Protecting Your Biz From A Ransomware Attack – Doug Endersbee




“A new way for criminals to make money, apparently cybercrime is now larger than the illicit drug trade globally"



Today we are going to be talking about something that scares the hearts and minds of just about every person who has ever opened an email in their life, today we're going to be talking about ransomware and cybercrime and I've got my friend Doug Endersbee back on the show to talk all things security and making sure that you don't get locked out and ransomed to your own information.

How to be safe from the cyber criminal? [05:30]

Is there any other kind of cybercrime that we should be worried about? [10:49]

What is that the best form of security. [15:56]

Backing up system, how to invest in that and keep your files safe[15:56]

Is it worth using any insurance broker [29:00]

Doug r


SALENA: [00:00] Hi there and welcome to this week's episode of the bringing business to retail podcast, today we are going to be talking about something that scares the hearts and minds of just about every person who has ever opened an email in their life, today we're going to be talking about ransomware and cybercrime and I've got my friend Doug Endersbee back on the show to talk all things security and making sure that you don't get locked out and ransomed to your own information. So welcome to the show Doug.

SALENA: [00:35] Thanks SALENA am glad to be here.

DOUG: [00:00] You gave us such great information when you were last on the show talking about how you should maintain control of your website, I've actually directed a lot of people to your services and a lot of people to that podcast and it's been really helpful. So thanks so much for today to come on and talk about ransomware, now personally my interactions with ransomware have been very close to home, not my home, but very close, my next-door neighbor Greg who is a part of our family just about recently had his information stolen out of his computer.

He received a gas bill and these people were really smart he received a gas bill he said that it was overdue, Greg is one of those people who pays every single bill on time. But he also got a text message to say that his gas bill was overdue, so of course when he clicked on the link they stole everything on his computer and they held it to ransom for twelve hundred U.S. dollars. So tell us a little bit about how the whole ransom thing we're starting.

DOUG: [01:43] Sure, you know it's a new way for criminals to make money, apparently cybercrime is now larger than the illicit drug trade globally, so it's proved to be really profitable fertile grounds for criminal networks to make an absolute ton of money and as your mate Greg realized their ability to look authentic is fabulous. You know they just really look like they're the legit thing, so you know another example I bumped into was you know a friend of mine works at a real estate agency and received an email stating that they were investors and they had a couple of properties in Southeast Melbourne where the real estate agency was and you know they sort of laid out some criteria, if you like with the real estate agency be able to help them find some additional investment properties will of course you know that all sounds quite legit.

And the response went straight back, you know certainly that's the area we operate in and just give us a sense of the United properties you're looking for and I said okay like came back to them a day later and said we're looking for apartments you know probably in this price range and we've attached some image files that we'd like you to have a look at and see if you've got anything similar to these. And there was a link in there to the united, the suppose of the image files same again, that was a ransomware attack.

So, very cleverly groomed everything about it looks quite legitimate and importantly from a you know antivirus anti-spam anti-malware detection standpoint. So what we would call endpoint security quite difficult to defend against because potentially that could be a you know a freshly minted email address that's got no history of doing anything bad and also there is potentially in these, what are called phishing attacks there's no actual software in the email that you're receiving, it's just a link. So it could be you know a drop box link for all you know or for all any sort of you know anti-spam antivirus detection service might know. So very difficult to stop it at the gate and you know have any tools which will help you identify it on the way in.

SALENA: [04:19] I see this happening a lot, I've had a lot of interaction with people who have had their data either stolen or ransomed and the ones that I see quite often are PayPal and if you're a retailer you're constantly getting email confirmations from PayPal and if you've got a lot transactions going through there doesn't seem to be a difference between hey you've got an order and then hey you've got an order. They look so authentic. So PayPal was one Australia Post is the other one where you get the notification to say that your parcel is coming. Now this seems like a godsend for most people because here in Australia, the Post does not do a very good job of delivering mail.

So, if you're lucky you get a card they very rarely tend to knock on the door and actually deliver your parcel, so when you see these emails you're trying to get on top of it you're like yes I want my parcel delivered. I wonder how and I'm just paranoid, I don't click on anything in an email anymore. So, tell me how can we make sure that we're not in the same position is Gregg and your real estate agent and the retailers that I know that have been victims of these crimes.

