Transcript: The Rise of Ransomware | Sep 15, 2016

Steve sits in the studio. He's slim, clean-shaven, in his fifties, with short curly brown hair. He's wearing a gray suit, pink shirt, and spotted purple tie.

A caption on screen reads "The rise of ransomware."
Then, it adds "@spaikin, @theagenda"

Steve says HIGH-PROFILE
CYBERATTACKS ON HOSPITALS AND
CITIES THRUST RANSOMWARE INTO
THE HEADLINES.
BUT IT ISN'T JUST BIG
INSTITUTIONS THAT HAVE TO
CONTEND WITH THEIR COMPUTERS
BEING HELD HOSTAGE FOR MONEY.
JOINING US NOW FOR A PRIMER ON
RANSOMWARE, AND HOW ONTARIANS
AND BUSINESSES CAN PROTECT THEMSELVES:
CHERYL BISWAS, CYBER SECURITY CONSULTANT...

Cheryl is in her late forties, with short auburn hair and bangs. She's wearing glasses, a gray blazer and a green printed blouse.

Steve continues AND JOHN SHIER, SENIOR SECURITY
EXPERT AT SOPHOS CANADA...

John is in his forties, clean-shaven and balding. He's wearing a gray suit and blue shirt.

Steve continues NICE TO HAVE BOTH OF YOU HERE AT
TVO TONIGHT ABOUT SOMETHING THAT
I SUSPECT A LOT OF US KNOW VERY
LITTLE ABOUT.
SO LET'S START AT FIRST
PRINCIPLES HERE.
WHAT'S RANSOMWARE?

The caption changes to "John Shier. Sophos Canada."
Then, it changes again to "New threat on the block."

John says RANSOMWARE IS A
PIECE OF MALICIOUS SOFTWARE, WE
CALL IT MALWARE, THAT INSTALLS
ITSELF ON YOUR COMPUTER BY A
VARIETY OF MEANS.
WHAT HAPPENS BASICALLY ALL OF
YOUR FILES GET ENCRYPTED, WHICH
MEANS YOU DON'T HAVE ACCESS TO
THEM UNLESS YOU HAVE THE KEY,
THE CROOKS HOLD THE KEY, THEY
DEMAND PAYMENT FOR THE KEY, AND
THAT'S HOW WE GET THE TERM
RANSOMWARE.

Steve says CHERYL, HOW DOES
SOMEBODY OUTSIDE GET ACCESS TO
THE INSIDE OF YOUR COMPUTER?

The caption changes to "Cheryl Biswas. Cyber security consultant."

Cheryl says WELL,
THEY'RE LOOKING FOR
VULNERABILITIES, AND IT'S THINGS
YOU MAY NOT EVEN BE AWARE OF.
BUT OPERATING SYSTEMS GET OLDER.
FAULTS ARE DETECTED.
AND THE RANSOMWARE IS ABLE TO
COME IN VIA EXPLOITS.
THAT MEANS IF THE BAD GUYS HAVE
BEEN VERY CAREFULLY DOING
RECONNAISSANCE, LOOKING AT THE
SYSTEMS THAT WE TAKE FOR GRANTED
EVERY DAY, LOOKING FOR THE HOLES
IN THE CODE, THE STUFF WE'RE
SUPPOSED TO BE PATCHING.
THEY BUILT THE EXPLOIT.
THE EXPLOIT TAKES IN THEIR
MALWARE, AND THAT'S HOW THEY'RE
ABLE TO DELIVER THE PAYLOAD OF
THE RANSOMWARE.

Steve says PAYLOAD.
CAN WE BRING THESE UP, SHELDON?
THESE ARE SOME PHOTOS OF A
COMPUTER SCREEN THAT HAS BEEN
INFECTED WITH RANSOMWARE OR
MALWARE, WHATEVER YOU'RE CALLING
IT, AND WHAT ARE WE LOOKING AT
HERE, JOHN, JUST BASICALLY TAKE
US THROUGH THIS?

A screen print pops up showing a warning message which reads "Your personal files are encrypted by CTB-Locker."

John says THIS IS A
TYPICAL EXAMPLE OF SOMETHING
THAT POPS UP ON YOUR SCREEN.
IT COULD EITHER BE AN ACTUAL
WINDOW POP-UP OR A WALLPAPER
THAT GETS SET ON YOUR DESK TOP
THAT DESCRIBES BASICALLY THAT
YOU'VE BEEN AFFECTED BY
RANSOMWARE, YOU HAVE BEEN...

Steve says HACKED?

A new print shows a blue screen which reads "All your important files are encrypted."

John says YOU CAN USE THE
TERM HACKED AS WELL.
IT GIVES YOU INSTRUCTIONS ON HOW
TO GET YOUR FILES BACK, IT GIVES
YOU INSTRUCTIONS ON HOW TO PAY,
IN WHAT FORM TO PAY, SO IN THIS
CASE BITCOIN, AS WE SAW, WHAT
DENOMINATIONS OR AMOUNT THEY'RE
EXPECTING, AND THEN VERY OFTEN
IT WILL GIVE YOU SOME CLUES AS
TO HOW TO CONVERT YOUR CASH INTO
BITCOINS, GIVE YOU A TUTORIAL ON
BITCOINS, ALL SORTS OF THINGS
THEY CAN INCLUDE IN THERE.
IT'S YOUR ROAD MAP FROM
INFECTION TO GETTING YOUR FILES BACK.

Steve says CHERYL, SOME PEOPLE
MAY BE WATCHING AND SAY THIS HAS
NEVER HAPPENED TO ME.
I DON'T NEED TO BE WORRY.
HOW OFTEN DOES THIS HAPPEN?

Cheryl says FIRST, CYBER
CRIMINALS ARE BUSINESSMEN.
THEY'RE LOOKING FOR THE MOST
EFFICIENT RETURN ON INVESTMENT.
UNFORTUNATELY, RANSOMWARE IS A
MONEY-MAKER.
IT HAS BEEN GOING GANGBUSTERS
AND IT'S INCREASED BY ABOUT 300 percent
SINCE 2015.

Steve says 300 percent OVER ONE YEAR?

Cheryl says OVER ONE YEAR.
WE'VE GONE FROM 29 DIFFERENT
VARIANTS IN 2015 TO 79 IN 2016,
AND WE'RE JUST NOT EVEN THROUGH
THE YEAR YET.
WE KNOW THAT MORE IS COMING.
AND IT'S JUST BEING ABLE TO
DEMAND MONEY AND CREATE FEAR.

Steve says YOU SAY DEMAND MONEY.
THEY ACTUALLY ASK FOR BITCOIN IN
THAT EXAMPLE WE JUST SAW, WHICH
IS SORT OF MONEY BUT NOT REALLY MONEY.

Cheryl says NO.

Steve says WHY DO THEY ASK FOR
BITCOIN?

Cheryl says IT'S BECAUSE
IT'S EASY TO... IT'S
UNTRACEABLE.
IT'S A DIGITAL CURRENCY.
IT HELPS THEM COVER THEIR
TRACKS.
IT KEEPS THEM IN CONTROL OF THE
SITUATION.
THEY CAN TELL YOU HOW TO GET IT,
BUT THEY AREN'T GOING TO GET
CAUGHT WHEN YOU PAY THEM IN IT.

Steve says IS IT ONLY COMPUTERS
THAT THIS KIND OF RANSOMWARE CAN
INFECT?

John says FOR THE MOMENT
IT'S THE WINDOWS OPERATING
SYSTEM.
THERE HAVE BEEN SOME PIECES OF
MALWARE THAT AFFECT MAC SYSTEM
AS WELL AND SOME THAT INFECT THE
ANDROID MOBILE PLATFORM.
FOR NOW THAT SEEMS TO BE THE
CASE OF THE WIDELY
DISTRIBUTED... THE MOST IMPACT
IS ON THOSE THREE PLATFORMS WITH
WINDOWS BY FAR BEING THE LARGEST
SHARE.
THAT DOESN'T MEAN OTHER
PLATFORMS AREN'T VULNERABLE, BUT
FOR NOW THAT'S WHAT WE'RE
SEEING.

Steve says CHERYL HAS JUST
DESCRIBED THESE CRIMINALS AS
BUSINESSMEN.
CAN YOU TELL US A LITTLE BIT
MORE ABOUT WHO DOES THIS?

John says THAT'S HARD TO SAY.
WE HAVE SOME CLUES.
IF WE LOOK AT THE CODE ITSELF,
THE LANGUAGE THAT IT'S WRITTEN
IN, SOME OF THE COMMENTS THAT
ARE INCLUDED IN THE CODE CAN
GIVE US SOME CLUES.
SOME ARE OUTRIGHT CALLING
THEMSELVES OUT FROM THEIR
GEOGRAPHIC LOCATIONS.
IF WE TRACE BACK THE COMMAND AND
CONTROL SERVERS NOW, QUICKLY
THAT'S BASICALLY WHERE YOUR
COMPUTER CALLS HOME TO GET THAT
KEY TO ENCRYPT YOUR STUFF.
SOME OF THOSE ARE LOCATED IN
FOREIGN COUNTRIES.
HOWEVER, EVEN THAT CAN BE FAKED.
SO, YES, MOST OF IT DOES APPEAR
TO BE COMING FROM OVERSEAS.
IF WE KNEW THE WHO, I WOULD BE
GLAD TO BE RIDING IN A POLICE
CAR KNOCKING ON PEOPLE'S DOORS,
BECAUSE THESE GUYS, AS CHERYL
HAS MADE, ARE MAKING INCREDIBLE
AMOUNTS OF MONEY.

