Hey everyone, this is Marcel Martens.
Welcome back to the Cloud Secrets podcast. Today we’re going to talk about ransomware and what you can do about it.
Subscribe to Cloud Secrets channel on youtube
So today I will talk about ransomware and cybercrime, and what you can do about it to make sure your system is safe and all your data and emails are protected as they should be. So no unauthentic entry into your data.
For this, I would like to tell you a story. In 2015 we had a customer, one of our bigger customers we had at the time, and they are a … well sales … they export a lot of stuff in the after-sales for cars and they sell brakes and brake discs and steering stuff and all that kind of stuff I don’t know anything about.
At that time, the managing director and all the account managers were traveling a lot, especially to the Eastern Europe and maybe even Russia and the secretary and the receptionist … these two ladies, they will make the reservations in the hotels and booked a plane, flights and everything to arrange the trip for those account manager and director. And that was where it got wrong.
HERE’S THE PROBLEM…
They were going to these Russian sites or East Europe sites and then they get infected with some … well, back in those days it was cryptoware, not ransomware. The only difference is that they don’t ask for any ransom. They don’t want any money so they just encrypt your files and you’re screwed. So the director called me and he said, “Marcel, Marcel, HELP HELP… I don’t know what’s going on but everything is … we can’t open any files any more and all our data is gone.”
I said, “Okay, what happened?”
He said, “I don’t know, just FIX it.”
So okay, I hang up and I took a look at the system and the files and at the first look, I knew enough. There were all these weird extensions and all the files had different file names. Nothing logical about it. So we shut down all the systems so the infection wouldn’t spread any further, but the pain was already there because over one terabyte of documents were encrypted. Luckily, we had a pretty good back up, if I may say so ourselves. But we started restoring and this company, they start at 6:00 AM and they close at, I don’t know, 11:00 PM or something. So we get back to restoring and finally we managed to get everything up and running around 7:00 in the morning.
But yeah, you can understand they lost an entire day because the backup was off the day before. So everything they’ve done that day, that was practically gone.
All the documents were gone, orders were gone, and they couldn’t … well, ship off any orders because the system was down. So their total loss was … I don’t know, maybe 100,000 euros or more. So they were really, really freaking mad and not amused about the situation.
And so I talked to them and they asked me, “Why is it that we were infected?
We got your systems, we host everything at you. We’ve got your protection. How did this get through our filters and antivirus software?”
That’s a good question!
I took it back up with ESET, the software we use for the protection, and yeah, no one will ever guarantee you 100% security because it’s these guys … those hackers or whatever … programmers who are trying to steal all your stuff or do bad things, they always try to keep one step ahead of us.
We can build most secure systems that you can think of but they will always try to hack it and breach it. So it’s just sports for them, it’s just a game and gives them credit in these dark areas on the web because they can show off and, “Oh, look at me. I’ve done this or this and I’ve hacked into that.”
But a few weeks later, same thing happened, you can guess, and they were even madder than … madder, is it English word? They were pretty pissed. Why would happen again?
And sure, I would feel the same thing if it would happen to me, especially if it happened two times in a row in a very short period of time. But at that moment, we did the same thing. We went restoring all night and so they could be working in the morning again. And we went back to ESET and I told the managing director of, I believe, European, Middle Eastern and Africa,
Okay, what can we do to prevent this from happening?
As a small company, at that time, I know we had around seven people or something working for us, so we didn’t have a lot of resources to well, dedicate a few people a day but the pain was so enormous that I didn’t care. I wanted to solve this problem that our customers wouldn’t be affected anymore and no more data would be lost. So we’ve made two engineers available and they’ve been working like two, three months.
Well, in the second month … we were testing and trying and see what we could figure out to be able to prevent the ransomware from coming through. And in the second month, the same customer was infected for a third time.
Well, you can guess what kind of conversation I had with them…
It was not a funny and pleasant talk. It was … I don’t know, maybe my worst meeting in years because they lost three days of business so it was close to half a million euros that they would be lost in revenue. So you can imagine how they feel at that time.
SO THE BIG QUESTION IS...
So they asked me, or more so just told me, “Marcel, I don’t care what you do, but you need to fix this.” I said, “Yeah, I’d like to but it’s out of my hands.”
It’s not that I would like to blame other people or other providers or just to get it off my plate. No, I’m a responsible person and I take responsibility for everything that I do. So also for the software and services I provide.
And even if it’s excluded in our terms and everything, it doesn’t matter. I just want a happy customer. So I will do everything in my power to make sure that they can work safely.