DOUG: [05:30] The only way to do it is to be able to diagnose the email and if it's not from somebody that you know, there is some header information in an email and this is quite difficult for the you know ordinary user to interrogate because when they send these emails they can quite easily what's called to spoof. The spoof or legitimate email address, so what you see in the information that's firstly visible to you is that it seems to be from a GL or it seems to be from Australia Post.

If you then click on a couple of links that relate to the properties of the email that's been delivered to you, so you can see the various networks that it's gone through and those sorts of things then you will often find the true email address of the sender very difficult for ordinary folks to do that, so that I you know in my view the best thing to do in a situation like you know let's say that it's purports to from Australia Post.

If you've got an Australia Post email login and a lot of us do I certainly do, I would just go to that, I would ignore the email and I would just log in and if it's legit then I'm probably going to see a message from Australia post there regarding you know either an inbound delivery or something that I've sent. And I'd do the same for just about any of those services that purport to be you know from my bank or from you know my electricity provider or whoever that might be.

SALENA: [07:15] It really is quite onerous though isn't it? the reason we have your mail is to try and make our lives a little bit easier, well when our inboxes aren't flooded and now have we actually got to the point where you just can't trust anything in your inbox.

DOUG: [07:30] I don't think that we're at that point, but it is an onerous task and it's you know beholden on individuals in a business to be very selective about how they review email and what they actually open and you know what links they click on or what attachments they're prepared to accept. there's no easy way around it because your spam filtering is not able to filter out stuff that is got no attachments. Now we're attached it's just got a hyperlink, but that we're all sending hyperlinks to each other all the time to you know visit this page on my website or you know I thought this was really funny you know have a look at this you know it’s happening all the time and it's just too easy for it to look innocent.

So, it is just being savvy being vigilant and I'd really recommend that anyone with a lot of staff that are receiving a lot of email that they look into having some kind of a training program, where staff can be actually if you like trained by somebody who is expert in that space and there are organizations which will also come back and I will do it say on a quarterly basis.

So, they'll send out some you know fake phishing emails, spoofing email addresses and they will be able to tell who clicked on them and then go back to the owner of the business and say okay well we said something to of your staff and five people clicked on it you know no shame in that because a lot of these things can look so legit you know what did the real estate salesperson do. They had what looked like a really genuine inquiry right inside their product set. so they're going to respond to these things. So you've really just got to be vigilant and well-trained by the way with the real estate agency, they did not click on the link. They were suspicious of it and they spoke to a few other people and they did send some replies and say you know just give us a sense of the areas and that sort of thing and of course at that point the conversation goes cold.

SALENA: [09:37] Smart people because I have to admit there's a pretty good chance I might have clicked on that kind of email and you were talking about something that is extremely relevant, if you have a team in your store and the couple of retailers that I know, it was actually their team that clicked on these Australia Post emails and the PayPal emails because obviously they didn't know, but that's their job being in the shop and orders come through and so for example let's take the PayPal email. PayPal's come through and said you have an order and then they've gone into their system and they can't see the order.

But you know they have to actually click at some point to see they were obviously doing investigation all that you know technology glitches out all the time PayPal sent me these, But the orders not there so it wasn't until further down the track that they realized that they had a problem and in fact all their data just disappeared. So can you tell us a little bit about how apart from ransomware which I'll get you to explain a little bit more about, is there any other kind of cybercrime that we should be worried about, first of all just tell us about what ransomware is like I gave you two questions that was…

DOUG: [10:49] The system went into ransomware and how that functions, you know going back to your next-door neighbor he clicked on a link and then ultimately, he was asked to pony up some money to provide some money and they would unlock his PC or his works that had been encrypted. So the way that it works is that when the payload is sent out, so they found one email address, it might even be actually posted on your website you know  and there's no sort of you know capture way of hiding that so people can just do a scrape of your website and get your email addresses that's one of the ways they get them.

So they send the email address in, when they send the email in and then somebody in on the sales side you know dutifully opens it up, then what might happen is that they click on the link and the malware launches itself into that person's workstation typically it's going to sit there for quite some time because what they want to do, is they want to find all the different devices that connects to that Network.

So the workstations on the network they're on the workstation, they will then start to sniff out through the network over here you've got your network attached storage all your backups and that's actually connected to a workstation over here, that controls the backup regiment and then sends everything to the network attached it. Okay, let's encrypt all of that so what they're doing is they're using standard encryption technology to encrypt all the files.

