WEBVTT

1
00:00:00.040 --> 00:00:03.839
<v Speaker 1>Welcome to another deep dive. This time we're gonna be

2
00:00:03.839 --> 00:00:06.599
<v Speaker 1>taking a look at ransomware. Yeah, you gave us this

3
00:00:06.759 --> 00:00:11.880
<v Speaker 1>excerpt from a book. It's called Preventing Ransomware. Oh wow,

4
00:00:12.039 --> 00:00:13.560
<v Speaker 1>so you know, right off the bat, it sounds like

5
00:00:13.560 --> 00:00:16.280
<v Speaker 1>we're in for a treat. Yeah, but thankfully we have

6
00:00:16.399 --> 00:00:19.239
<v Speaker 1>expert speaker here to help guide us through this.

7
00:00:19.399 --> 00:00:21.000
<v Speaker 2>Happy to be here, all right.

8
00:00:21.079 --> 00:00:24.480
<v Speaker 1>So to kind of set the stage, yeah, the book

9
00:00:24.519 --> 00:00:28.359
<v Speaker 1>takes us back to, you know, the early days of malware. Okay,

10
00:00:28.559 --> 00:00:31.280
<v Speaker 1>you remember, like the I Love You worm? Oh yeah,

11
00:00:31.320 --> 00:00:34.799
<v Speaker 1>you know, looking back now, it almost seems quaint, doesn't it.

12
00:00:34.799 --> 00:00:39.159
<v Speaker 2>It really does. It's like back then, malware was almost playful, right,

13
00:00:39.399 --> 00:00:42.280
<v Speaker 2>you know, I Love You. It would spread through emails

14
00:00:42.399 --> 00:00:45.280
<v Speaker 2>and it would like replace files, but it was mainly

15
00:00:45.359 --> 00:00:49.520
<v Speaker 2>just about disruption. It wasn't really about you know, making money.

16
00:00:49.679 --> 00:00:52.280
<v Speaker 1>Right now it's all about the money exactly. The malware

17
00:00:52.359 --> 00:00:52.960
<v Speaker 1>is all grown up.

18
00:00:53.159 --> 00:00:56.159
<v Speaker 2>Yeah, it's it's matured really very much.

19
00:00:56.200 --> 00:00:59.000
<v Speaker 1>So. So how did we get from like those early

20
00:00:59.079 --> 00:01:00.920
<v Speaker 1>days who just kind of and around to where we

21
00:01:00.920 --> 00:01:01.399
<v Speaker 1>are now?

22
00:01:01.920 --> 00:01:03.640
<v Speaker 2>Well, I think a big part of it is that

23
00:01:03.679 --> 00:01:07.879
<v Speaker 2>shift towards profit, right, Yeah, as online systems became more

24
00:01:07.959 --> 00:01:12.400
<v Speaker 2>and more essential to businesses and individuals. The potential for

25
00:01:12.519 --> 00:01:16.920
<v Speaker 2>financial gain just became too tempting for attackers to resist.

26
00:01:17.120 --> 00:01:19.920
<v Speaker 1>Yeah, it's like they realized, hey, we can actually make

27
00:01:19.959 --> 00:01:22.840
<v Speaker 1>money off of this exactly. So let's talk about like

28
00:01:22.959 --> 00:01:28.760
<v Speaker 1>the different types of ransomware. The book starts with scareware, okay,

29
00:01:28.920 --> 00:01:31.159
<v Speaker 1>which to me feels like the og trickster.

30
00:01:31.359 --> 00:01:35.079
<v Speaker 2>Yeah. Scareware is all about deception, right, and preying on

31
00:01:35.200 --> 00:01:35.840
<v Speaker 2>people's fear.

32
00:01:35.920 --> 00:01:38.599
<v Speaker 1>Yeah, like you know those pop ups that scream your

33
00:01:38.640 --> 00:01:42.280
<v Speaker 1>computer is infected exact click here to download this scanner,

34
00:01:42.359 --> 00:01:45.439
<v Speaker 1>which is like the malware itself.

35
00:01:45.159 --> 00:01:48.480
<v Speaker 2>Or those fake anti virus programs with like really sleek

36
00:01:48.560 --> 00:01:51.920
<v Speaker 2>interfaces that just bombard you with warnings and threats.

37
00:01:52.159 --> 00:01:53.879
<v Speaker 1>I mean, I'm surprised that stuff still works.

38
00:01:54.079 --> 00:01:56.200
<v Speaker 2>Yeah, you'd think people would be more savvy to it,

39
00:01:56.239 --> 00:01:58.200
<v Speaker 2>but you know, there's still plenty of people who aren't

40
00:01:58.280 --> 00:02:01.280
<v Speaker 2>as tech savvy. Ye, you know, maybe older users or

41
00:02:01.439 --> 00:02:05.120
<v Speaker 2>just anyone who like panics easily when they see technical jargon,

42
00:02:05.879 --> 00:02:10.039
<v Speaker 2>they might not realize that legitimate security software doesn't use

43
00:02:10.120 --> 00:02:11.800
<v Speaker 2>those kinds of aggressive tactics.

44
00:02:12.000 --> 00:02:15.439
<v Speaker 1>Yeah, yeah, so what about screen lockers?

45
00:02:15.759 --> 00:02:17.280
<v Speaker 2>Oh, those are interesting.

46
00:02:17.360 --> 00:02:20.319
<v Speaker 1>Those just like lock you out of your device until

47
00:02:20.319 --> 00:02:20.719
<v Speaker 1>you pay.

48
00:02:21.080 --> 00:02:25.240
<v Speaker 2>Yeah. Essentially, they hold your device hostage and they display

49
00:02:25.319 --> 00:02:28.479
<v Speaker 2>this message demanding payment to unlock it.

50
00:02:28.680 --> 00:02:30.319
<v Speaker 1>Right. Have you ever encountered one of those?

51
00:02:30.759 --> 00:02:33.800
<v Speaker 2>I haven't personally, but I know people who have. Yeah,

52
00:02:33.840 --> 00:02:37.159
<v Speaker 2>and the early versions were pretty simple, but they've gotten

53
00:02:37.199 --> 00:02:38.680
<v Speaker 2>a lot more sophisticated over time.

54
00:02:38.800 --> 00:02:39.759
<v Speaker 1>Oh really. Yeah.

55
00:02:39.800 --> 00:02:43.520
<v Speaker 2>Some of them even mimic like official notices from law enforcement.

56
00:02:43.639 --> 00:02:46.360
<v Speaker 2>Oh wow, to really amp up that fear factor.

57
00:02:46.520 --> 00:02:49.039
<v Speaker 1>That's scary. But the book did mention there might be

58
00:02:49.080 --> 00:02:50.639
<v Speaker 1>ways to like outsmart them.

59
00:02:50.879 --> 00:02:53.319
<v Speaker 2>Yeah, depending on the complexity of the locker, there are

60
00:02:53.400 --> 00:02:58.599
<v Speaker 2>potential workarounds like booting into safe mode or using system

61
00:02:58.639 --> 00:03:01.879
<v Speaker 2>restore points. You know, those aren't always guaranteed to work.

62
00:03:02.000 --> 00:03:05.599
<v Speaker 1>Yeah, right, right. But now let's get to like the

63
00:03:05.680 --> 00:03:11.560
<v Speaker 1>really serious stuff crypto ransomware. Okay, this is where things

64
00:03:11.599 --> 00:03:16.919
<v Speaker 1>get like really interesting and terrifying and terrifying. Yeah yeah, So,

65
00:03:17.120 --> 00:03:19.520
<v Speaker 1>I mean what makes crypto ransomware so different?

66
00:03:19.680 --> 00:03:22.479
<v Speaker 2>Well, it's the use of advanced encryption. It's like a

67
00:03:22.599 --> 00:03:24.800
<v Speaker 2>digital thief changing the locks.

68
00:03:24.520 --> 00:03:26.800
<v Speaker 1>On your house and then demanding a ransom for the

69
00:03:26.879 --> 00:03:29.800
<v Speaker 1>key exactly, And even if you pay the ransom.

