Craig discusses Ransomware and what you need to keep safe. Listen in to find out.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] If you’re a business and you’re under attack, how would you know. You’ve got to have the right tools in place, the right training, the right response. In fact, if you’re a regulated business, it’s the law. So let’s run through some of the ransomware signs.
Hi everybody. Craig Peterson here.
What are the signs that you might have ransomware or that you are about to get hit with a hack of some sort, there are a lot of things to be concerned about out there? So many businesses have multiple different systems and they try and have their poor, it, people, security, people monitor all of them.
And then when something’s underway, none of this stuff is integrated. Very difficult to use. In fact why, as I was preparing for this segment today, I was out poking around and I found this article on dark reading and they have a big ad there for somebody bill DNS, DB. It’s like a superpower for threat hunters.
That is a very narrow tool and the right way to do all of this is to have something that’s watching everyone, everything going on your network, on your computers, on your switches, everything that’s coming in from the outside, pulling it together with the DNS stuff and trying to figure out is this something you should be worried about?
And we’re going to see more and more automation as time goes on. That’s really going to be doing that, then, that’s a really good thing. As far as I’m concerned. You might have a memory of last year. I don’t know Tony. Tony is quite the year. Isn’t it? Where last weekend, the pretty much whole internet went down and they went down in a big and nasty way and it was caused because a company bought another company and they bought level three and level three was actually a very high-end internet provider.
That handled a lot of the internet backbone they still do. They were bought by a company that had previously brought the internet down by making a big booboo. They did the exact same thing this last weekend. They brought a down through some routing protocols that are BGP and how they were doing it.
they use some. anyways, we won’t get into all of the details, but it really stunk because all of a sudden now, All kinds of portions of the internet no longer worked. you couldn’t get online. All of the major guys, Amazon and Google, et cetera, got problems. Some of them completely knocked off the air.
And I think it was like a six-hour stretch. It took them a long time to get back online. Now, the first thing we started to do is figure out, wait a minute. Are we under attack? Is someone trying to attack our customers? And we hadn’t gotten any act of alarm for many of our AI systems that monitor all of our customers’ networks.
So we’re trying to figure out, what else is going on? So we got on and manually started looking. We didn’t see anything that was terribly suspicious, just the normal hack attempts. We get multiples of those every second, sometimes, but at least a dozen every minute, a hack attack against our customers.
so we then said, maybe it’s a little further out. So we went on LTE on our phones so that we were not using our internal networks that were having some sort of problem.. That didn’t work either. It was just absolutely amazing. So we were able to get a link up and figure out what was going on.
And yes, indeed looking at our BGP tables, there were some major problems happening. We saw this happen before China routed our data. In fact, to all of the phone calls from the Washington DC area. At one point, they routed them all through China. Russia has done this to us before. man, in some ways we’re just too trusting.
but I don’t know. So we were trying to figure out what was happening now. The good news for us is we have a big integrated system, which in this case turned out to be a little bit of bad news, because just like this tool, I just mentioned to you, this DNS tool, our systems also relied on the internet because we have a huge database we use from Cisco.
If it has billions of transactions in it that are on the internet. So we can look and compare and see, Hey, is this being seen somewhere else? Is this something we should be looking into and digging into? And the answer turned out to be no, it’s, it really was a BGP problem or robbing problem.
And I don’t know. Why level three was sold to this company. That’s messed up the internet before, but, they did again last weekend based on everything I’ve been reading out there. So how can you tell if you’re a small, medium business, You’ve got a couple of hundred employees, maybe a hundred and you are most likely you’re using.
A break, fix shop, and you’ve got one or two people internally that kind of like computers and they got their MCSC or some other basic certification. You’re trying to figure out what’s going on. So let’s do, I’m going to go through now. This is, this will take a couple of segments, frankly, and if you miss any part of this, make sure you go to my website, Craig peterson.com.
You’ll see the podcast section there and you can go ahead and have a listen so you can catch the rest of it. Attackers, they’re trying to get in your network. They’ll try lots of ways from these emails, phishing attacks through direct attacks, it’s against your network, connected devices, including the internet of things, devices, and so many businesses, just don’t know what they’re doing.
They haven’t updated some of theirs. Their routers or other devices, and that gets to be a problem. first off, if you are a mid-sized business and you don’t have heavy regulatory requirements, then I read, I really recommend you. Look at Meraki. Very good gear. Auto-updates. You’re going to pay every year.
It isn’t one of these things where you buy it, you set it and forget it. Ron Popeil did not make this router, but that’s how most companies treat the routers and the firewalls. they buy it, they set it and they forget it. The Meraki keeps itself up to date. You pay every year, they maintain the hardware.
If there’s a problem, they’ll replace it. I absolutely love it. That’s what I use for my kind of lower-tier business customers. Now there’s prosumer hardware. You can look at as well, but if you’re a business, really, you start at the Meraki level. If you have real regulations that HIPAA or up, you then have to look at the full Cisco stuff.
So they’ll go after your router at the edge or your firewall at the edge. If you have not patched it, you are now in big trouble and the patch might even just be a fairly recent one that came out. Look at what’s happened again and again, and it happened with Equifax. I think it was six or eight months that patch had been out and they hadn’t applied it yet.
And they got nailed, right? They lost pretty much all of the personal information of everyone in the country, plus Canada, plus some other countries, pretty bad stuff. Thinking what would happen to your business if you were breached and once they get into your network. That’s when bad things can start happening.
But in reality, you usually have a couple of days to, as much as a week, maybe a little bit more 10 days before they start moving laterally within the business. So there will be signed. We’re going to talk about what those signs are, but there will be signs that somebody is messing around with your network.
They may have gotten in at the network edge, cause you haven’t updated or patched your firewall or your router or maybe some other way that they got it. So we’ll be getting to those as soon as we get. Back again, if you miss this, make sure you go online. Craig peterson.com. So you know what some of those signs are, but they basically get a foothold, right?
Think of the world. Then you grab an Island in the Pacific and the new use that as a launching base to continue your tack for out. Yeah. That’s what these guys do and we’re finding more and more. When it comes to ransomware and we’re going to talk about that specifically because ransomware is such a very big problem that they’re doing is probing your network.
So they get in, they start looking around saying, what data do they have? How much might that be? Be worth and then they will ramp up your data, not by encrypting it, but they’ll say, Hey, listen, if you don’t pay up, we’re going to release it to the world. Then you could have some serious problems.
So stick around. We’re going to be right back. We’re going to be getting into these seven signs. I’m about to get hit with ransomware. Cause guess what? We’re already in there. Yeah. You’re listening to Craig Peterson. Thanks for being with me. Stick around. Because we’ll be right back and get my newsletter.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: