In Depth Look Into Ransomware

This episode of the outlaw. Your Josh and I talked about ran somewhere how it can affect you steps to take to protect yourself and what it's all about next time.

This is taken think about him and you don't know and now outlaw your Josh Whitaker welcome to the outlaw lawyer here with Josh Tucker, Joseph T. Hamer, Joe. I don't I'm doing fantastic Josh, how are you doing I'm doing good. Hopefully you have tuned into our show. They all are your own purpose.

This is an accidental dial. We didn't just needed me to turn to something else and get us. Hopefully you're tuned into the outlaw lawyer if you did tuned in by accident, by God, are you lucky you are lucky you want to leave in the lottery of radio it's you know it's Saturday afternoon you got us on our your radio dial and if by accident. Just just hang out with us your lawn works done yard looks good.

Very we needed hopefully are cracking open a cold, cold beer, I would say for yard work which ice would be my preferred beer to crack open Bush ice is the official beer of the artwork I tell you, you know, we had an episode here not too long it will record trying to paint a word picture we are trying to use his radio where attorneys we fancy ourselves wordsmiths.

We wanted the pain a picture and what means they were doing here stadium we can went off on top hats and and Monica Zimmerman, Joseph. I remember that I remember that vividly I was here anything. I think the wrong picture. I think I was too formal for us. I want people to think of us more like yeah now I want to be like a hoppy IPA. I want to be like a Bush ice of radio norms and I think I think that's what we are nothing. That's the picture he paints how to leave it what so what we look like you know you know Joe and I attorneys where leaving our lawyers and we have a successful law practice called Whitaker and Hamer, with offices in Raleigh Clayton Garner Fuquay Marina in Goldsboro and we would never have you in your office for consult and be having an alcoholic but alcoholic beverage.

I think we all know that's not what you want out of an attorney.

Yeah, absolutely.

We retire the Bush ice is reserved strictly for we can yard work on Saturday but if it was okay if it was okay for you to come to our law office for consult and we could have an alcoholic beverage and we can offer you an alcoholic beverage.

I want you know that I would offer you a Bush ice this with the people want to hear and not not a Bush ice from like a fridge like I would have a cooler that that had a just a few left and like most of the ice have been melted so this is when it's just cold cloudy water basically is that's in your hand and takes that's the best way to have in the Bush ice people. They haven't paid me to say any they should. Some of the best advertising that Bush ice is had in years. But that's that's what I want the people to think about when I think about me anything about Joseph here in the studio and remember the top.

I think doing cowboy hats six straight cowboy hat in my mind, you know, in my minds eye. I'm wearing a really tight Stetson you like a good tight stent like title your headlight cut and you're just like, well cut you I'm saying I'm wearing an oversized sombrero. I had you more.

You know you're been a poison concert. Joseph I think you know the answer.

I'm thinking more about a cowboy hat like like someone got like really drunk really early in a poison concert.

How is that guy. That guy is out with you it's it's more of a girly more of a feminine cowboy hat that I'm not on a lot of places and see stitching on it right. With that I can live with that. I think I've got gigantic colorful boots on spurs that jingle just a little bit when I walk and where it some of those and so that's adding that's the mental picture and maybe we pick a different one for different episode but that's the mental picture I want to paint for this episode. So as you listen to this voice tight tight cowboy hat spur boots to cold Bush ices and that's it.

Yeah, I think things anyway just talking work and thought about. So it's a great conversation to a great conversation starter working to talk about ran somewhere today, which is a very serious topic. We we've approached the intro to the show lightly but we will soon become more serious as we discussed very serious issue. We actually talked a little bit about inner cyber fraud in the past in the past episode. All of our loyal listeners. I know take very detailed notes on every show we've done in the past so our notetaking listeners will know that something we have discussed working to do a real like we like to do on the show a deep dive on the topic of really ran somewhere.

It's gonna be kind of a subset of that cyber fraud discussion and wishing to talk all about it what it is what it looks like and why it's relevant to you, our loyal listener now talking to someone I was talking to someone today. The company that manages our firms that manages Whitaker and Hamer's IT security and so I was talking to them. Just today and there there see in this ran somewhere just exploding is just you know it's every day they're dealing with a ran somewhere cyber fraud issue and that's used to dealing with that which is not as much is multiplied, they couldn't tell me how much more they were seen yapping. That's the thing it's ran somewhere's been around in some form for a long time. We'll talk about that but I think it's definitely escalated. It's definitely escalated recently and a big reason is, is the success that the people who are doing the attacks are having minutes.

It's been something that they've been able to do, and they been able to get away with. For various reasons and so I think will we've seen a rise in attacks in an account of an evolution I think will continue to see an evolution, all things will talk about in painstaking detail over the course of this program also went to just touch on just you know part of the if you never listen to that lawyer before me and JD was practicing attorneys. We try take tidbits out of the news and just can't take a look at him for much, nonpolitical, just kind of as reasonable as we can be.

We put on our our attorney hats and and try to be reasonable but yet a covert mass things coming up again. Joseph is coming up again.

Joshua covert and generally just seems to really be ramping back up unit we we we film the content for the show ahead of time and so there's no telling that were where it will develop because it seems to me personally like there's been a fairly rapid development in just a short period of time. As far as where there was a.

There where it seemed like things are really returning to normal, and there was a real sense of normalcy and a flight were kind of start to backslide into an opposite direction. Last week we were we were in Chartres to watch a live event out. I had been to a live event in a long time so last week we were in Charlotte wasn't only people you think were there that thing to tens of thousands in art.

The first thing I member you entered the arena before us and I member your text to me said if you don't have coded repairs be prepared to get coded when you come in we went. We went to this event and it was so I don't have any me. I'm guessing that might've been like 10,000 feet.

A lot of people it was packed and and and and I'm not a big mass guy, but I may need to mask a 10,000 like that. I was one of the masks added 10,000.

Your text really put the I don't want to. And again with with the new variance and the fact that there is there some breakthrough cases and vaccines aren't necessarily mean again without get into it, political or scientific discussion when I can talk about the veracity of vaccines and how well they work. But there have been confirmed cases of people who have been fully vaccinated, who is still gotten covert and again I think it's gets doing a great job keeping people out of hospital keep people from dying, but people are still getting it to still transmit net and it just really seem like there's been a total shift back more to what we saw last year.

As far as the level of concern and some of the restrictions popping back up wise of our time in the studio today think Joe Co., Jackson County leaving mast for schoolkids for the school year, leaving it up to the parents. It sounds like you.

You're seeing a county by county approach we are seeing some counties that are mandating it in some counties that are jet again like Johnson County making optional in any are seeing people who have extremely strong opinions about each of those options like that as we tend to see it's yeah it's it's amazing as you just we talked a lot of people every day just as the nature of what we do so we on any given day at all to 2030 people, 40 people and it's amazing to see just where people are like I'm a big I don't really I don't I don't really care was penalized something about it. We do the best we can in any situation that we have in an lot.

It's not you know sums out of my control I forget about it yet. My experience on outlawing your unit. We take a neutral apolitical approach. And so it is really trained me to have no opinion. I'm just here going along for the ride.

That's why that's how we can keep the outlaw lawyer free of any political swing one or the other, usually having no clinical beliefs whatsoever. Very good.

I had exactly I am is neutral and is independent as they come. It's interesting, I'm starting to see were start to see some this might be an issue for another show will go too far into this, but you're seen a lot of universities require it at a staff and students.

I know there's a case mama got out of Virginia where unison professors are not going to get it is being mandated early and lose their jobs in the healthcare workers have a lot of them are being mandated to get it refused to do it and I know folks that are networking, healthcare, nurses, and there is there are a large number rumblings from those people.

Anyone who has any vaccine hesitancy, and it is is not willing to get the vaccine that these people are essentially all assuming that they're going to lose their jobs fairly soon.

Anytime we talk about something like this I got, I went and got the Johnson & Johnson vaccines I got that was the day before grandpas. I don't number one that was you got it now.

I member you got it you didn't stroke out.

That was good. Now Marshall, hurts a little bit where I got it. I don't know what that means your body's well old machine are our viewers need to understand that I was take a break.

Again this is that while outlaw lawyer. We always encourage you to give us a call 1-800-659-1186 is our number 1-800-659-1186 that is set up free to leave a message. You can email us questions@theoutlawyour.com when we get back up next talk about ran somewhere a lot of people it's been in the news recently.

I think a lot of folks aren't the most tech savvy that don't spend a lot of time on the Internet on their computers may not understand exactly what it is. So we will do a deep dive and discuss what it is.

Discuss how it can affect you the individual listener and how it in a broader sense affects you know medium to small businesses. Something got a little bit of something for everybody. Jonah make a quick note for future shows here.

I think with a deep dive way too much :-) we don't say deep dive thing and I think we should do a deep dive on how we should save at least 20 more time they have a setting. This way, crack open the post thesaurus and try to get more synonyms for deep dive give me one right now the top your head you can't because it's the perfect perfect thing is what were doing a medium medium level dive, but rents where you actually had been in the news a bit and it was in the news constantly for months and then I actually haven't heard anything new in the past avoid some shirts come in, but it's common and I and I think were it's not going away. It's something that's going to stick around so you know you hear Ransom at just as part of any word and you immediately think what hostage situations and essentially just taking taking things hostage and demanding payment for the return of them. I think a lot about Liam Neeson in the movie taken. That's a great example.

I never seen a movie.

Have you ever seen. I'd I've never I've got the gist of what it was about know who Liam Neeson is I am. But I'm only familiar with his work in Star Wars about I don't have ever seen another one of the movie is he's been in the movie taken Jackson as you know, I didn't see them that well anyways there's three of them there as they progressively get worse to the point where anyways, you should consider good movie. I mean the first one probably worth watching. There's a lot of quality understand how you have seen what I hear about it on streets. People talk about it.

They watch the first one and and then you can just read a recap of the sound thinking this much with the second ran somewhere Ransom where I thought you that you have more knowledge of the matter be able to go somewhere with that Star Wars Star Wars money. I was just at Star Trek I got you here right, I apologize.

So you Ransom where we, like you said we saw it in the news it it may have killed off a little bit, but it's still around. So basically Ransom where is kind of an umbrella term that were going to use to describe several things. But at its root.

It's basically a type of malware that threatens to either publish or destroy or block access to the victim's personal data unless a ransom is paid yeah really seems like they got the bad guys, the fraudsters, they had a big playbook when it comes to Ransom work they actually seem like a pay attention to what kind of business you are a government entity. What kind data you have like they really there's a lot they can do and I was talking to you Joe before you. We went in the studio today about that one instance I heard it was like a cosmetic surgeon out of angles Florida or California number where was but they got attacked with the ran somewhere in the room and the bad guys use the data to ways.

One was to shut him down and freezes networks as I think he paid the ransom to get it back and they also look at the individuals that they had died only before-and-after pictures for cosmetic surgeries and threatened to put down social media like threatened people individually on top of that, so there's a lot they can do with the stuff once I get in there exactly in their resourceful and like he said they got the playbook and we will talk a little bit about the history and how it developed. But you're right that that's the general gist of how it's used and usually they're asking for payment in in some former crypto currency, be it bitcoin or be at some other there's like 60,000 different types of crypto now that you can use, but they basically do that to make it more difficult to trace back to whoever's whoever's perpetrating the crime, so we seen targets of literally every size you know the Colonial pipeline was one of the biggest the biggest more recent things that was in the news McDonald's is been attacked if McDonald's isn't safe man who safe from these people in it and it goes all the way down to just small businesses and individuals him that's really how Ransom where got started with targeting of just individuals, and en bloc in their systems up and I may be asking for smaller sums, but it's really run the gamut of who the target is in no one's really immune from following the Colonial pipeline Ransom where attack and I came of the name of the entity that was paid with doing it they can almost apologize that we didn't we didn't mean to get a target that they vetting they were surprised it was successfully dictated. I guess as hackers go they did like the top of the food chain of hackers to be able to pull something like that also.

But it was late. You can affect anybody in a big small you know individual Corporation.

There is a today I think they just kind like a shotgun. They just kinda spray it and then catch you. They can catch in their web and I think sometimes they even taste amazing and so is kind of a low-tech situation you doesn't take a lot for them to fund this and then if they get somebody big. It's a big score yeah and I think that's that's the that's the case, and one thing we want to talk about is we one always arm.

In addition to taking a apolitical neutral approach things you want to give you guys the tools to protect yourself from things and give you guys arm you with the information so I will talk a little bit about how you can guard against these types of attacks, whether it be in your personal life or whether you are a business owner and how to protect against it at your business. Having the first step is really just constant vigilance. You know you should really have a protocol and that protocol should start with. If you get a questionable email. Don't click on anything.

Don't respond to the person who sending it just basically deleted send it to spam. I don't touch it and move on with your life because the second that you start interacting with the fraudster, then the chances that your to be infected. Organ increased dramatically you and us. When I talk to people and that in the industry there pretty much denied everything you do and we at the law firm we we taking this very seriously as this is become a big issue over the past five, six, seven years and and kinda try to be on the same level as you like. An A+ level. As far as being at doing everything we can in IT world to secure our databases. We do little as attorneys we do a lot of confidential information. We have trust accounts and so we take this very seriously in her own personal world what you nothing is foolproof and nothing you do is get a make you hacker proof. Nothing.

Nothing is and will talk about that in more detail, but that's an important point because were to talk a little bit about things you can do to safeguard and some of that includes no antivirus software spam filters but all the equipment in the world, the most sophisticated technology is not going to prevent the number one cause of these types of attacks, which is just human user error someone falling victim to just a phishing scam or clicking on something they should click on and that's really why the number one preventative measure is good training for people and can at making sure that your employees are you yourself know what to look for how to identify things that are potentially fraudulent and how to avoid those things I know I saw a in a recent interview with Yahoo John Chambers, former CEO of Cisco Systems city United States companies or are expected to endure over 65,000 Ransom where attacks this year and that's a conservative number so it's it's out there, it's out there and it's growing. And you know we've we've seen it in the news and I think we're just gonna continue to see it were to continue to see kind of an increased prevalence of it so just getting into a little more detail. You know we talked about the fact of how it's kind of a general umbrella term and you got you have a few variations of how it can actually pick play out so it can be as simple as just stealing your sensitive data and then threatened to release it like he said the cosmetic surgeon they they got a hold of that data and basically threatened to release it and then they went person by person and threatened to release it to those individuals and it can also be used in the way that we can refer to it as where essentially access to your own valuable information, whether it be your database, whether it be client files. Whether it may be the systems that you need to conduct your business. Basically, the lockup access to that information, and then hold that ransom your ability to to access and use that information and they'll go look at what you do and what you what they think you can afford and I'll make these these ransom demands and they get. I don't know you know we don't ever see the statistics but most of the famous ones that you've heard about the ransom was paid, because they do they lock they like you have your business, whatever it may be can't function is certainly immediately and without some interest you and will talk about are some things you can do but but it's it's debilitating. It's absolutely debilitating so you know if you guys have any questions.