So, they are completely useless to you. You can't open them, you can't do a thing with some and the malware will just sit there and as time goes by other workstations come in to work and people fire up their PCs and they're all working and that might stay on there for a month because it's waiting for those people that only work two or three days a month and it'll get their devices. And then they wait a period of time where they feel as though they've got everything on that network nothing new has been added in a little while, okay let's launch the payload and that's when people come into their office and everyone starts looking at each other and saying hey I can't get into anything.

I can't see any orders, I don't know how much inventory we've got, I can't do a thing, I don't even know where customers are right now because I've got no information available to me they like you know everything down and at that point typically what they will then see on their screen is there will be a pop-up that says hey if you give us you know ten thousand dollars in Bitcoin, we will provide the encryption key and will allow you to unlock all your files and recommence business.

Now for business, so affected that can be absolutely catastrophic and there was a crypto locker virus that was launched last year and it was called the Petya. Petya virus and that affected Cadbury you know Cadbury chocolates in Tasmania and it actually locked down their entire factory capacity apparently, so that they couldn't even put an almond on a chalky they didn't know how many almonds they had they didn't Miami Chalke’s and I didn't even know if they had orders for chocolate you know top diamonds or you know Chalke’s with almonds on top all of that kind of thing.

So they knew nothing and then at some point in time it took them quite a while to get back on deck and get everything functioning again and then at a later day. The senior management team were clearly asked my shareholders and stakeholders well okay you know this has clearly had a financial impact on the business, you need to tell us how much the profit and loss statement for the firm is going to be affected by this boardie’s. And they put a charge of a hundred and forty million dollars on their P and L; to the cost of that event and recovering from that event.

DOUG: [14:42] It can be an absolute calamity for small businesses you know sometimes what they find is that you know they pay the ransomware and the encryption keys don't come back to them. So they've just blown the money and then sometimes if the business is absolutely relied on all that information that can be the end of their business. It's very hard to rebuild all that information if you've just lost it all.

SALENA: [15:10] And one of the things I wanted to ask you about so as I said I've got my next-door neighbor Greg as the example, Greg is really fussy about backing everything up you can tell he's very methodical, he's very fussy about backing things up. But exactly what you just said happened to him, he was backing up his computer at the time with an external hard drive and it got into that as well. So he couldn't even go into the backups, my question to you is if for example I back my system up into ICloud or I've got Crash Plan I make sure that I back up my system three times a day, can this kind of system get into a cloud-based backup, is that the best form of security.

DOUG: [15:56] Yes, it is because it's not permanently attached to the device, so the important aspect of that is that you have multiple versions of the backup., so that you can go back and you said you know backing up three times a day and you might think three times a day and then keep the last thirty days’ worth of backups and that doesn't have to be a complete backup of your you know seven hundred and fifty gig computer three times a day which is three point one Tera bit provides and you know on we go these can be incremental backups.

So, it's just doing an initial backup which could have been done you know three years ago for all that matters and then you're doing incremental backups three times a day and you're able to go back you know potentially if you said setup the backup regimen that way you could go back quite a few months that then provides you with very discreet completely unrelated backups of everything that was backed up by that particular process could be PC you know in a small office and that gives you terrific ability to recover from a ransomware attack because you can say all right you know I need to go back to the seventeen of January all right, well I've got a copy of that might not be exactly the seventeenth maybe you need to go back to the fifteenth or sixteenth or something like that and recover from that point in time.

But that will give you the ability to withstand that kind of ransomware attack completely independent happens automatically and you know you mentioned people having a you know doing a backup to a hard drive and you know you your poor maid Greg you know he had one of these backups that is a really risky and I'd have to say inferior form of backup because when you're backing up to a cloud. So we have a backup platform then when that backup occurs the storage, the data that's being stored as part of the backup process it's not sitting on one computer with one hard drive. It's actually spread across multiple servers each of which has got a hard drive tray of up to sixteen hard drives and it's spread all over them.

So, you know you end up with five six seven servers whatever it is and you know six times sixteen or something in terms of the number of hard drives. So what that means is that of an individual hard drive fails and it happens to have some of your data on it doesn't matter because this duplicate copies right across the system.