70
00:03:29.400 --> 00:03:31.120
<v Speaker 2>There's no guarantee you'll actually get.

71
00:03:30.960 --> 00:03:33.319
<v Speaker 1>Your data back, right, You're trusting criminals to keep.

72
00:03:33.159 --> 00:03:35.919
<v Speaker 2>Their word, and criminals aren't exactly known for their honesty.

73
00:03:36.159 --> 00:03:40.039
<v Speaker 1>Yeah. Good point. So how does this encryption like actually work.

74
00:03:40.199 --> 00:03:43.280
<v Speaker 2>Well, a lot of them use a combination of symmetric

75
00:03:43.319 --> 00:03:47.319
<v Speaker 2>and asymmetric encryption. Okay, think of it as a double lock. Okay,

76
00:03:47.360 --> 00:03:50.719
<v Speaker 2>So they generate a unique key for each file, right,

77
00:03:50.840 --> 00:03:53.360
<v Speaker 2>and then they encrypt that key with a master key

78
00:03:53.400 --> 00:03:54.520
<v Speaker 2>that only they have.

79
00:03:54.840 --> 00:03:55.919
<v Speaker 1>Okay, I'm already lost.

80
00:03:56.159 --> 00:03:57.120
<v Speaker 2>Complicated stuff.

81
00:03:57.199 --> 00:03:59.479
<v Speaker 1>Yeah, maybe it'll help if we like look at some

82
00:03:59.520 --> 00:04:02.719
<v Speaker 1>real world examples. The book starts with jeep Code, which

83
00:04:02.800 --> 00:04:06.240
<v Speaker 1>was like one of the early ransomware players.

84
00:04:06.360 --> 00:04:09.520
<v Speaker 2>Yeah. Jeepode is a good example of how ransomware has evolved.

85
00:04:09.680 --> 00:04:09.960
<v Speaker 1>Okoy.

86
00:04:10.199 --> 00:04:12.919
<v Speaker 2>It used a relatively weak encryption.

87
00:04:12.639 --> 00:04:14.520
<v Speaker 1>Algorithm, so it wasn't that sophisticated.

88
00:04:14.680 --> 00:04:17.120
<v Speaker 2>Not really. No, In fact, some victims are actually able

89
00:04:17.160 --> 00:04:21.680
<v Speaker 2>to decrypt their files without paying the ransom. Oh really Yeah,

90
00:04:21.720 --> 00:04:24.519
<v Speaker 2>and it also left traces on the system, which made

91
00:04:24.560 --> 00:04:25.920
<v Speaker 2>it easier to track.

92
00:04:26.279 --> 00:04:28.720
<v Speaker 1>So not exactly master criminals at.

93
00:04:28.600 --> 00:04:29.959
<v Speaker 2>This point, No, not quite.

94
00:04:30.040 --> 00:04:32.040
<v Speaker 1>The jeep code was kind of a stepping stone.

95
00:04:31.839 --> 00:04:34.800
<v Speaker 2>Right, Yeah, it paved the way for more sophisticated attacks

96
00:04:34.959 --> 00:04:36.920
<v Speaker 2>like crypto locker. Exactly.

97
00:04:37.199 --> 00:04:38.839
<v Speaker 1>That one was a big deal, wasn't it.

98
00:04:38.839 --> 00:04:39.720
<v Speaker 2>It really was.

99
00:04:39.720 --> 00:04:42.800
<v Speaker 1>Strong encryption, Bitcoin payments, the whole nine yards.

100
00:04:43.040 --> 00:04:45.360
<v Speaker 2>It was a whole new level of.

101
00:04:45.439 --> 00:04:47.480
<v Speaker 1>Threat and it's spread like crazy.

102
00:04:47.560 --> 00:04:50.959
<v Speaker 2>Yeah. It mainly spread through phishing emails, okay, disguised as

103
00:04:50.959 --> 00:04:54.319
<v Speaker 2>messages from legitimate companies like FedEx or ups.

104
00:04:54.600 --> 00:04:57.879
<v Speaker 1>So you would open an attachment and boom, your data

105
00:04:57.959 --> 00:04:58.480
<v Speaker 1>is locked down.

106
00:04:58.639 --> 00:04:59.199
<v Speaker 2>Exactly.

107
00:04:59.560 --> 00:05:02.360
<v Speaker 1>That a trick of tricking people into clicking.

108
00:05:02.040 --> 00:05:05.680
<v Speaker 2>On things they should It's amazing how effective it still is. Yeah,

109
00:05:05.720 --> 00:05:09.079
<v Speaker 2>social engineering remains one of the most powerful tools in

110
00:05:09.160 --> 00:05:10.399
<v Speaker 2>the ransomware.

111
00:05:09.959 --> 00:05:13.800
<v Speaker 1>Arsenal Right, So from g code to crypto locker, we're

112
00:05:14.199 --> 00:05:18.399
<v Speaker 1>seeing this trend towards more sophisticated tactics, and then comes

113
00:05:18.439 --> 00:05:21.839
<v Speaker 1>crypto wall, right, which the book describes as like almost

114
00:05:21.839 --> 00:05:23.839
<v Speaker 1>treating ransomware like a legitimate business.

115
00:05:24.000 --> 00:05:27.920
<v Speaker 2>It's fascinating, isn't it. Yeah, they had version updates, support systems,

116
00:05:28.000 --> 00:05:28.800
<v Speaker 2>the whole works.

117
00:05:28.879 --> 00:05:32.079
<v Speaker 1>Wait, support systems like they would actually help their victims

118
00:05:32.120 --> 00:05:32.800
<v Speaker 1>pay the ransom.

119
00:05:33.240 --> 00:05:35.279
<v Speaker 2>It sounds crazy, but yeah, that's.

120
00:05:35.199 --> 00:05:37.800
<v Speaker 1>Kind of messed up, it is, But I guess it makes.

121
00:05:37.639 --> 00:05:40.759
<v Speaker 2>Sense, right, Yeah, the smoother the payment process, the more

122
00:05:40.879 --> 00:05:42.000
<v Speaker 2>likely victims are to.

123
00:05:42.000 --> 00:05:44.199
<v Speaker 1>Pay, right, So it's all about maximizing profit.

124
00:05:44.360 --> 00:05:47.079
<v Speaker 2>It's a twisted kind of customer service.

125
00:05:47.160 --> 00:05:49.680
<v Speaker 1>Yeah, very twisted. Yeah. And then of course there was Lockie,

126
00:05:49.720 --> 00:05:52.439
<v Speaker 1>which was like a master of disguise.

127
00:05:52.720 --> 00:05:56.480
<v Speaker 2>Oh yeah. Lockie was constantly changing its tactics right to

128
00:05:56.519 --> 00:05:59.000
<v Speaker 2>stay ahead of security measures, so it was really.

129
00:05:58.759 --> 00:06:01.399
<v Speaker 1>Hard to detect. And then we have Serber, which would

130
00:06:01.399 --> 00:06:03.800
<v Speaker 1>actually play audio messages demanding payment.

131
00:06:04.199 --> 00:06:06.240
<v Speaker 2>I know, it's like something out of a horror.

132
00:06:05.959 --> 00:06:09.600
<v Speaker 1>Movie, right, it's just adding insult to injury exactly. And

133
00:06:09.639 --> 00:06:13.040
<v Speaker 1>the book also mentioned that Serber used configuration files to

134
00:06:13.160 --> 00:06:14.240
<v Speaker 1>adapt its behavior.

135
00:06:14.439 --> 00:06:17.959
<v Speaker 2>Yeah. Those configuration files allowed the attackers to modify Serber

136
00:06:18.000 --> 00:06:20.800
<v Speaker 2>without having to rewrite the entire code, so.

137
00:06:20.759 --> 00:06:24.079
<v Speaker 1>They can easily change things like the ransom amount or

138
00:06:24.120 --> 00:06:24.839
<v Speaker 1>the files they.

139
00:06:24.759 --> 00:06:27.360
<v Speaker 2>Were targeting, exactly, and made it a very flexible and

140
00:06:27.399 --> 00:06:28.319
<v Speaker 2>adaptable threat.

141
00:06:28.879 --> 00:06:32.720
<v Speaker 1>All right. So we've talked about scareware, screen lockers, and

142
00:06:33.000 --> 00:06:37.399
<v Speaker 1>this whole world of crypto ransomware, but the book also

143
00:06:37.439 --> 00:06:41.000
<v Speaker 1>mentions another category, boot ransomware.

144
00:06:41.199 --> 00:06:45.040
<v Speaker 2>Oh yeah, those are nasty like petya.

145
00:06:45.680 --> 00:06:47.720
<v Speaker 1>So what makes boot ransomware different.

146
00:06:47.480 --> 00:06:51.079
<v Speaker 2>Well, boot ransomware targets the master boot record or MBR,

147
00:06:51.560 --> 00:06:54.319
<v Speaker 2>which is basically what's needed to start your computer. So

148
00:06:54.439 --> 00:06:57.560
<v Speaker 2>by infecting the NBR, Petya could lock down your entire

149
00:06:57.600 --> 00:07:00.560
<v Speaker 2>system before Windows even had a chance to load. Oh wow,

150
00:07:00.639 --> 00:07:02.920
<v Speaker 2>which made it incredibly difficult to remove.

151
00:07:03.040 --> 00:07:04.920
<v Speaker 1>So you turn on your computer, yeah, and instead of

152
00:07:04.959 --> 00:07:06.399
<v Speaker 1>seeing your desktop, you'd.

153
00:07:06.279 --> 00:07:07.160
<v Speaker 2>Get a ransom note.

154
00:07:07.759 --> 00:07:10.560
<v Speaker 1>Yeah, that's a nightmare, it is. Okay, we've covered a

155
00:07:10.560 --> 00:07:13.079
<v Speaker 1>lot of ground here, we have. I'm already feeling a

156
00:07:13.120 --> 00:07:14.040
<v Speaker 1>little overwhelmed.

157
00:07:14.040 --> 00:07:16.560
<v Speaker 2>It's a lot to take in, I know, but you know,

158
00:07:16.920 --> 00:07:20.839
<v Speaker 2>understanding these threats is the first step to protecting.

159
00:07:20.480 --> 00:07:23.079
<v Speaker 1>Yourself, right, well said, I think we need a moment

160
00:07:23.120 --> 00:07:25.639
<v Speaker 1>to just like digest all this before we move on.

161
00:07:25.800 --> 00:07:26.800
<v Speaker 2>Yeah, good idea.

162
00:07:26.879 --> 00:07:28.959
<v Speaker 1>All right, let's pick up where we left off, and

163
00:07:29.000 --> 00:07:30.360
<v Speaker 1>I think it's time to talk about a couple of

164
00:07:30.439 --> 00:07:32.519
<v Speaker 1>names that you know, really shook things up in the

165
00:07:32.519 --> 00:07:35.879
<v Speaker 1>world of ransomware. Want to Cry and not Patya.

166
00:07:36.079 --> 00:07:37.720
<v Speaker 2>Yeah, those were game changers.

167
00:07:37.800 --> 00:07:40.279
<v Speaker 1>What made them so different from you know, everything else

168
00:07:40.279 --> 00:07:41.000
<v Speaker 1>we've talked about.

169
00:07:41.000 --> 00:07:45.160
<v Speaker 2>Well, Want to Cry back in twenty seventeen, really exposed

170
00:07:45.160 --> 00:07:47.360
<v Speaker 2>how vulnerable a lot of systems were.

171
00:07:47.560 --> 00:07:51.639
<v Speaker 1>The book called it a global panic inducer, and I remember,

172
00:07:51.759 --> 00:07:55.600
<v Speaker 1>I mean it was everywhere. It was hospitals, businesses, governments.

173
00:07:56.240 --> 00:07:57.680
<v Speaker 1>Nobody seemed to be immune to it.

174
00:07:57.920 --> 00:08:01.319
<v Speaker 2>And that's because it exploited this vulnerability and a system

175
00:08:01.399 --> 00:08:03.680
<v Speaker 2>that was used for file sharing.

176
00:08:03.560 --> 00:08:05.319
<v Speaker 1>So it spread really easily.

177
00:08:05.279 --> 00:08:07.360
<v Speaker 2>Yeah, like wildfire through networks.

178
00:08:07.480 --> 00:08:09.000
<v Speaker 1>And I guess that's you know, one of the things

179
00:08:09.040 --> 00:08:09.680
<v Speaker 1>that made it so.

180
00:08:09.720 --> 00:08:13.800
<v Speaker 2>Scary, right, it showed how interconnected our digital world is yea,

181
00:08:14.000 --> 00:08:16.439
<v Speaker 2>and how vulnerable we can be because of it.

182
00:08:16.879 --> 00:08:18.959
<v Speaker 1>And one of the reasons it spread so quickly, as

183
00:08:19.000 --> 00:08:22.000
<v Speaker 1>I understand it was this self spreading mechanism.

184
00:08:22.120 --> 00:08:25.800
<v Speaker 2>Yeah, once it infected one system, it could automatically jump

185
00:08:25.879 --> 00:08:29.279
<v Speaker 2>to other vulnerable computers on the same network.

186
00:08:29.279 --> 00:08:31.160
<v Speaker 1>So no human interaction required.

187
00:08:31.279 --> 00:08:33.559
<v Speaker 2>Nope, it was like a digital contagion.

188
00:08:33.360 --> 00:08:35.360
<v Speaker 1>Just hopping from system to system.

189
00:08:35.159 --> 00:08:38.279
<v Speaker 2>Exactly, and that made it incredibly difficult to contain.

190
00:08:38.600 --> 00:08:40.600
<v Speaker 1>Yeah, by the time you realized you were infected, it

191
00:08:40.639 --> 00:08:42.960
<v Speaker 1>could have already spread to who knows how many other

192
00:08:42.960 --> 00:08:46.480
<v Speaker 1>systems exactly, So want to cry was bad enough. But

193
00:08:46.519 --> 00:08:49.600
<v Speaker 1>then there's not Petya, which from what I read, wasn't

194
00:08:49.600 --> 00:08:51.159
<v Speaker 1>even really about making money.

195
00:08:50.879 --> 00:08:53.360
<v Speaker 2>That's right, Not Petya was much more destructive. Yeah, it

196
00:08:53.399 --> 00:08:56.080
<v Speaker 2>was a wiper disguised as ransomware.

197
00:08:55.840 --> 00:08:57.840
<v Speaker 1>So its goal was to destroy.

198
00:08:57.559 --> 00:08:59.919
<v Speaker 2>Data exactly, not hold it hosted.

199
00:09:00.279 --> 00:09:01.240
<v Speaker 1>That's just malicious.

200
00:09:01.320 --> 00:09:03.960
<v Speaker 2>It was a very targeted and malicious attack.

201
00:09:04.320 --> 00:09:07.039
<v Speaker 1>The book mentions how it went after the master file table,

202
00:09:07.480 --> 00:09:11.360
<v Speaker 1>which honestly I don't fully understand. It's pretty technical, but

203
00:09:11.399 --> 00:09:14.360
<v Speaker 1>the end result was basically mass chaos and damage.

204
00:09:14.440 --> 00:09:17.799
<v Speaker 2>Right, Yes, yes, not Petia caused a lot of damage

205
00:09:17.840 --> 00:09:20.519
<v Speaker 2>to businesses and organizations around the world.

206
00:09:20.279 --> 00:09:22.639
<v Speaker 1>And it's spread using similar techniques as want to Cry.

207
00:09:22.840 --> 00:09:25.879
<v Speaker 2>Right, Yeah, it exploited the same vulnerability, but its intent

208
00:09:26.039 --> 00:09:27.360
<v Speaker 2>was purely destructive.