Steve says NO MATTER HOW
IMPRESSIVE YOUR CYBER SECURITY
IS, IS IT FAIR TO SAY THESE GUYS
ARE ALWAYS SORT OF ONE STEP AHEAD?

The caption changes to "A lucrative business."

Cheryl says THEY HAVE
THE ADVANTAGE OF TIME AND MONEY.
WE'RE ALWAYS IN A CATCH-UP
POSITION.
SO THEY SIT THERE.
THEY DO THE RECON.
THEY'RE COMPLETELY MOTIVATED.
AND THEY DON'T HAVE DAY JOBS
LIKE WE DO.

John says THIS IS THEIR
DAY JOB.

Steve says THIS IS FROM THE
CANADIAN CYBER INCIDENT RESPONSE
CENTRE THAT SAID IN 2015...

A slate appears on screen, with the title "Ransomware attacks in Canada."

Steve reads from the slate and says
RANSOMWARE ACCOUNTED FOR 12.5 percent
OF MALWARE ATTACKS.
IN 2016 THAT ROSE TO 22 percent.
THAT'S A PERCENTAGE INCREASE.
WHAT KIND OF... I MEAN, IN TERMS
OF JUST PURE NUMBERS, HOW OFTEN
DOES THIS HAPPEN?

John says I'M FAMILIAR
WITH THOSE NUMBERS.
WE ACTUALLY DO SOME WORK WITH
PUBLIC SAFETY CANADA AND THERE
ARE SOME REALLY GREAT PEOPLE
WORKING AT THE C.C.I.R.C. TRYING
TO STOP THIS KIND OF STUFF FROM
IMPACTING CANADIANS.
NOW, THE 2015 NUMBERS WERE
BASICALLY BASED ON SOME
30 MILLION OR SO SAMPLES.
THAT'S JUST WHAT C.C.I.R.C.
CAUGHT.
THAT'S NOT THE TOTALITY OF ALL
MALWARE OUT THERE.
WE'RE TALKING VOLUMES THAT ARE
JUST ORDERS OF MAGNITUDE BEYOND
WHAT MOST OF US CAN POSSIBLY
IMAGINE IN TERMS OF THE UNIQUE
SAMPLES.

Steve says SO THIS IS
HAPPENING... WHAT?
THOUSANDS OF TIMES?
TENS OF THOUSANDS OF TIMES?
HUNDREDS OF THOUSANDS OF TIMES?

John says THERE HAVE BEEN
SOME ESTIMATES THAT IT'S 100,000
VICTIMS PER WEEK GLOBALLY.
UNFORTUNATELY CANADIANS ARE PART
OF THAT NUMBER.

Steve says WHY IS IT INCREASING
SO MUCH?

Cheryl says AGAIN,
BECAUSE NOW THAT THEY KNOW HOW
TO DO IT, THEY CAN DEVELOP THE
CODE AND WE WATCHED THE
EVOLUTION OF MALWARE INTO
RANSOMWARE, AND NOW WE'VE
WATCHED THE EVOLUTION OF
RANSOMWARE THROUGH THIS YEAR,
AND THEY FOUND A WAY TO REALLY
HOLD OUR DATA HOSTAGE BUT NOW TO
COME AFTER OUR SYSTEMS.
THOSE WERE THE ATTACKS ON THE
HOSPITAL.

Steve says RIGHT.
WE'LL GET TO THAT IN A SECOND.
WHAT ABOUT PERSONAL e-mails?
DO THEY GET INTO THAT TOO?

Cheryl says WHAT THEY
GET INTO... IT'S PHISHING.
IT'S BY SENDING YOU A TARGETED
e-mail, SOMETHING THAT YOU WOULD
BE MORE TEMPTED TO CLICK ON, AND
IT HAS EVOLVED THERE VERY, VERY
MUCH.
IT'S NO LONGER JUST... WE USED
TO CALL IT SPRAY AND PRAY WHERE
THEY WOULD DO A MASS CAMPAIGN.
BUT THEY KNOW WHO THEIR TARGETS
ARE.
THEY KNOW THE LANGUAGE OF THE
COUNTRY.
THEY WORK VERY HARD TO IMPROVE
THEIR GRAMMAR AND THEIR SYNTAX.
SO WHAT YOU OPEN MAY VERY WELL
LOOK LIKE IT CAME FROM CANADA
POST.
YOU CLICK, AND YOU'VE LAUNCHED
IT.