So, on a system like ours for instance if we had you know we could have three hard drives fail and nobody would ever know because there's that level of redundancy in the platform you know we could have a server fail nobody would ever know the backups continue, whereas a lot of small businesses have a very false sense of security because they took a hard drive under their arm every evening and go home and it's a spinning platter it's a very _ I guess finely tuned piece of mechanical, it's a mechanical device and it's not designed to be bouncing around in a handbag on the bus back to you know Bondi Junction and then coming into the office the next morning and plunked on a desk and reconnected every time. It's very easy for those devices to have to have bad sectors on them to be affected by just the wear and tear of the travel and so for a small business if that's your backup it's almost like saying I'm only going to have one bullet in the chamber of my gun the target is a hell of a long way away because you don't even know if your hard drive is being dismounted off the workstation correctly or you know just the cord was yanked out and hasn't sort of captured all the data correctly.

It's been corrupted you know it's really asking a loss to stake all of your business on that one hard drive that you bought from office works a couple of years ago that's so well-traveled now.

SALENA: [20:18] I think a lot of people assume incorrectly that you only need this kind of data if you're a multi-site store or if you you've got several employees, the fact is if you just have one computer, one laptop, one PC and it's just you working in the business, it is just as important to be backing up every single day as it is to a multinational company.

DOUG: [20:47] You did right and you know one of the things that we often hear from business owners is that they say you know dad we're too small you know who's gonna worry about us. But they're there after the big guys you know they're after Cadbury and folks like that what that fails to realize and to recognize is that these phishing attacks and these what they call drive-by malware attacks.

They're all about their totally automated say they are just pinging networks all over the world looking for a way in. Then when they find their way in they then find out well who is it that we're attacking and what can we get out with them, so sure you know it might be a sole trader and they might look at it and go well heck week you know I know that if they go down the road and talk to a you know a forensic data recovery guide they're going to have to spend three thousand bucks before the guy's going to talk to them to recover you know their laptop and their backups, so let's say; the romance and we figure it at nineteen hundred dollars.

SALENA: [21:58] That is nice.

DOUG: [22:59] that is exactly what I do.

SALENA: [22:00] you are hundred percent right there, Greg when he did some digging and I have to admit this is my husband's forte, he's insecure Internet security. So I know personally that we're are okay here, but he was explaining to me that they do exactly what you just said they analyze I've assumed automatically the kind of data that's involved and with Greg he was on a committee as a volunteer and he had lots of spreadsheets and obviously they could see that he had lots of spreadsheets.

So they thought that he was worth more than somebody else, so when he started doing some digging on forums like whirlpool people were saying you know two hundred here three there and they wanted twelve US dollars from Greg because clearly they'd looked at what was on his system and it looks like it could be important. So it's taken that amount based on the kind of data it was encrypting.

DOUG: [23:00] That's exactly what they'll do and I will research you and they'll go online and they'll figure out how many staff you've got and you know the about us and if they've got access to people's devices which often, they will have they will see how many people are in the organization from the email account, they might eat might even interrogate that and you know there are the other things, they do which will give them a sense of where to pitch the ransomware.

SALENA: [23:27] And the silly thing is to get back up to the cloud I think I pay around about three dollars a month and it just sits in the background on my laptop backing up several times a day for three dollars.

DOUG: [23:39] It's well worth it and typically when you talk to people that are affected by one of these events all of a sudden, the data takes on a new value you know they might even balk at three dollars a month.

But I might say look you know I bought a one terabyte hard drive you know four years ago from Harvey Norman and I'm going to keep using that, so there's backup cost a few advertisers is like Twenty-five backs a year and they don't want to you know spend the money on something more than that, but when something dreadful happens all of a sudden they can see that they're about to lose days and days and days of productivity and they still have to pay someone to get the data back because it's just inconceivable that they're going to lose all that.

So you know potentially you've got a sole trader who's lost the best part of a week and still spent a couple of grand trying to recover the data and potentially has only got some of it back anyway and the stress that comes with it and that's stress, so you know that the cost of the alternative is you did right generally trivial by comparison.

SALENA: [24:51] So to me and I know this is not your area of expertise, so it's okay if you don't answer that if you answer the question. But can you actually get insurance against this kind of attack...