209
00:09:28.279 --> 00:09:33.440
<v Speaker 1>So we've seen how ransomware has evolved from those early

210
00:09:33.519 --> 00:09:36.600
<v Speaker 1>days to these global threats like want to Cry and

211
00:09:36.679 --> 00:09:40.000
<v Speaker 1>not Pettia, and it's pretty clear that there's a serious

212
00:09:40.000 --> 00:09:41.120
<v Speaker 1>problem that's not going.

213
00:09:40.879 --> 00:09:42.200
<v Speaker 2>Away, not anytime soon.

214
00:09:42.440 --> 00:09:44.559
<v Speaker 1>So let's shift gears a little bit and talk about

215
00:09:44.559 --> 00:09:48.240
<v Speaker 1>how these attacks actually happen. How does ransomware get into

216
00:09:48.279 --> 00:09:49.399
<v Speaker 1>our systems in the first place.

217
00:09:49.519 --> 00:09:52.559
<v Speaker 2>That's a great question because understanding the methods of attack

218
00:09:52.720 --> 00:09:55.440
<v Speaker 2>is the first step to defending yourself, right, and one

219
00:09:55.440 --> 00:09:58.399
<v Speaker 2>of the most common ways ransomware gets in is through phishing.

220
00:09:58.639 --> 00:10:01.879
<v Speaker 1>Fishing, that classic attack of tricking people into clicking on

221
00:10:01.960 --> 00:10:05.559
<v Speaker 1>malicious links or opening infected attachments exactly. You know, it's

222
00:10:05.559 --> 00:10:08.399
<v Speaker 1>been around foreverything else, but it's still incredibly effective.

223
00:10:08.559 --> 00:10:09.440
<v Speaker 2>Why do you think that is?

224
00:10:09.879 --> 00:10:11.840
<v Speaker 1>I mean, I guess it just plays on our human nature.

225
00:10:11.679 --> 00:10:15.799
<v Speaker 2>Right, Exactly. It exploits our emotions fear, urgency, curiosity.

226
00:10:15.879 --> 00:10:18.799
<v Speaker 1>Right. So the attackers will create these emails that look

227
00:10:18.879 --> 00:10:21.440
<v Speaker 1>like they're from a bank, or a government agency, or.

228
00:10:21.399 --> 00:10:23.000
<v Speaker 2>Even a trusted colleague.

229
00:10:22.840 --> 00:10:24.080
<v Speaker 1>Yeah, someone you know and trust.

230
00:10:24.200 --> 00:10:25.559
<v Speaker 2>Right. It's all about social.

231
00:10:25.240 --> 00:10:28.960
<v Speaker 1>Engineering, manipulating people into letting their guard down exactly. So

232
00:10:29.080 --> 00:10:31.320
<v Speaker 1>are there any red flags like things we can look

233
00:10:31.360 --> 00:10:34.399
<v Speaker 1>out for to avoid falling victim to these phishing scams?

234
00:10:34.879 --> 00:10:39.919
<v Speaker 2>Absolutely? First and foremost, be wary of any unsolicited emails.

235
00:10:39.679 --> 00:10:42.919
<v Speaker 1>Like if you weren't expecting it, be suspicious.

236
00:10:42.399 --> 00:10:45.120
<v Speaker 2>Right, especially those that create a sense of urgency or

237
00:10:45.480 --> 00:10:47.000
<v Speaker 2>pressure you to act quickly.

238
00:10:47.320 --> 00:10:49.080
<v Speaker 1>Oh yeah, those are always a red flag.

239
00:10:49.279 --> 00:10:51.879
<v Speaker 2>Right. Also, take a moment to really look at the

240
00:10:51.919 --> 00:10:57.720
<v Speaker 2>sender's email address. M hmmm, are there any misspellings inconsistencies?

241
00:10:58.399 --> 00:11:00.639
<v Speaker 1>And don't click on any links and ntil you've hovered

242
00:11:00.639 --> 00:11:02.320
<v Speaker 1>over them to see the actual URL.

243
00:11:02.519 --> 00:11:04.440
<v Speaker 2>Yeah, if it looks suspicious, don't click.

244
00:11:04.639 --> 00:11:07.960
<v Speaker 1>Okay, good advice. But it's not just fishing, right.

245
00:11:08.200 --> 00:11:12.440
<v Speaker 2>No, there are other ways ransomware can get in, like what, well,

246
00:11:12.440 --> 00:11:14.399
<v Speaker 2>they're these things called exploit kits.

247
00:11:14.840 --> 00:11:16.120
<v Speaker 1>Exploit kits, what are those?

248
00:11:16.240 --> 00:11:21.919
<v Speaker 2>They're basically automated tools that scan for vulnerabilities in your software, okay,

249
00:11:22.120 --> 00:11:26.000
<v Speaker 2>and then deliver tailored exploits to take advantage of those weaknesses.

250
00:11:26.279 --> 00:11:29.279
<v Speaker 1>So it's like they're scanning your system for any cracks

251
00:11:29.320 --> 00:11:29.919
<v Speaker 1>in your armor.

252
00:11:30.200 --> 00:11:31.240
<v Speaker 2>That's a good way to put it.

253
00:11:31.200 --> 00:11:33.960
<v Speaker 1>And then they exploit those cracks exactly. And these exploit

254
00:11:34.039 --> 00:11:36.639
<v Speaker 1>kits they're constantly evolving, right they are.

255
00:11:36.759 --> 00:11:41.039
<v Speaker 2>They're always incorporating new exploits as vulnerabilities are discovered.

256
00:11:41.320 --> 00:11:43.639
<v Speaker 1>So it's like an arms race, it is between the

257
00:11:43.679 --> 00:11:45.480
<v Speaker 1>attackers and the defenders exactly.

258
00:11:45.519 --> 00:11:49.120
<v Speaker 2>And that's why it's so important to keep your software updated, right.

259
00:11:49.200 --> 00:11:52.799
<v Speaker 1>Those updates, those pesky updates that we all hate, but

260
00:11:52.879 --> 00:11:56.240
<v Speaker 1>they're crucial. They're not just about new features. They're often

261
00:11:56.399 --> 00:11:58.759
<v Speaker 1>patching those vulnerabilities.

262
00:11:58.039 --> 00:11:59.919
<v Speaker 2>Right, the ones that could be exploited by rants.

263
00:12:00.720 --> 00:12:03.799
<v Speaker 1>So update your software people, please, It could save you

264
00:12:03.879 --> 00:12:04.679
<v Speaker 1>a lot of trouble.

265
00:12:05.200 --> 00:12:05.600
<v Speaker 2>It could.

266
00:12:05.720 --> 00:12:07.759
<v Speaker 1>And then there's another way ransomware can get in.

267
00:12:08.279 --> 00:12:09.799
<v Speaker 2>There is that's.

268
00:12:09.639 --> 00:12:11.919
<v Speaker 1>Even more passive. These drive by downloads.

269
00:12:12.000 --> 00:12:13.759
<v Speaker 2>Oh, drive by downloads, Yeah, those.

270
00:12:13.600 --> 00:12:15.559
<v Speaker 1>Are scary one of those exactly.

271
00:12:15.639 --> 00:12:20.039
<v Speaker 2>Well. Imagine you're visiting a website. Okay, seems harmless enough, right, Yeah,

272
00:12:20.080 --> 00:12:24.240
<v Speaker 2>You're browsing for information, maybe shopping online, and suddenly, without

273
00:12:24.279 --> 00:12:28.159
<v Speaker 2>even clicking on anything, your computer's infected with ransomware.

274
00:12:28.440 --> 00:12:31.240
<v Speaker 1>Wait what I thought you had to download something or

275
00:12:31.240 --> 00:12:34.120
<v Speaker 1>click on a link. Not always, that's terrifying.

276
00:12:34.440 --> 00:12:34.960
<v Speaker 2>It can be.

277
00:12:35.240 --> 00:12:37.200
<v Speaker 1>So just visiting a website can.