Steve says AND THERE THEY GO.

Cheryl says YEAH.

Steve says IF THIS IS A
BUSINESS AND YOU CAN MAKE MONEY
AT THIS BUSINESS, IS THERE ANY
WAY TO FIGURE OUT OR DETERMINE
WHAT A TYPICAL ANNUAL INCOME
WOULD BE FOR SOMEBODY WHO DOES
THIS KIND OF HACKING?

John says THERE ARE SOME
WAYS BUT IT'S VERY DIFFICULT.
AS CHERYL WAS SAYING, USING
BITCOIN IS HIGHLY ANONYMOUS AND
IT'S DIFFICULT TO TRACE AND
THEY'VE GOT CERTAIN STRATEGIES
THEY CAN USE TO HIDE THE MONEY
TRAIL.
IF WE SORT OF SCROLL BACK THE
CLOCK TO FIVE YEARS AGO, THEY
USED TO ACCEPT PAYMENT IN VISA,
MASTERCARD, AMERICAN EXPRESS,
USING CREDIT CARDS.
BUT THEY HAD TO POSE AS
LEGITIMATE RETAILERS TO GET A
MERCHANT ACCOUNT AND IT WAS MORE
TRACEABLE.
NOW THEY'RE OPENLY CRIMINAL.
THEY'RE USING BITCOIN.
WHAT WE RELY ON NOW IS DOING
STUDIES WHERE WE CAN SAY, ALL
RIGHT, HOW MANY PEOPLE WERE
INFECTED, HOW MANY PEOPLE LIKELY
PAID, WHAT WAS THE AVERAGE
AMOUNT THAT THEY PAID, AND THEN
WE CAN KIND OF DO ARITHMETIC AND
FIGURE OUT WHAT THOSE NUMBERS
ARE.
SOME OF THAT HAS BEEN DONE.
ONE PARTICULAR VERY PROFITABLE
PIECE OF RANSOMWARE CALLED
CRYPTOWALL ALLEGEDLY TOOK IN
320 MILLION dollars IN 2015.

Steve says IN ONE YEAR.

The caption changes to "Connect with us: @theagenda, TVO.org, YouTube, Facebook, Instagram."

John says ONE YEAR.
THE FBI IS CALLING ABOUT A
BILLION DOLLARS DAMAGE... I
SHOULDN'T SAY DAMAGE.
A BILLION DOLLARS OF REVENUE,
AGAIN, IF WE CAN USE THAT TERM,
FOR RANSOMWARE IN 2016.

Steve says YOU MENTIONED CANADA POST.
OF COURSE, I PRESUME MANY
HIGH-PROFILE INSTITUTIONS IN OUR
SOCIETY COULD BE HIT BY THIS,
CREDIT CARD COMPANIES, YOU KNOW,
WHATEVER, BANKS, EVERYTHING, RIGHT?

Cheryl says ABSOLUTELY
ANYBODY CAN BE.
IT'S A MASQUERADE.
ANY BUSINESS CAN BE HIT.
ANY INDIVIDUAL CAN BE FOOLED.

Steve says HAVE ANY OF THESE
HACKERS BEEN SUCCESSFULLY PROSECUTED?

John says SPECIFICALLY
FOR RANSOMWARE, NONE THAT I KNOW
OF THAT HAVE BEEN CAUGHT BECAUSE
OF RANSOMWARE.
THERE WAS ONE HIGH-PROFILE
TAKE-DOWN WHICH WAS THE
CRYPTOLOCKER GUY, ARGUABLY THE
FIRST VARIANT WE SAW COME ON THE
SCENE IN ABOUT 2013.

Steve says WHAT DOES THAT MEAN,
CRYPTORANSOMWARE VARIANT?

John says THE TYPE OF
RANSOMWARE, CRYPTO, MEANING
ENCRYPTING YOUR FILES, SOME LOCK
YOUR SCREEN, FOR EXAMPLE, BUT
DON'T SCRAMBLE YOUR FILES.
THOSE GUYS WERE CAUGHT AS PART
OF ANOTHER TAKE-DOWN FOR BOT
NET.
THEY HAPPENED TO FIND THE
SERVERS... PRIVATE KEY SERVERS
OF CRYPTOLOCK.
THEY WERE ABLE TO FIGURE OUT WHO
SOME OF THOSE PEOPLE WERE BUT
NOT DIRECTLY AS FAR AS I KNOW.

