SecurityThing – Apex Capital Destroyed By Ransomware – They Thought They Knew What They Were Doing: [03/01/2019]

On This Episode…
It’s Friday! Time for another Security Thing podcast. Craig talked about the Apex Human Capital Management’s ransomware attack.
Share This Episode
For Questions, Call or Text:


Below is a rush transcript of this segment, it might contain errors.

Airing date: 03/01/2019

Apex Capital Destroyed By Ransomware – They Thought They Knew What They Were Doing

Craig Peterson 0:00
Hey everybody. Craig Peterson here. We got a Security Thing today I want to talk about and this is a company called Apex Human Capital Management. You are just not going to believe this. Now I’ve been telling you for ever and if you’re part of my master course I’ve gone through in some detail the best way to protect yourself your business from these extortionists that are running these ransomware attacks against us? Well, Mama in this case this happened February 19, 2019.

So a week ago at least from the time I’m recording this and man did they get nailed now they were pretty proud of themselves over there because they just put in place a let me see if I can get it exactly. There’s a quote from them: “We had just recently completed a pretty state of the art disaster recovery plan off site and out of state that was mirroring our live system.” Well, a real security expert would tell you that you are an idiot if you think that that sort of backup is going to protect you from ransomware. Mirroring a live system is great for having your power go out. For losing a server in your main data center it’s great. Having a storm hit you it’s great a tree fall on your data center, it’s great. Ransomware, you’re dead. Because you are mirroring the ransomware. So once it starts encrypting your systems, guess what is happening. It’s encrypting your live recovery site, whether it’s out of state or in state it doesn’t matter. It’s encrypting your live recovery site. And that’s what backup 3-2-1 is all about. That’s why I teach that. And on top of 3-2-1, I teach grandfather, father and son going back at least three years in most cases, businesses have to go back seven years in order to comply with taxes and if you are a legal firm you really have to go back about 10 years and that’s becoming the standard.

So if they had done what they should have done Roswell, Georgia based Apex Human Capital Management who does payroll for multiple companies looks like they also had the ability to do outsourced leased employees, employee leasing. They have, they service some 350 payroll service bureaus that all that in turn, provide payroll services to small and mid sized businesses completely out of business. They could not carry on business. So Krebs On Security reached out to them for comment and they comment I read you is from their CMO, the chief marketing officer, interestingly enough, right? So they had hired two “outside security firms”. They didn’t hire me, you know, they don’t get where they get these people from. They call themselves a security firm. They put some great quotes on their website, and somehow they get hired. I don’t get it.

But apparently, by February 20, the consensus among all three was that paying the ransom was the fastest way to get back online. So what does Apex do because I always say, Hey, don’t pay the ransom. In fact, you don’t need to pay the ransom because we’ve got you covered. We’ve got the live hot backups, we’ve got multi generational backups, we can go back and restore files that were encrypted and from the last state, in fact, we even do snapshot backups. So we can instantly restore a whole machine to the state before the ransomware started running. And by the way, if you have the right kind of security, you will never get ransomware anyways. It’s almost impossible. And if you do get it, it won’t spread. We just had that last week. We had a client was data exfiltration, the systems automatically noticed it and bam! Shut it down right away. That’s what should be happening, especially with a company like this. Can you imagine how many records they have? They have some 350 payroll service bureaus that use these guys and they’re idiots when it comes to the security obviously, are you kidding me?

So they pay the ransomware and guess what they said they paid the ransom in, “In respect for clients who needed to get their businesses out up and running that was going to be obviously the quicker path”. How about doing it right the first time?

Quote goes on when they encrypt the data that happens really fast. He said, when they gave us the keys to decrypt it, things didn’t go quite as cleanly. One of Apex’s business units, called ACA on demand is still offline. The company is now offering to move customers to a different platform and to train the customers and how to use this other platform. It’s absolutely nuts because when they tried to do the decryption once they paid the ransom, instead of restoring all of the files and folders to their pre-encrypted state to decryption process broke countless file directories and rendered many executable files inoperable causing even more delays.

So this is a company that makes tens of millions of dollars a year they have professional it people on staff professional security people and they don’t get it right. It drives me nuts. If your IT guy says you’re all set. Let’s talk about the reality of the situation. You probably aren’t. Then if your IT guy says there’s no way to stop this, I can’t be 100% sure that we are secure because there’s always a way around it. And he might be trying to be terribly honest because in the way he or she is right. There’s no way to be 100% secure but you can be five nine secure. 99.999% secure and we do it every day. It’s just a shame that this is what we’re seeing out there. So rest in peace, Apex Human Capital Management. They are going to be in for a rough ride as they try and get their business back. Just incredible.

Anyways Take care guys will be back tomorrow with my weekend radio show as well as we put up right here as a podcast you can subscribe by going to I appreciate it when you do that, because it helps to lift our ranking and that helps to make it more available. People know about the show more so by all means, subscribe to the podcast, /iTunes and leave a comment there on the iTunes site. Hopefully I owned a five star review from you. Take care. We’ll be back tomorrow.