278
00:12:37.120 --> 00:12:40.039
<v Speaker 2>Be risky to a certain extent.

279
00:12:40.159 --> 00:12:43.480
<v Speaker 1>Yes, but there are ways to mitigate these risks, right, absolutely.

280
00:12:43.559 --> 00:12:48.279
<v Speaker 2>It's all about understanding the threats, yeah, and taking appropriate precautions.

281
00:12:48.480 --> 00:12:51.519
<v Speaker 1>Okay, so let's talk about those precautions. All right, what

282
00:12:51.559 --> 00:12:55.440
<v Speaker 1>can we do to protect ourselves from this ever evolving

283
00:12:55.519 --> 00:12:56.639
<v Speaker 1>threat of ransomware.

284
00:12:56.960 --> 00:12:59.919
<v Speaker 2>Well, let's start with the basics. Operating system hardening.

285
00:13:00.320 --> 00:13:02.159
<v Speaker 1>Operating system hardening, what's that?

286
00:13:02.720 --> 00:13:05.240
<v Speaker 2>It might sound complicated, yeah, but it's really just about

287
00:13:05.240 --> 00:13:08.600
<v Speaker 2>making your system less vulnerable to attack. Okay, So this

288
00:13:08.679 --> 00:13:10.519
<v Speaker 2>includes things like disabling.

289
00:13:10.039 --> 00:13:11.320
<v Speaker 1>Auto un auto run.

290
00:13:11.360 --> 00:13:15.000
<v Speaker 2>What does that do that prevents programs from automatically launching

291
00:13:15.039 --> 00:13:19.399
<v Speaker 2>from external devices. Oh yeah, you should also use strong passwords.

292
00:13:18.919 --> 00:13:20.480
<v Speaker 1>Right, passwords that are hard.

293
00:13:20.360 --> 00:13:23.639
<v Speaker 2>To guess exactly, And of course keep your system patched

294
00:13:23.639 --> 00:13:25.159
<v Speaker 2>with the latest security updates.

295
00:13:25.240 --> 00:13:26.679
<v Speaker 1>Those pesky updates.

296
00:13:26.320 --> 00:13:28.559
<v Speaker 2>Again, I know, but they're important, right.

297
00:13:28.600 --> 00:13:31.039
<v Speaker 1>All right, So we've got the basics covered. But what

298
00:13:31.120 --> 00:13:34.639
<v Speaker 1>about antivirus software. Isn't that enough to protect us?

299
00:13:34.720 --> 00:13:38.200
<v Speaker 2>Anti virus is important. Yeah, it's a key layer of defense,

300
00:13:38.480 --> 00:13:40.360
<v Speaker 2>but it's not a fool proof solution.

301
00:13:40.600 --> 00:13:43.240
<v Speaker 1>So it's not like a magic shield that will block everything.

302
00:13:43.440 --> 00:13:44.559
<v Speaker 2>No, unfortunately not.

303
00:13:44.759 --> 00:13:45.080
<v Speaker 1>Why not?

304
00:13:45.519 --> 00:13:50.559
<v Speaker 2>Well, traditional antivirus relies on signatures to detect known threats, okay.

305
00:13:50.919 --> 00:13:54.840
<v Speaker 2>And while that can be effective against some ransomware variants, yeah,

306
00:13:55.080 --> 00:13:59.279
<v Speaker 2>more sophisticated attackers can evade signature based detection.

307
00:13:59.399 --> 00:14:02.960
<v Speaker 1>So they find ways to sneak past the antivirus exactly.

308
00:14:03.559 --> 00:14:06.639
<v Speaker 1>But the book does talk about how antivirus has evolved

309
00:14:06.879 --> 00:14:09.919
<v Speaker 1>to try and combat these more advanced threats. It has like,

310
00:14:10.000 --> 00:14:12.159
<v Speaker 1>what are some of the things that antivirus is doing

311
00:14:12.200 --> 00:14:14.120
<v Speaker 1>now to keep up with the bad guys.

312
00:14:14.440 --> 00:14:19.840
<v Speaker 2>Well, modern antivirus solutions are incorporating more sophisticated techniques, okay,

313
00:14:20.080 --> 00:14:24.399
<v Speaker 2>like heuristics, which involves analyzing code for suspicious patterns, okay,

314
00:14:24.440 --> 00:14:28.840
<v Speaker 2>and behavioral analysis, which monitors how programs behave on your system.

315
00:14:28.960 --> 00:14:32.039
<v Speaker 1>So it's not just about looking for specific files anymore.

316
00:14:31.759 --> 00:14:35.159
<v Speaker 2>Right, it's about recognizing patterns and behaviors that might indicate

317
00:14:35.480 --> 00:14:36.480
<v Speaker 2>malicious intent.

318
00:14:36.840 --> 00:14:38.879
<v Speaker 1>So it's like they're trying to think like the attackers

319
00:14:38.919 --> 00:14:42.559
<v Speaker 1>in a way. And in addition to antivirus, Windows itself

320
00:14:42.639 --> 00:14:45.960
<v Speaker 1>has built in security features that can help protect against ransomware.

321
00:14:46.120 --> 00:14:49.399
<v Speaker 2>Yeah, there are some really useful features like what. Well,

322
00:14:49.720 --> 00:14:54.480
<v Speaker 2>there's DP, which stands for Data Execution Prevention that prevents

323
00:14:54.519 --> 00:14:56.960
<v Speaker 2>code from being executed in areas of memory that are

324
00:14:57.000 --> 00:14:57.960
<v Speaker 2>meant for data.

325
00:14:57.759 --> 00:14:59.960
<v Speaker 1>Storage, all right, and that helps how.

326
00:15:00.039 --> 00:15:03.519
<v Speaker 2>It makes it harder for exploits to target key system components.

327
00:15:03.600 --> 00:15:04.799
<v Speaker 1>Okay. And there's another one.

328
00:15:04.720 --> 00:15:07.720
<v Speaker 2>Right, Yeah, there's ASLR, which stands for a dress space

329
00:15:07.799 --> 00:15:12.679
<v Speaker 2>layout Randomization Address space layout what randomization. It basically makes

330
00:15:12.720 --> 00:15:16.200
<v Speaker 2>it more difficult for exploits to find and target specific

331
00:15:16.240 --> 00:15:17.279
<v Speaker 2>memory locations.

332
00:15:17.600 --> 00:15:19.639
<v Speaker 1>So it's like they're constantly moving the target.

333
00:15:20.039 --> 00:15:21.600
<v Speaker 2>Yeah, that's a good way to think about it.

334
00:15:21.639 --> 00:15:23.320
<v Speaker 1>So I'm guessing it's a good idea to keep these

335
00:15:23.320 --> 00:15:24.600
<v Speaker 1>features enabled.

336
00:15:24.360 --> 00:15:26.320
<v Speaker 2>Absolutely they add an extra layer of protection.

337
00:15:26.480 --> 00:15:29.679
<v Speaker 1>Okay, good to know. And if you're using Windows eight

338
00:15:29.799 --> 00:15:32.240
<v Speaker 1>or later, there's another feature called secure boot.

339
00:15:32.639 --> 00:15:34.559
<v Speaker 2>Oh yeah, secure boot is great.

340
00:15:34.960 --> 00:15:36.200
<v Speaker 1>What does that do well?

341
00:15:36.200 --> 00:15:39.879
<v Speaker 2>It's designed to prevent attacks that target the boot process

342
00:15:40.120 --> 00:15:43.480
<v Speaker 2>like petya exactly. It verifies the integrity of the bootloader,

343
00:15:43.480 --> 00:15:46.600
<v Speaker 2>which is the program that starts your operating system. So

344
00:15:46.639 --> 00:15:50.559
<v Speaker 2>it makes sure that only trusted software is loaded during startup.

345
00:15:50.840 --> 00:15:53.120
<v Speaker 1>So it's like having a bouncer at the door checking

346
00:15:53.159 --> 00:15:56.879
<v Speaker 1>IDs to make sure only authorize guests get in exactly.