Steve says I GUESS IF YOU WATCH
THE MOVIES ABOUT THIS, THE
ASSUMPTION IS THESE KIND OF
HACKERS ARE GOING AFTER HUGE
IMPORTANT INSTALLATIONS LIKE
MILITARY OR GOVERNMENT.
BUT IN CANADA THEY'VE GONE AFTER
HOSPITALS.
OTTAWA HOSPITAL, NORFOLK GENERAL
HOSPITAL, THEY BOTH GOT TARGETED.
WHY THIS APPARENT CHANGE OF
TARGET TO SO-CALLED SOFT TARGETS?

The caption changes to "High profile targets."

Cheryl says WELL, THIS
PAST MARCH, THERE WAS THE ATTACK
ON THE HOLLYWOOD HOSPITAL.
THAT WAS THROUGH A DIFFERENT
ATTACK VECTOR.
THEY DIDN'T USE PHISHING.
THEY FOUND AN EXPLOITED... A
SERVER VULNERABILITY.
AND THAT WAS A WAKE-UP CALL TO
OUR ENTIRE COMMUNITY BECAUSE
ONCE THE ATTACKERS HAD FOUND
THAT WAY IN AND WERE ABLE TO
HOLD SYSTEMS HOSTAGE, THEY COULD
ASK FOR A LOT MORE MONEY.

Steve says WHY HACK INTO A
HOSPITAL?
WHAT HAVE THEY GOT?

Cheryl says THERE'S NO
HONOUR AMONGST THIEVES, AND THE
LINE IN THE SAND HAS BEEN
CROSSED, ESSENTIALLY.
THEY DON'T PLAY BY THE SAME
RULES THAT WE DO.
THEY'RE LOOKING FOR A CASH GRAB,
AND THERE'S A MUCH BIGGER
PAY-DAY IN AN INSTITUTION THAN
THERE IS WITH AN INDIVIDUAL.
SO WE ARE VERY CAREFULLY
WATCHING THE INDUSTRIAL INTERNET
OF THINGS.
WE ARE WATCHING CRITICAL
INFRASTRUCTURE SYSTEMS, THE
POWER GRID: WATER, GAS AND
ELECTRIC.
ALL OF THESE RUN ON SYSTEMS THAT
CAN BE JUST AS VULNERABLE TO
THIS KIND OF AN ATTACK.

Steve says JOHN, WHAT'S YOUR
VIEW ON WHY HOSPITALS MIGHT BE TARGETED?

John says I THINK, YOU
KNOW, IF YOU LOOK AT HOW THE
INITIAL DISTRIBUTION MECHANISM
WORKS WHERE IT IS FAIRLY VARIED
AND OPPORTUNISTIC, ONCE YOU
REALIZE THAT YOU HAVE A TARGET,
A SOFTER TARGET LIKE A HOSPITAL,
FOR EXAMPLE, THEN YOU MIGHT
CHANGE YOUR TACTIC A LITTLE BIT.
YOU MIGHT GO, OKAY, WE'VE GOT
THIS MORE VALUABLE TARGET.
LET'S TURN UP THE HEAT A LITTLE
BIT.
THE MOTIVES AND THE WAYS OF
ENTRY DO VARY FROM THE DIFFERENT
EXAMPLES THAT YOU MENTIONED, BUT
THERE IS AN OPPORTUNITY FOR THE
CRIMINALS TO GET A LITTLE BIT
MORE MONEY THAN THEIR TYPICAL
RANSOM DEMAND THAT WOULD BE TO A
REGULAR USER ON THE STREET.

Steve says LET'S DO ANOTHER
EXAMPLE.
BACK IN JUNE, UNIVERSITY OF
CALGARY APPARENTLY WAS HACKED.
LOST ACCESS TO ITS e-mail
SYSTEM AND PAID 20,000 dollars TO
REACQUIRE ACCESS TO WHAT WAS THEIRS.
SHOULD THEY HAVE PAID?

The caption changes to "A moral quandary."

John says THAT'S A
DIFFICULT QUESTION FOR ME OR ANY
OF US TO ANSWER, REALLY, BECAUSE
WE AREN'T THE UNIVERSITY OF
CALGARY.
WE DON'T KNOW THEIR SITUATION.
WE DON'T REALLY KNOW EXACTLY THE
TECHNICAL SITUATION THEY WERE IN
AS WELL.
MOST BUSINESSES ARE PRETTY
RESILIENT AGAINST THIS ATTACK
BECAUSE THEY WILL HAVE BACKUPS,
THEY'LL HAVE OTHER SYSTEMS THAT
CAN CONTAIN THAT DATA OR CAN
HELP MITIGATE THIS KIND OF
STUFF.
THE UNIVERSITY OF CALGARY HAD A
REALLY TOUGH DECISION TO MAKE.
IN THEIR CASE, THIS WAS THE
RIGHT DECISION FOR THEM.
SO IT'S HARD FOR US TO JUDGE
THEM ON THAT SIMPLE FACT.