DOUG: [25:01] Yes you can, but it's a really interesting area that we've been looking into quite recently, simply because I was at a security conference and there was a panel of insurance brokers talking to this cyber security conference about security and I put my hand up and I said hey if somebody got all their ducks in a row they're pretty solid they've got endpoint protection they've got multiple versions of backup both local and to a cloud facility that they can readily access you know everything looks really strong, I'm guessing they'd get a cheaper insurance premium wouldn't they and they went on I that's not going to happen.

What that means is that if they were to make a claim it would probably be paid and that was a little bit of that AHA moment for me because essentially what we're seeing in this area of cyber insurance is that particularly for small businesses that might just jump online and buy an insurance policy online. They really should be talking to an insurance broker, they sure they have cyber insurance number one. But if you look at a lot of the cyber insurance policies and look at what they require of the customer. The policyholder, they actually expect that you were going to be cyber secure, it's no different than when they issue you a car, they expect that the car is roadworthy, they'll ask why is car roadworthy and you'll say yes it is, if you come back to them in six months later and say hey we went off the road you know going around a corner and they find out well actually your tires were bought or your brakes didn't work and the car was not roadworthy.

They don't pay for the for the small business owner same deal, if you've ticked all the boxes and said yes of course I've got you know a current version of antivirus and I've got malware and I've got endpoint protection and I've got a backup that I can rely on and bring everything down and then you then you make a claim and say oh you know I've been locked up and I've lost everything and it turns out. But you've ticked checked all the boxes that said you had the right things in place, so that they could issue the policy. But in actual fact you couldn't have because that's why you're making the claim you won't get a payout, it's really important I think for small business owners to have cyber insurance.

But I would definitely talk to a broker before you do it and make sure that you truly do comply with their security requirements because otherwise you know you're just throwing good money after bad now just not a relative thing what I do understand about insurance is that will over seventy-nine percent of Australian businesses small businesses, do not have a cyber insurance policy. The vast majority of them do believe that they've got some kind of you know business continuity insurance policy in place you know flood fire fare something like that and if their business is interrupted because of a cyber event somebody trying to rip Manning off them and all those sorts of things somehow magically that insurance policy will cover it, I'd say look again because it probably doesn't, then of the remaining thirty percent of Australian businesses that have got actually a cyber insurance policy in place and in the small businesses let's say under staff it's probably less than ten percent of go to policy have a good look at it and make sure that you truly do compliant if you've got any questions call up your broker and question them about it because a very large percentage of those guys will have been paying insurance premiums for policies that would be never sustained a crime.

SALENA: [28:39] I love my broker my insurance broker, I always say it is worth using any insurance broker because they're the intermediary who can explain it all to you and hopefully if you have a broker there was a fantastic as my girl because she will tell me, she's like right if you have this you have to make sure you've got this and this of this in place in order to be protected.

DOUG: [29:00] Absolutely now just in terms of backup you know one of the things that's important to understand that we see with people with backup, but needs to be considered is how accessible the backup copies are, so it's one thing to have a cloud backup in place. But then you need to look at your business and say okay how much data have I got backed up, if you've got a terabyte of data backed up and you've got an ADSL connection, unless your backup provider can download on to hard drives and send you the backups by courier, it could take weeks or even months to get a terabyte of data through an Australian ADSL connection, not really a usable solution. So you know you need to understand with your backup provider where is the data and what am I access options and what sort of backups can I do. Can I do a full system state backup which means the whole device the operating system.

The applications on it the files on it or is it just a backup of the individual file, the reason that's important is if you've got you know or staff and all of them lose their workstations because they get encrypted if an IT guy has to come in and you know basically wipe the drive on all of those workstations and then reinstall the operating system reinstall, the applications and then reintroduce all the work files that the applications access so that most people can do useful work, you've got a hell of a lot of time per workstations times six time or twenty, if the backup is actually a full system state backup then what you're able to do is you can restore the last good version of that machine as it was, so the operating system, the applications even your browser history will automatically come back in as part of that backup process.

So, when people think about backup, one of your objectives is going to be your restore time objective what can we tolerate, can I have staff unproductive for five business days where am I or what I'd be happy with only to five is unacceptable, if it's only two you probably want a system state backup. if it's five, then maybe you can say or I'll say they do the money on storage and I'll just you know I'll just backup the files on the PC and not worry about the operating system and the applications.