347
00:15:57.039 --> 00:15:59.960
<v Speaker 1>And speaking of gatekeepers, we can't forget about.

348
00:15:59.720 --> 00:16:02.360
<v Speaker 2>Fire Oh yeah, firewalls are essential.

349
00:16:02.840 --> 00:16:05.200
<v Speaker 1>Everyone's heard of them, right, but I'm not sure everyone

350
00:16:05.279 --> 00:16:07.519
<v Speaker 1>understands how they actually work. Well.

351
00:16:07.879 --> 00:16:11.200
<v Speaker 2>They act as a barrier between your computer or network

352
00:16:11.360 --> 00:16:15.960
<v Speaker 2>and the outside world, monitor and control network traffic, blocking

353
00:16:16.000 --> 00:16:21.440
<v Speaker 2>incoming connections from suspicious sources and preventing unauthorized access to

354
00:16:21.480 --> 00:16:22.039
<v Speaker 2>your system.

355
00:16:22.600 --> 00:16:27.279
<v Speaker 1>So they're basically filtering traffic based on certain rules exactly.

356
00:16:26.840 --> 00:16:29.960
<v Speaker 2>Like who's allowed to connect and what ports they can use.

357
00:16:30.279 --> 00:16:33.080
<v Speaker 1>So they're like a security checkpoint inspecting the traffic.

358
00:16:33.120 --> 00:16:34.159
<v Speaker 2>That's a good analogy.

359
00:16:34.720 --> 00:16:37.960
<v Speaker 1>The book talks about different types of firewalls. Yeah, network

360
00:16:38.000 --> 00:16:41.200
<v Speaker 1>firewalls and host based firewalls. What's the difference.

361
00:16:41.360 --> 00:16:45.000
<v Speaker 2>Well, a network firewall protects your entire network, okay, it

362
00:16:45.039 --> 00:16:48.320
<v Speaker 2>filters traffic between your internal network and the outside world.

363
00:16:48.519 --> 00:16:50.519
<v Speaker 1>So it's like having a security guard at the entrance

364
00:16:50.559 --> 00:16:53.679
<v Speaker 1>to your building exactly, checking everyone who comes in and out.

365
00:16:54.080 --> 00:16:55.840
<v Speaker 1>And a host based firewall.

366
00:16:55.480 --> 00:16:58.919
<v Speaker 2>That's installed on your individual computer so it protects that

367
00:16:58.960 --> 00:16:59.960
<v Speaker 2>specific device.

368
00:17:00.080 --> 00:17:02.840
<v Speaker 1>So it's like having a personal bodyguard exactly. So having

369
00:17:02.879 --> 00:17:06.480
<v Speaker 1>both types of firewalls is ideal. Ideally, Yeah, it provides

370
00:17:06.519 --> 00:17:08.359
<v Speaker 1>a more comprehensive layer of protection.

371
00:17:08.599 --> 00:17:08.839
<v Speaker 2>Right.

372
00:17:09.039 --> 00:17:12.440
<v Speaker 1>And in addition to firewalls, there are also intrusion detection

373
00:17:12.599 --> 00:17:13.720
<v Speaker 1>and prevention systems.

374
00:17:14.440 --> 00:17:18.720
<v Speaker 2>Oh yeah, idips SIPs. What are those, Well, think of

375
00:17:18.759 --> 00:17:22.079
<v Speaker 2>them as the traffic cops of your network, Okay. They

376
00:17:22.119 --> 00:17:27.200
<v Speaker 2>analyze network traffic for suspicious patterns that might indicate and attack, so.

377
00:17:27.160 --> 00:17:29.720
<v Speaker 1>They're like looking for anything out of the ordinary, exactly.

378
00:17:29.839 --> 00:17:32.160
<v Speaker 1>They come in two flavors, right, IDs and IPS.

379
00:17:32.240 --> 00:17:35.960
<v Speaker 2>Right. An IDs passively monitors traffic and alerts you to

380
00:17:36.039 --> 00:17:40.799
<v Speaker 2>potential threats, okay, while an IPS can actively block malicious traffic.

381
00:17:40.960 --> 00:17:44.559
<v Speaker 1>So they're like having surveillance cameras and security guards working together.

382
00:17:44.680 --> 00:17:45.599
<v Speaker 2>That's a good analogy.

383
00:17:45.680 --> 00:17:48.160
<v Speaker 1>And the book mentions something called Snort signatures. How do

384
00:17:48.160 --> 00:17:48.680
<v Speaker 1>those fit in?

385
00:17:48.880 --> 00:17:53.880
<v Speaker 2>Well? Snort is a popular open source intrusion detection system, okay,

386
00:17:53.920 --> 00:17:58.599
<v Speaker 2>and it uses rules called signatures to identify malicious traffic.

387
00:17:58.680 --> 00:18:01.960
<v Speaker 2>Oh okay, So these rules define patterns of network activity

388
00:18:01.960 --> 00:18:04.799
<v Speaker 2>that are associated with known attacks or exploits.

389
00:18:04.920 --> 00:18:06.319
<v Speaker 1>So if the traffic matches a.

390
00:18:06.319 --> 00:18:08.359
<v Speaker 2>Rule, Snort raises a red flag.

391
00:18:08.440 --> 00:18:11.119
<v Speaker 1>Okay. So it's like having a security camera that's programmed

392
00:18:11.119 --> 00:18:17.880
<v Speaker 1>to recognize suspicious behavior exactly. Okay, So we've got anti virus, firewalls,

393
00:18:17.960 --> 00:18:21.400
<v Speaker 1>intrusion detection systems, the law, I know it is, but

394
00:18:21.680 --> 00:18:23.799
<v Speaker 1>it sounds like we're building up quite a security arsenal

395
00:18:23.799 --> 00:18:28.960
<v Speaker 1>here we are. What about dealing with like suspicious files?

396
00:18:29.079 --> 00:18:29.400
<v Speaker 2>Okay?

397
00:18:29.440 --> 00:18:31.079
<v Speaker 1>You know, if you come across a file that you

398
00:18:31.119 --> 00:18:33.799
<v Speaker 1>think might be infected, is there a way to analyze

399
00:18:33.839 --> 00:18:35.799
<v Speaker 1>it safely without risking infection?

400
00:18:36.160 --> 00:18:36.720
<v Speaker 2>There is?

401
00:18:36.839 --> 00:18:39.000
<v Speaker 1>You can use a sandbox a sandbox, right, we talked

402
00:18:39.000 --> 00:18:41.400
<v Speaker 1>about those earlier. Could you remind us how those work?

403
00:18:41.640 --> 00:18:46.039
<v Speaker 2>Sure, A sandbox provides a safe, isolated environment where you

404
00:18:46.079 --> 00:18:50.960
<v Speaker 2>can analyze suspicious files without risking infection. To your actual system.

405
00:18:51.039 --> 00:18:52.759
<v Speaker 1>So it's like a virtual detonation chamber.

406
00:18:52.880 --> 00:18:53.960
<v Speaker 2>That's a good way to put it.

407
00:18:54.079 --> 00:18:57.160
<v Speaker 1>You can safely detonate a potential bomb in there without

408
00:18:57.200 --> 00:18:58.839
<v Speaker 1>causing any real damage exactly.

409
00:18:58.920 --> 00:19:02.920
<v Speaker 2>And the sandbox the file's behavior, looking for any malicious

410
00:19:02.960 --> 00:19:07.440
<v Speaker 2>actions like what like file encryption, network communication with known

411
00:19:07.480 --> 00:19:11.079
<v Speaker 2>command and control servers, attempts to modify system settings.