Steve says FAIR ENOUGH.
CHERYL, THIS IS A BIT DRAMATIC,
BUT LET'S COMPARE IT TO A
HOSTAGE SITUATION.
THERE IS A GENERAL AGREEMENT IN
INTERNATIONAL AFFAIRS, YOU DON'T
PAY TO HAVE HOSTAGES RETURNED
BECAUSE IT HELPS FUND AND
ENCOURAGE FURTHER KIDNAPPINGS.

Cheryl says THAT'S THE
STANCE IN THE SECURITY COMMUNITY.
THE PROBLEM IS THAT WE ENCOURAGE
THEM EVERY DOLLAR WE PAY THEM.
THEY KNOW THAT.
AND IT'S KIND OF LIKE HAVING US
OVER A BARREL.
IT'S A VERY HARD CALL TO MAKE.
I WOULDN'T WANT TO HAVE BEEN IN
THE POSITION OF THE HOSPITAL
ADMINISTRATORS BECAUSE, WHAT ARE
YOU GOING TO DO TO GET THOSE
SYSTEMS BACK ONLINE FAST?

Steve says YOU'RE NOT PREPARED
TO PUT A BLANKET CONDEMNATION ON
ANYBODY WHO PAYS TO REACQUIRE
ACCESS TO THEIR FILES?

Cheryl says AGAIN, I
CAN'T JUDGE SOMEBODY BASED ON THAT.
I'VE SEEN THE LEVEL OF FEAR AND
I'VE SEEN THE DESTRUCTION.

John says IF YOU'RE A
SMALL BUSINESS AND THIS MEANS
THAT YOUR LIVELIHOOD IS NOW OVER
BECAUSE OF THIS ATTACK THAT
YOU'RE PUTTING PEOPLE ON THE
STREET BECAUSE THEY NO LONGER
HAVE A JOB BECAUSE YOU CAN'T
AFFORD TO PAY THEM ANYMORE, IT'S
REALLY DIFFICULT FOR US TO
CONDEMN THEM FOR PAYING 500 dollars TO
THE CROOKS.

Steve says FAIR ENOUGH.
LET'S SAY YOU PAY THE 500 dollars.
IS THERE HONOUR AMONG THIEVES?
DO YOU ACTUALLY GET YOUR FILES BACK?

John says THIS IS AGAIN
WHERE THE TERM "BUSINESS" COMES
IN, RIGHT?
YES, FOR THE MOST PART, YOU DO
GET YOUR FILES BACK.
THE WORD ON THE STREET IS, IF
YOU PAY THESE GUYS, YOU GET YOUR
FILES BACK.
THAT'S GOOD BUSINESS PRACTICE.
THERE'S SOME LOYALTY THERE TO
THEIR CUSTOMERS, IF YOU WILL.
AND SO, YES, IF YOU DO PAY THESE
GUYS, THEY WILL GIVE YOU YOUR
FILES BACK, OR AT LEAST THEY'LL
GIVE YOU THE ENCRYPTION KEY.
THERE HAVE BEEN SOME INSTANCES
WHERE THAT HAS NOT HAPPENED,
THEY HAVE RATCHETED UP THE
AMOUNT AND IF YOU TAKE TOO LONG
TO PAY, THEY'LL SOMETIMES DOUBLE
IT.
FOR THE MOST PART YOU DO GET
YOUR FILES BACK.

Steve says HOW ABOUT THE OTHER
WAY AROUND?
DO HACKERS GO EASY ON PEOPLE WHO
HAVE A TOUGH TIME PAYING?

The caption changes to "Service with a smile."

John says THERE HAVE BEEN
A FEW INSTANCES OF THIS.
THERE WAS ONE WHERE I THINK IT
WAS A PUPPY SHELTER WHERE THEY
ACTUALLY... THE LADY SAID, HEY,
I'M TRYING TO PAY YOU GUYS, AND
I CAN'T FOR VARIOUS REASONS,
TIMING REASONS AND ALL OF THAT.
SHE COULDN'T GET THE MONEY IN
TIME FOR THE 24-HOUR GRACE
PERIOD.
SO THE CROOKS BASICALLY AT THAT
POINT SAID, OKAY, FINE.
PAY US WHAT YOU CAN AND WE'LL
FORGIVE THE OVERAGE, IF YOU
WILL.
THERE HAVE BEEN INSTANCES WHERE
THERE'S BEEN COMPASSION SHOWN...

