Understanding Ransomware and Defense Strategies

When it comes to cybersecurity, most people think about
firewalls, passwords, and antivirus software. But what about the
attackers themselves? Understanding how they operate is just as
important as having the right defenses in place. That’s where
Paul Reid comes in. As the Vice President of Adversary Research
at AttackIQ, Paul and his team work to stay one step ahead of
cybercriminals by thinking like them and identifying
vulnerabilities before they can be exploited.  


In this episode, we dive into the world of cyber threats,
ransomware, and the business of hacking. Paul shares insights
from his 25+ years in cybersecurity, including his experience
tracking nation-state attackers, analyzing
ransomware-as-a-service, and why cybercrime has become such a
highly organized industry. We also talk about what businesses and
individuals can do to protect themselves, from understanding
threat intelligence to why testing your backups might save you
from disaster. Whether you're in cybersecurity or just trying to
keep your data safe, this conversation is packed with insights
you won’t want to miss.
Show Notes:

[00:58] Paul is the VP of Adversary Research at
AttackIQ. 

[01:30] His team wants to help their customers be more
secure.

[01:52] Paul has been in cybersecurity for 25 years. He began
working in Novell Networks and then moved to directory services
with Novell and Microsoft, Active Directory, LDAP, and
more. 

[02:32] He also helped design classification systems and then
worked for a startup. He also ran a worldwide threat hunting
team. Paul has an extensive background in networks and
cybersecurity. 

[03:49] Paul was drawn to AttackIQ because they do breach
attack simulation.

[04:22] His original goal was actually to be a banker. Then
he went back to his original passion, computer science.

[06:05] We learn Paul's story of being a victim of ransomware
or a scam. A company he was working for almost fell for a money
transfer scam.

[09:12] If something seems off, definitely question it.

[10:17] Ransomware is an economically driven cybercrime.
Attackers try to get in through social engineering, brute force
attack, password spraying, or whatever means possible.

[11:13] Once they get in, they find whatever is of value and
encrypt it or do something else to extort money from you.

[12:14] Ransomware as a service (RaaS) has brought ransomware
to the masses.

[13:49] We discuss some ethics in these criminal
organizations. Honest thieves?

[16:24] Threats look a lot more real when you see that they
have your information.

[17:12] Paul shares a phishing scam story with just enough
information to make the potential victim click on it. 

[18:01] There was a takedown of LockBit in 2020, but they had
a resurgence. It's a decentralized ransomware as a service model
that allows affiliates to keep on earning, even if the main ones
go down.

[20:14] Many of the affiliates are smash and grab, the nation
states are a little more patient. 

[21:11] Attackers are branching out into other areas and
increasing their attack service, targeting Linux and macOS.

[22:17] The resiliency of the ransomware as a service setup
and how they've distributed the risk across multiple affiliates.

[23:42] There's an ever growing attack service and things are
getting bigger.

[25:06] AttackIQ is able to run emulations in a production
environment.

[26:20] Having the ability to continuously test and find new
areas really makes networks more cyber resilient.

[29:55] We talk about whether to pay ransoms and how to
navigate these situations. 

[31:05] The best solution is to do due diligence, updates,
patches, and separate backups from the system. 

[35:19] Dealing with ransomware is a no win situation.
Everyone is different.



Thanks for joining us on Easy Prey. Be sure to subscribe to our
podcast on iTunes and leave a nice review. 
Links and Resources:

Podcast Web Page

Facebook Page

whatismyipaddress.com

Easy Prey on Instagram

Easy Prey on Twitter

Easy Prey on LinkedIn

Easy Prey on YouTube

Easy Prey on Pinterest

Paul Reid - Vice President, Adversary Research AttackIQ

Paul Reid on LinkedIn

AttackIQ Academy

Understanding Ransomware Threat Actors: LockBit