412
00:19:11.400 --> 00:19:14.559
<v Speaker 1>So if the file starts acting shady, you know it's

413
00:19:14.640 --> 00:19:17.640
<v Speaker 1>bad news and you could just delete it hopefully. So

414
00:19:17.720 --> 00:19:21.480
<v Speaker 1>sandboxes are a great tool for analyzing those potentially dangerous files,

415
00:19:21.960 --> 00:19:25.880
<v Speaker 1>especially those that might evade traditional anti virus detection. Right. Okay,

416
00:19:25.880 --> 00:19:29.480
<v Speaker 1>So we've got all these layers of defense in place, antivirus, firewalls,

417
00:19:29.519 --> 00:19:33.960
<v Speaker 1>intrusion detection, sandboxes. But what about our data itself?

418
00:19:34.119 --> 00:19:36.359
<v Speaker 2>Ah, yes, the crown jewel.

419
00:19:36.720 --> 00:19:39.880
<v Speaker 1>Exactly what can we do to protect the information that's

420
00:19:39.920 --> 00:19:41.000
<v Speaker 1>most valuable to us?

421
00:19:41.119 --> 00:19:43.240
<v Speaker 2>Well, that brings us to the last line of defense,

422
00:19:44.000 --> 00:19:47.240
<v Speaker 2>data protection. Okay, And one of the most powerful tools

423
00:19:47.279 --> 00:19:50.039
<v Speaker 2>in our data protection arsenal, is encryption.

424
00:19:50.400 --> 00:19:53.680
<v Speaker 1>Encryption, right, that's about scrambling our data so it's unreadable

425
00:19:53.759 --> 00:19:57.160
<v Speaker 1>without the decryption key exactly. So even if ransomware does

426
00:19:57.200 --> 00:20:01.119
<v Speaker 1>manage to infect your system. Encryption can prevent it from

427
00:20:01.119 --> 00:20:02.559
<v Speaker 1>accessing your valuable files.

428
00:20:02.640 --> 00:20:05.160
<v Speaker 2>Right, it's like putting your valuables in a safe.

429
00:20:04.880 --> 00:20:07.799
<v Speaker 1>That only you have the combination too, exactly, And the

430
00:20:07.799 --> 00:20:10.799
<v Speaker 1>book talks about tools like BitLocker for encrypting our data.

431
00:20:10.880 --> 00:20:12.279
<v Speaker 2>Yeah, BitLocker is a great option.

432
00:20:12.480 --> 00:20:13.400
<v Speaker 1>What is BitLocker.

433
00:20:13.559 --> 00:20:17.039
<v Speaker 2>It's a full disc encryption feature built into certain versions

434
00:20:17.079 --> 00:20:19.839
<v Speaker 2>of Windows. It encrypts your entire hard drive.

435
00:20:20.000 --> 00:20:22.680
<v Speaker 1>So even if your device is lost or stolen, the

436
00:20:22.759 --> 00:20:26.000
<v Speaker 1>data is protective. That's pretty reassuring it is. But what

437
00:20:26.039 --> 00:20:28.799
<v Speaker 1>if the attacker already has access to your system? That's

438
00:20:28.799 --> 00:20:31.240
<v Speaker 1>a good question, Like what if they've already bypassed all

439
00:20:31.240 --> 00:20:33.720
<v Speaker 1>those other layers of defense that we talked about. Yeah,

440
00:20:33.799 --> 00:20:36.119
<v Speaker 1>is there anything we can do to recover our data

441
00:20:36.480 --> 00:20:38.279
<v Speaker 1>if it's been encrypted by ransomware?

442
00:20:38.319 --> 00:20:39.680
<v Speaker 2>Well, that's where backups come in.

443
00:20:39.960 --> 00:20:41.640
<v Speaker 1>Backups, right, the classic advice.

444
00:20:41.759 --> 00:20:43.000
<v Speaker 2>It's classic for a reason.

445
00:20:43.160 --> 00:20:44.119
<v Speaker 1>It works, it does.

446
00:20:44.240 --> 00:20:46.839
<v Speaker 2>Backups are your safety net. Yeah, in case of a

447
00:20:46.920 --> 00:20:50.640
<v Speaker 2>ransomware attack or really any other data loss scenario.

448
00:20:50.759 --> 00:20:52.759
<v Speaker 1>So even if our files are encrypted, we can just

449
00:20:52.960 --> 00:20:54.279
<v Speaker 1>restore them from a backup.

450
00:20:54.400 --> 00:20:56.759
<v Speaker 2>Exactly. It's like having a spare key to your house

451
00:20:56.799 --> 00:20:58.359
<v Speaker 2>in case someone changes the locks.

452
00:20:58.519 --> 00:20:59.519
<v Speaker 1>I like that analogy.

453
00:20:59.720 --> 00:21:03.559
<v Speaker 2>Regularly backing up your important data to an external hard

454
00:21:03.680 --> 00:21:08.000
<v Speaker 2>drive or a cloud storage service or some other secure location.

455
00:21:08.359 --> 00:21:10.640
<v Speaker 1>It can be a life saver, it really can. And

456
00:21:10.799 --> 00:21:14.519
<v Speaker 1>what about data loss prevention solutions DLP? Yeah, the book

457
00:21:14.559 --> 00:21:15.480
<v Speaker 1>mentions those as well.

458
00:21:15.720 --> 00:21:19.720
<v Speaker 2>Yeah. DLP solutions are designed to detect and prevent sensitive

459
00:21:19.799 --> 00:21:23.759
<v Speaker 2>data from leaving your organization. They monitor data in use,

460
00:21:24.119 --> 00:21:25.839
<v Speaker 2>in motion, and at rest, so.

461
00:21:25.799 --> 00:21:29.200
<v Speaker 1>They're like security guards for your data exactly, watching for

462
00:21:29.279 --> 00:21:30.480
<v Speaker 1>any suspicious activity.

463
00:21:30.599 --> 00:21:33.559
<v Speaker 2>Right. They can be a really valuable layer of defense

464
00:21:33.640 --> 00:21:35.119
<v Speaker 2>against data breaches.

465
00:21:35.000 --> 00:21:37.720
<v Speaker 1>Including those caused by ransomware that might try to steal

466
00:21:37.759 --> 00:21:40.759
<v Speaker 1>your data exactly. Okay, Wow, we have covered so much

467
00:21:40.799 --> 00:21:43.880
<v Speaker 1>ground here. We have, and it's clear that defending against

468
00:21:43.920 --> 00:21:45.880
<v Speaker 1>ransomware is not a simple task.

469
00:21:46.039 --> 00:21:48.079
<v Speaker 2>It's not. It's a multifaceted challenge.

470
00:21:48.119 --> 00:21:51.599
<v Speaker 1>We need to be proactive, yes, vigilant absolutely, and have

471
00:21:51.720 --> 00:21:53.319
<v Speaker 1>multiple layers of defense in place.

472
00:21:53.440 --> 00:21:54.119
<v Speaker 2>You got it.

473
00:21:54.119 --> 00:21:57.200
<v Speaker 1>It's not about being paranoid, right, it's about being informed

474
00:21:57.319 --> 00:22:00.359
<v Speaker 1>and prepared exactly. I think we've given our list a

475
00:22:00.359 --> 00:22:01.480
<v Speaker 1>lot to think about here.

476
00:22:01.640 --> 00:22:02.119
<v Speaker 2>We have.

477
00:22:02.359 --> 00:22:05.599
<v Speaker 1>Maybe we should take a moment to like recap everything

478
00:22:05.599 --> 00:22:09.440
<v Speaker 1>we've discussed, okay, and highlight the key takeaways. Sounds good, okay,

479
00:22:09.480 --> 00:22:12.680
<v Speaker 1>So here we are the final part of our ransomware

480
00:22:12.680 --> 00:22:13.200
<v Speaker 1>deep dive.

481
00:22:13.400 --> 00:22:15.160
<v Speaker 2>It's been quite a journey, hasn't it.

482
00:22:15.160 --> 00:22:16.960
<v Speaker 1>It has. We've covered so much.

483
00:22:17.200 --> 00:22:20.079
<v Speaker 2>Yeah, We've talked about the history, how these attacks have evolved,

484
00:22:20.079 --> 00:22:22.720
<v Speaker 2>how they spread, you know, the whole shebang.