Steve says WE'RE SMILING, BUT
IT'S VERY BIZARRE.
IT'S ALMOST AS IF HACKERS ARE
INTERESTED IN PROVIDING GOOD
CUSTOMER SERVICE HERE.
DOES IT SOUND LIKE THAT?

Cheryl says ONE OF THE
IRONIES IS THAT THEY DO ACTUALLY
HAVE PHONE-IN HELP LINES, AND
FROM WHAT I'VE HEARD, THEY
OPERATE BETTER THAN CONVENTIONAL
HELP LINES IN TERMS OF...

Steve says WAIT A SEC.
PHONE-IN HELP LINES TO HELP
PEOPLE PAY THEM TO GET
REACQUIRED ACCESS TO THEIR FILES?

Cheryl says AS CRAZY AS
THAT SOUNDS, YES, THEY DO.
THEY WANT TO GET THEIR MONEY AND
THEY WANT TO MAKE SURE YOU KNOW
HOW TO GET IT TO THEM.

Steve says DO YOU HAVE ANY
ADVICE TO A TYPICAL BUSINESS,
YOU MENTIONED A SMALL BUSINESS,
ANY ADVICE TO THEM ON WHETHER TO
PAY OR NOT PAY OR WHAT TO DO OR
ANY OF THAT?

John says IF WE PUT SOME
OF THE CRITICAL CONTROLS IN
PLACE TO MITIGATE THIS IN THE
FIRST PLACE, PREVENT THIS FROM
HAPPENING, THEN THAT HOPEFULLY
TAKES AWAY THE ARGUMENT OF,
SHOULD I PAY, BECAUSE YOU DON'T
GET INFECTED.
ONE OF THE FIRST THINGS YOU NEED
TO DO IS YOU NEED TO ENSURE THAT
ALL OF YOUR CRITICAL DATA IS
BACKED UP.

Steve says THAT MEANS WHAT?
ON A SEPARATE HARD DRIVE?

John says THAT MEANS ON A
SEPARATE MEDIUM OF ANY KIND, BUT
IT HAS TO BE DISCONNECTED FROM
YOUR NETWORK.
WE USE THE TERM OFFLINE
BACK-UP...

Steve says IT COULD BE IN THE
CLOUD.

The caption changes to "Keep calm and back up data."

John says IT COULD BE.
THE KEY POINT IS THAT YOUR
EXISTING NETWORK SHOULD NOT HAVE
ACCESS TO IT BECAUSE SOME OF
THESE RANSOMWARE MODULES DO
ACTUALLY LOOK FOR CONNECTED
DEVICES AND WILL ENCRYPT THE
BACKUPS AS WELL.
THAT'S ONE THING.
THE OTHER THING IS YOU SHOULD
USE PROACTIVE SECURITY MEASURES,
ANTI-MALWARE, ANTI-EXPLOIT
TECHNOLOGIES.

Steve says DOES IT WORK?

John says IT DOES WORK
AND IT IS AVAILABLE.
THAT'S WHY WE SAY BACK-UP AS WELL.
NOT EVERYTHING IN THE SECURITY
WORLD IS 100 PERCENT.
SO, YEAH.
IF YOU DO THOSE TWO THINGS, I
THINK YOU'RE IN A MUCH BETTER
POSITION TO NOT HAVE TO PAY.

Steve says ANY OTHER ADVICE ON
HOW PEOPLE CAN PROTECT THEMSELVES?

Cheryl says I WAS GOING
TO JUMP ON THIS ONE.
THREE, TWO, ONE BACKUPS.
THREE DIFFERENT MEDIA SOURCES,
MAKING SURE ONE OF THEM IS
OFFLINE BECAUSE THEY WILL FIND
ANYTHING THAT'S CONNECTED, ANY
PERIPHERALS YOU HAVE, USB
DRIVES, ANYTHING ADDITIONAL
UNMAPPED NETWORK DRIVES, THE
RANSOMWARE WILL JUST TRAVERSE
THROUGH AND FIND ITS WAY.
SO WHATEVER IS CONNECTED WILL
ALSO BE CORRUPTED.

Steve says PUTTING IT ON A
SEPARATE KEY?
A MEMORY STICK DOESN'T WORK?
THAT'S NOT ENOUGH?

Cheryl says IF IT'S
CONNECTED IN, THEN IT WILL HAVE
BEEN CORRUPTED.

