infected and as you show up in businesses this morning, you are going to find machines infected. I’m looking right now at a special malware map that’s real time that’s showing where these IP addresses are located, that are currently infected and are spreading or at least trying to spread. And we have an uptick since last night when I checked it. So right now the totals are 193,000 computers have been infected worldwide. Now that doesn’t seem like a lot. But remember too that many of the computers that are infected are blocked from getting online. They can’t. But it is spreading. It’s spreading like crazy. It has slowed down for now. But there is going to be an uptick in businesses. Whoa. The effects on this is crazy. There’s only one malware company I’m aware of, and I’ve checked them all this morning, that has actually been able to protect against this. Now there are ways to have not gotten this and there’s ways that’s getting in as well.
Jack: Well, what do people do not want to do so this attack or another one, what don’t you want to do in a very simple way? If you’re an employee or just an individual with their own system, what do you not want to do?
Craig: Well, what you don’t want to do, this is just general good advice and you’ve given it out many times this morning Jack, don’t click on things you’re not absolutely positive about. Now, unfortunately, every operating system out there has vulnerabilities. And many of the vulnerabilities we don’t know about until they’re exploited. So step 1, don’t click on stuff, particularly in email. This one is different. And that’s why it’s spreading so well. It was well designed by our National Security Agency.
Jack: This is where the leaked NSA spy tools they’ve coupled together right?
Craig: Two of them. One called Eternal Blue, and the other one’s called Double Pulsar. And what they’re doing is they infect the machine, but they then try and cross-infect. So they look to see if there are any machines on the current network that are using file-sharing. Now Jack, in your home, you probably don’t use file sharing. In businesses you use it all of the time. And so depending on how it’s configured, what will happen here, how your machine’s configured, is it will go in via the file sharing. It also comes in via the Microsoft Remote Access Protocol that allows you to remotely get on to your computer. So if at your firewall you are exposing your file server, for instance, or you’re exposing a method to get in directly without using certain types of VPNs, you’re in trouble. So, let’s talk about a couple of clients I won’t name and some other companies we know about like Renault and like FedEx, they have what is called WANs, Wide Area Networks. So they have multiple offices in multiple cities, countries, etcetera. Those WANs allow all of these offices to link together. Now what I do with a large company like that, that has multiple offices and wants to connect, is I highly restrict the information that can flow and who can get at it? Who can get at what’s in that set. Here’s the problem that a company like Renault and FedEx and many others who aren’t going to ever report that this happened to them. Here’s what happened, it got in probably through RTPs, through this remote Microsoft protocol, and then once it was in, it started spreading through this Wide Area Network. So all you need with this is Jack, one machine infected. And then once that machine’s infected, it will spread anywhere it can go.
Jack: Right now, real quickly, if you were a tech like Renault, the French automobile maker, I think FedEx, and you were, I think I saw. Maybe I’m wrong. Wasn’t FedEx one of the big American companies hit?
Jack: Ok. So if you’re the ransomware, they basically seize your files because somehow the virus gets in. They’re holding it. Theysay you have 48 hours or these files are going to go away if you don’t pay X amount of bitcoin. Do these people have to pay to get their files and access back?
Craig: Well here’s the big trick. If you have a good backup, you at least have a way to recover. Because what they’re doing is they are charging you and more specifically what they do is pay us $300 in bitcoin.
Jack: Which is how much in US currency?
Craig: No, $300 in US currency. In the equivalent bitcoin, ok? So it’s a fraction of 1 bitcoin. Because it’s worth so much right now. But if they say pay us $300 or in 2 days we’re going to double the ransom, and then 7 days, your files will never be recoverable. So people, you see that on your screen and you get this stealing in the pit of your gut, I picked up a bunch of new clients here helping them out with this problem over the weekend. We have been busy since Friday. So if I sound a little punchy you know why.
Jack: No, no. I mean I get it. So it’s important stuff. This is just… even though this was one of the biggest, it’s highly unlikely if you think this is not going to be more of a normal thing given how everything is so high-tech and everything is so, you know, portable and wireless and it’s going that way so it’s a bonanza for the bad guys.
Craig: It really is. And I’m so frustrated with this Jack because you know, I’ve been doing internet security since the early 1980s.
Jack: You’ve been doing internet security before the internet.
Craig: Exactly. It wasn’t even called the internet.
Jack: Before Al Gore invented it.
Craig: Yeah, exactly. So I’ve been doing this for a long time and I’m fit to be tied here. This is crazy. People shouldn’t be victims of it.
Craig: That’s why I’m doing this webinar.
Jack: But Craig you look at how, you know, criminals take advantages of people of physical property. You know, it would be naïve to think that were not going to see more of this when it comes to the web.
Craig: It’s going to happen. It’s going to happen. That’s why I’m doing the webinar.
Jack: Alright, tell us about the webinar.
Craig: Ok. It’s probably going to be Wednesday afternoon. i have jury duty this week. But I’m going to walk you through exactly what you need to do on your personal computer to stop this kind of crap in the future and to keep yourself safe as well as for businesses. There’s a lot of small businesses out there that don’t have the right advice. So I’m going to help you, I’m going to help your tech people, but you have to send me your email address. I can’t tell you exactly when this will be or how to get on. So if you email, if you send me your email address, just text me. Pick up your phone and open it up to your text program. Text me at 855-385-5553. Text me your email, and I’ll go ahead and let you know exactly when we’re going to hold it because this has no charge.
Jack: What’s the number again, Craig?
Craig: It’s 855-385-5553.
Jack: Alright. Thanks Craig.
Craig: Thanks Jack.