SALENA: [31:46] Interesting and I'll have to admit, I'm a little bit ignorant there because that's my husband's jam. I'm pretty sure we also backup to a server in our own house which is a little bit scary probably a little bit over the top.

SALENA: [32:01] Not, over the top, it's really important that you do that we call that the local backup, so a lot of the cloud backup service is certainly the one that we offer is a hybrid backup and so the way that works is when you set up your backup regimen, it will do the first backup to your local backup storage hardware whatever that might be a couple of external hard drives or a network attached storage device or something like that terrific because then if you know back to the example of your staff, if a staff member one individual you know the forklift backed over his laptop in the warehouse or something like that, okay go to the go to your local backup storage and get a new PC from Harvey Norman or somewhere and basically just recover his old PC to the new machine that you've just bought really easy.

But if everyone is locked down from ransomware including potentially your local network attached storage has been compromised that's when the cloud one is really important. So for convenience we would always suggest people have a hybrid backup service and our hybrid backup service itself will do all that automatically six o'clock p.m. let's back up to the local attached storage service and at seven p.m. let's back that device up to the cloud attached and then you've always got the option.

SALENA: [33:19] Clearly that's what as I look across the room, the square box under my bookcase is.

DOUG: [33:26] Indeed.

SALENA: [33:27] That such helpful information and you know I think I know these stuff in the back of my head not all of it. But I needed the box underneath the bookcase was important I probably could have asked what it was but now that you say that I'm pretty sure I've heard those words out of my husband's mouth at some point.

DOUG: [33:42] There you got called osmosis it's just you know just lying beside him occasionally some of it has jumped across into your brain.

SALENA: [33:48] Similar from advice you've shared so much helpful information we don't want to overwhelm everybody's brains, if people are thinking Doug I need some help with this where can they find you.

DOUG: [34:03] Just jump online go to OZ today you we've got you know there you will find out our phone number at number one, three, hundred, four, six, seven, eight four, three and also we have online chat, we have a hell of a lot of small businesses open up online chat on our website and start talking to one of our customer service guys and very quickly they say okay, that's enough information let's have a conversation and have a phone call as well.

So, that's a really you know common path where people just kind of ping us and make sure that we're on the right path in terms of what they need to do and then we're always happy to talk to them. I think generally you know that the phone conversation getting a little bit of a context about the business and how they run it makes a hell of a difference in terms of making sure that people are getting what's going to be useful to them.

SALENA: [34:55] one last question for you Doug tell me the name of your most favorite store.

DOUG: [35:05] In which retail category?

SALENA: [35:06] Any retail categories which is the retail that you love and for people who don't know what Dan Murphy’s are for all you Americans Dan Murphy is a liquor store. So tell us why do you like and that store so much.

DOUG: [35:18] Well I think they have a terrific range of you know typically I'm looking for sort of red wines and white wines, they generally have helpful staff, they they're really well trained and if you come in and you say look this is what I'm thinking you know I want a six or seven-year-old Cabernet Sauvignon, I really like Colonel water region, I love that current in cassis taste, they will go AHA and they will take you straight round to the best one and typically for a tightwad like me the best one that's on special this week.

SALENA: [35:53] And that kind of customer experience you don't get in so many other stores. So it does come down to customer experience.

DOUG: [36:01] Definitely well thanks so much for your help on the show and if you would like to know more about Doug services head on over to OZ

DOUG: [36:11] Terrific, thanks SALENA.


Doug has held senior management positions in the pharamaceutical, consumer goods, publishing industries and online marketing industries..
* Launch major consumer brands using TV and print media.(Bayer).
* Develop a sound strategic research process to identify the best creative platform to relaunch an iconic brand (Duracell briefly dropped the Pink Bunny, I brought it back!)
* Restructure and lead an Australian and NZ sales team to successfully drive into new distribution channels.(also Duracell).
* Head up strategy and business redesign in a major global publisher.The masters of direct marketing – Reader’s Digest.
* Develop a systematic approach to grade and develop key accounts and concentrate client acquisition activities on the most promising sectors (at returnity – leader in online digital marketing).

Specialties: Every business acquires customers, sells them other products and works hard to retain them. I’m passionate about helping businesses structure these activities so you always have the best possible information on how effective your marketing investments really are.

Subscribe to our mailing list and get latest updates, episodes, and news.