485
00:22:22.960 --> 00:22:25.559
<v Speaker 1>And you know, I hope our listener is feeling more

486
00:22:26.039 --> 00:22:27.960
<v Speaker 1>informed than intimidated at this point.

487
00:22:28.039 --> 00:22:28.599
<v Speaker 2>That's the goal.

488
00:22:28.839 --> 00:22:32.400
<v Speaker 1>So I guess if if there were like just a

489
00:22:32.480 --> 00:22:35.599
<v Speaker 1>few key takeaways that you want our listeners to remember

490
00:22:35.839 --> 00:22:37.599
<v Speaker 1>from all of this, what would they be.

491
00:22:38.119 --> 00:22:40.799
<v Speaker 2>I think the most important thing is to understand that

492
00:22:40.960 --> 00:22:45.599
<v Speaker 2>ransomware it's a serious threat. Yeah, but it's not unbeatable.

493
00:22:45.920 --> 00:22:46.279
<v Speaker 1>Okay.

494
00:22:46.519 --> 00:22:49.920
<v Speaker 2>You can drastically reduce your chances of becoming a victim

495
00:22:50.319 --> 00:22:54.240
<v Speaker 2>by being proactive and taking those steps to secure your

496
00:22:54.519 --> 00:22:55.680
<v Speaker 2>systems and your data.

497
00:22:56.160 --> 00:22:57.920
<v Speaker 1>It's all about prevention exactly.

498
00:22:58.039 --> 00:23:01.200
<v Speaker 2>Don't wait until it's too late to start thinking about security,

499
00:23:01.359 --> 00:23:02.079
<v Speaker 2>right right.

500
00:23:02.400 --> 00:23:04.559
<v Speaker 1>And I guess you know the second big takeaway is

501
00:23:04.559 --> 00:23:08.079
<v Speaker 1>that this threat landscape is constantly.

502
00:23:07.680 --> 00:23:09.039
<v Speaker 2>Changing, yeah, always evolving.

503
00:23:09.200 --> 00:23:11.759
<v Speaker 1>You know, new ransomware variants are popping up all the time,

504
00:23:12.200 --> 00:23:15.119
<v Speaker 1>and the attackers they're always looking for new ways to

505
00:23:15.160 --> 00:23:16.599
<v Speaker 1>exploit those vulnerabilities.

506
00:23:16.640 --> 00:23:18.720
<v Speaker 2>Exactly. It's a never ending game of cat and mouse.

507
00:23:18.880 --> 00:23:20.880
<v Speaker 1>So we have to stay vigilant.

508
00:23:20.559 --> 00:23:23.200
<v Speaker 2>Absolutely, never get complacent.

509
00:23:23.160 --> 00:23:26.079
<v Speaker 1>Keep learning, keep adapting.

510
00:23:25.799 --> 00:23:29.000
<v Speaker 2>Right, because the bad guys they're not slowing down.

511
00:23:28.920 --> 00:23:31.200
<v Speaker 1>No, they're not. And then I guess you know. The

512
00:23:31.279 --> 00:23:36.279
<v Speaker 1>third big takeaway is that even with the best defenses

513
00:23:36.279 --> 00:23:39.400
<v Speaker 1>in place, Yeah, there's always a chance that something could

514
00:23:39.400 --> 00:23:40.279
<v Speaker 1>slip through the cracks.

515
00:23:40.440 --> 00:23:41.000
<v Speaker 2>It's true.

516
00:23:41.039 --> 00:23:43.279
<v Speaker 1>So we need to have a plan in place.

517
00:23:43.440 --> 00:23:46.240
<v Speaker 2>Absolutely. You need to know what to do if you

518
00:23:46.359 --> 00:23:48.079
<v Speaker 2>become a victim of ransomware.

519
00:23:48.720 --> 00:23:53.079
<v Speaker 1>And the book talks about having an incident response plan. Yes,

520
00:23:53.119 --> 00:23:54.039
<v Speaker 1>what does that involve?

521
00:23:54.160 --> 00:23:57.079
<v Speaker 2>Well, an incident response plan outlines all the steps you

522
00:23:57.079 --> 00:24:01.839
<v Speaker 2>should take if you get hit with ransomware, like isolating infected.

523
00:24:01.440 --> 00:24:03.759
<v Speaker 1>Systems so you prevent it from spreading.

524
00:24:03.559 --> 00:24:07.559
<v Speaker 2>Exactly, contacting law enforcement, assessing the damage, that sort of thing. Right,

525
00:24:07.720 --> 00:24:10.519
<v Speaker 2>Having a plan in place can help you minimize the impact,

526
00:24:10.640 --> 00:24:12.000
<v Speaker 2>recover more quickly.

527
00:24:12.160 --> 00:24:15.680
<v Speaker 1>And potentially avoid paying the ransom hopefully. Yeah. So it's

528
00:24:15.720 --> 00:24:18.279
<v Speaker 1>like you know, having a fire escape plan.

529
00:24:18.599 --> 00:24:19.200
<v Speaker 2>Exactly.

530
00:24:19.359 --> 00:24:21.920
<v Speaker 1>You hope you never have to use it, but if

531
00:24:21.920 --> 00:24:25.119
<v Speaker 1>there's a fire, you know what to do. Be prepared,

532
00:24:25.200 --> 00:24:28.519
<v Speaker 1>Be prepared exactly. Yeah, okay, Well, this has been a

533
00:24:28.559 --> 00:24:29.799
<v Speaker 1>really insightful discussion.

534
00:24:29.799 --> 00:24:30.440
<v Speaker 2>I've enjoyed it.

535
00:24:30.480 --> 00:24:32.720
<v Speaker 1>Any final thoughts before we wrap things up.

536
00:24:33.359 --> 00:24:35.599
<v Speaker 2>I think the most important thing is to remember that

537
00:24:35.720 --> 00:24:40.079
<v Speaker 2>this is a marathon, not a sprint. This fight against ransomware,

538
00:24:40.200 --> 00:24:44.119
<v Speaker 2>it's an ongoing process. You have to keep learning, adapting,

539
00:24:44.440 --> 00:24:45.559
<v Speaker 2>staying ahead.

540
00:24:45.279 --> 00:24:47.440
<v Speaker 1>Of the curve, and don't forget the human element.

541
00:24:47.519 --> 00:24:48.480
<v Speaker 2>No, that's crucial.

542
00:24:48.759 --> 00:24:52.240
<v Speaker 1>You know. Ransomware often succeeds because it preys on our vulnerabilities,

543
00:24:52.640 --> 00:24:56.400
<v Speaker 1>our fear, our urgency, our tendency to just click on

544
00:24:56.519 --> 00:24:57.559
<v Speaker 1>things without thinking.

545
00:24:57.799 --> 00:25:00.640
<v Speaker 2>You're right. If we can educate ourselves and others about

546
00:25:00.640 --> 00:25:03.240
<v Speaker 2>those tactics, we can create a much stronger defense.

547
00:25:03.440 --> 00:25:05.960
<v Speaker 1>Well said, Yeah, Well, that concludes our deep dive into

548
00:25:06.000 --> 00:25:07.000
<v Speaker 1>the world of ransomware.

549
00:25:07.079 --> 00:25:07.920
<v Speaker 2>It's been a pleasure.

550
00:25:07.960 --> 00:25:10.799
<v Speaker 1>We've covered a lot of ground we have, but hopefully,

551
00:25:10.960 --> 00:25:13.359
<v Speaker 1>you know our listener feels empowered with the knowledge they

552
00:25:13.400 --> 00:25:14.920
<v Speaker 1>need to stay safe out there.

553
00:25:15.079 --> 00:25:16.119
<v Speaker 2>Knowledge is power.

554
00:25:16.480 --> 00:25:20.000
<v Speaker 1>Absolutely Thanks for joining us on this deep dive. Until

555
00:25:20.000 --> 00:25:21.440
<v Speaker 1>next time, stay curious,