Steve says OH, MY GOODNESS.

Cheryl says IT'S JUST
BEING CAREFUL.
I LIKE TO SAY THINK BEFORE YOU
CLICK.

Steve says THAT'S RIGHT, THAT'S
RIGHT.
LET'S READ THIS FROM "THE
ATLANTIC."
SHELDON, DO YOU WANT TO PUT THIS
GRAPHIC UP?
THANKS.

A quote appears on screen, under the title "The extortionist in the fridge." The quote reads "The recent explosion of ransomware will only continue as more everyday objects are connected to the Internet. Newcomers to the Internet of Things are likely to have weaker security systems than computers or servers, which for decades have been designed to weather online attacks.
As manufacturers crank out new connected devices, a high priority on functionality can drive them to cut security corners in the name of convenience."
Quoted from Kevah Waddell, The Atlantic. January 6, 2016.

Steve says CHERYL, THIS
INTERNET OF THINGS, WHAT IS THAT?

The caption changes to "The other shoe drops?"

Cheryl says THAT'S ALL
OF THE WONDERFUL STUFF WE LIKE
TO PLAY WITH EVERY DAY.
IT'S THE STUFF THAT CONNECTS
ONLINE.
IT'S OUR SMARTPHONES, SMART
FRIDGES, SMART TELEVISIONS,
SMART HOMES, THERMOSTATS, CARS.
IT'S IN PLACES NOW WHERE YOU
WOULDN'T EVEN THINK TO LOOK
BECAUSE THE DESIRE IS FOR
EVERYTHING TO CONNECT.

Steve says CAN THEY GET MALWARE
INTO THE COMPUTER THAT RUNS YOUR CAR?

Cheryl says YES, THEY CAN.

Steve says BUT IT'S NOT HOOKED
UP TO ANYTHING.

Cheryl says IT'S
RECEIVING... IF YOU'VE GOT A
WI-FI SIGNAL, IF YOU'VE GOT
RADIO WAVES, YOU CAN CONNECT.
AND THEN YOU CAN HACK A CAR.

Steve says YIKES!

John says THANKFULLY,
THOUGH, SPECIFICALLY WITH THE
INTERNET OF THINGS, A LOT OF THE
HACKS THAT I'VE SEEN REQUIRE
PHYSICAL ACCESS TO THESE
DEVICES, SO FOR NOW, IT SEEMS
LIKE THIS IS SOMETHING WHERE
WE'RE KIND OF LIVING ON BORROWED
TIME PROBABLY BECAUSE THEY HAVE
DEMONSTRATED, HACKERS HAVE
DEMONSTRATED THAT YOU CAN MODIFY
A DEVICE, MAKE IT DO WHAT YOU
WANT IT TO DO.
I FOUND AN EXAMPLE OF A
THERMOSTAT BEING RANSOMED, IF
YOU WILL, AT DEFCON.
IT'S THE NEW FRONTIER, IF YOU
WILL.
I BELIEVE THE NUMBERS ARE
20 BILLION DEVICES EXPECTED TO
BE COMING ONLINE IN THE AGE OF
THE INTERNET OF THINGS IN THE
NEXT FEW YEARS.
IT IS A BIG MARKET FOR THESE...

Steve says IT SOUNDS LIKE SOME
KIND OF FANCY CONVENTION.

John says IT'S BASICALLY
THE HACKER CONFERENCE THAT
OCCURS EVERY YEAR IN AUGUST IN
LAS VEGAS WHERE IT'S NICE AND COOL.

[LAUGHTER]

Steve says GOT IT.
IN OUR LAST 30 SECONDS HERE,
JUST FROM THE WAY YOU HAVE
DESCRIBED THIS TODAY, THIS IS
ONLY GOING TO GET WORSE, I
ASSUME; IS THAT RIGHT?

John says IT DOESN'T SEEM
TO BE ABATING ANY TIME SOON.
WE'VE HEARD STATS OF IT COMING
UP IN TERMS OF THE MONEY AND THE
VARIANTS THAT ARE COMING OUT
THERE. YEAH, IT'S LIKE
BASICALLY A POPULAR BURGER
JOINT, IF YOU WILL.
ONCE McDONALD'S EXPLODED IN
POPULARITY YOU HAD WENDY'S AND
BURGER KING AND HARVEYS AND MORE
TO COME.

The caption changes to "Producer: Katie O'Connor, @KA_OConnor"

Steve says THANKS YOU TWO FOR THE
HEADS UP. MUCH APPRECIATED.
CHERYL BISWAS, JOHN SHIER.

BOTH guests say THANK YOU.

Watch: The Rise of Ransomware