Well, that’s my effort I’m going to put in every single time again and again and again and again. So let’s call it non-stop commitment to give it a name. But as we progressed with ESET … at that time we were at top level engineer or even the developers themselves who we were talking to.
At three months we finally figured out with them how we could prevent the ransomware from going through to the systems and bypass the virus scanner. So WooHooo! We finally had a solution but we were a little holding back, not to be too enthusiastic because we just wanted to make sure that it wasn’t going to happen again. You know, after three times it’s not like you check a bullet or something and it’s fixed.
To tell you what the solution was, it was actually pretty simple because if you know what ransomware does and how it infects the system … And when somebody goes to a website that has the bad software that will infect your system, it will execute some script, probably Java or something else, which will start a Windows component. And when it starts the Windows component, the Windows component is trusted by the system and also by the virus scanner, so they don’t think anything is wrong while running that particular program.
But when you give that program certain instructions and it will download the actual ransomware and then run it, it has a free run on the system, especially when you have a secretary for the business owner. In this case it was a she, it was a woman. She had almost access to every file they had. So that’s why three times in a row, almost the entire system or every data that they have was encrypted.
So what we basically did to solve that problem was we just told the virus scanner that it cannot allow programs like Google Chrome, Internet Explorer, Outlook, whatever kind of program, that they are not allowed to start another Windows program, which would normally download the ransomware. So in this case, by stopping Program A from starting Program B, we were able to completely stop all kinds of ransomware that would try to enter the system.
Since then and I believe it was March 2015, we didn’t have any infection at all. It’s now 2019, July … first of August, while I’m recording it. So it takes a couple of days for this to get in the air but it’s like over four years that we didn’t have any system that was breached. So I thought,
How could we make this available to the general population and make sure every business, especially here in the Netherlands, where I operate with my business, M – IT Services … How can we make this available to all business in the Netherlands so they can be safe and always be safe in business?
Well, it doesn’t cost a thing because for two euros and 58 cents, you can protect the system. A month, by the way. But yeah, in the Netherlands, it’s not easy to just sell something at such a low price because you’ve got all the big companies and all those IT managers there and well, as cocky as it may sound… they all think they know it better so … and that you’ll go back to the news.
We’ve got the harbor which was infected, so all the ships and all these transports and all the docks were locked down for days and days and ships were waiting in sea, to be able to offload their … I don’t know, their containers. And lots of products were wasted because there was food and they needed to be fresh and … I don’t know.
After that, we have Organon (MSD). Organon is a big pharmaceutical company here in the Netherlands and I believe they had been three to four months without any computers or laptops at all. So people would need to bring in their own laptop, their private stuff, which get checked by IT and then they had one laptop per department on which people could spend like 15 to 30 minutes a day on the laptop to perform their work.
It’s insane, if you think about it, that such a big company that was now, for three months, totally shut down or pretty crippled if they can only work like 15 to 30 minutes per person a day, on a computer. It’s insane and if I told you … well, let’s say they got 10,000 computers, that they could prevent that from happening for like 30,000 euros a month. Take a look at the losses they’ve made now by being almost completely shut down for three months. You know, those are labs. I don’t know. Labs. So a lab is completely dependent on computers and systems and data and when that’s not available, you can’t work.
I’ve got tons of examples. I cannot call them here, but I hope you can feel my passion about this because I think it’s the wrong … if you try and save money, buy a cheaper computer, you know, which is a little bit slower, but do not ever, ever, ever, ever, do never cut short on security. And it’s not that I’m paranoia and that you always should use incognito browsers and delete all your cookies and stuff every day. No, completely the opposite, but just the basics. You need to cover the basics so you can just start working every day with the certainty that your system will be safe, secured and unavailable to unauthorized access.
So that’s for today. I hope you enjoy this?
If you do, please leave a review on iTunes. You can also watch me on YouTube, on my channel. Look for Cloud Secrets and you will find it. I will put the link below. For the meantime, if you would like to follow me, go to Instagram and look me up @Cloud.Secrets and join me there so you can follow me and get ahead.
Oh yeah. And just to give away a teaser.
I’m making a course where you will be able … let me give you the headline.
Biggest teaser I’ve seen in IT for quite a while: “How to become a cloud expert within 14 days without any prior IT knowledge and start making money on Day Two.”
Sounds good and you want to join? Follow me at Cloud.Secrets on Instagram.
Okay, talk to you guys next time.
Bye-bye. Thanks for listening.