We always encourage you to reach out to us on the phone number you can always give us a call at 1-800-659-1186. Again, that's 1-800-659-1186. We always encourage you guys to reach out with any questions you may have. Whether it be about ransom where whether it be about anything you tell us how you're doing questions, that's questions plural@theoutlaw.com and then again you can always visit us at our website which is www.theoutlawyour.com. We got some great classic episodes. We encourage you to go revisit there but were to take a little break were to come back and will keep on talking about ransom where and we will keep on start digging into some things you can do to prevent it. In some of the things to look for and be aware of to keep yourself safe. How does ransom where work you ask will tell you I when Josh back with you here only outlaw alloy or as always, we encourage you to give us a call if there's some talk about. You want to talk you want to talk to me and Joe and more of our personal capacity as lawyers Whitaker and Hamer. Either way, you can call us at 1-800-659-1186 is 1-800-659-1186. That line is set up to take your message to make sure to leave us contact information and will reach back out to eat and also email us at questions@theoutlawyour.com. Our website is the outlaw your.com that's where we archive our past episode so you can listen to those there and then we do live on social media as the outlaw your own Facebook and Twitter. But today the topic is ransom where Joe, one of the things that I think a lot of people to hear the term how does ransom what does it do, how does it actually work to accomplish getting money into the pockets of the bad guys. So we talked about it a little bit. It's basically a type of malicious software and what it does and we again, it comes in various forms were strictly talking about the variation where someone's gonna lock up your access to your own files and make you pay to get access back to them. So you've got a type of malicious software that's going to get delivered to you in several different ways but generally it's got to be you inadvertently provide the information that gives the hackers access or you click on something that's going to allow them to install the back door to get into your system what they're going to do is there going to encrypt the files on your system so once the ransom wears on your computer it's going to systematically encrypt pretty much every file on your system and lock it up to where you need what's called a decryption key to access them in the hackers can withhold access to that key until their payments received and you hope I mean I guess the hope is that they do give it to you and I read like having on the Colonial pipeline.

They paid the ransom people to know they did that, but he paid the ransom and and I got a key and it didn't really work it really work all that well what did I know this happens all the times encrypt your data but and they also have your data and it is one of those things like where it is, where does the black male, even stop once that happens, yeah, and it's it's funny you mention that it's a good point because like you said once key would handle any hostage situation will because I don't trust I don't trust him and hand over the money and then I'm getting back anything like that. I guess I'm just a natural pessimist in that way but but you're right, it's a big concern and that handoff is such an interesting concept that I would have a very difficult time and struggle with and and one thing will talk about is the fact that there's actually third-party companies now that will handle the negotiation of that payment and that handoff process for you. That's how prevalent this is become so yet you don't know you don't know if if they're going to comply. You don't know if there any give it to you, which is why again the best method to prevent the situation is just don't allow it to happen in the first place because once it does, we're going to see that there's very few options and you're really at their mercy. And another thing that is difficult and that really can cause further problems is say they give you the key say you get all your information everything is great right what they can keep a backdoor in your system they could jump back in at any point. Yeah, you know, so that there is no once it happens like the only foolproof method is like to just scorch the earth start over, destroy your computer, smash it started change your name is might be extreme, but you say there's no great solution to get out of. And yet, I think that Spector has to hang over your head and there haven't been a lot of there's not a lot of repeat business in the ransom where industry like there's not a lot of the from you'll hear a lot about a lot of people being targeted multiple times, but counterintuitive, because if you get an easy mark. You would think you should keep it them up constantly. You know, you think you think you like about gutter. That's not me – I'm just trying to put myself into the shoes of the hackers but I just can't imagine how how demoralizing it has to be having to pay someone to access your own information your own files and things like that but yet it happens all the time. The sewer usually victims or targets of ransom, where like you who are they seeking when they when they they point out who the target yet so you know there's a wide variety of targets we've talked about it. We talked about the fact that they it really varies and so I think it kinda started off with the individuals.

The home computer user.

Regular people just like me and you. It reminds me of like it.

If you're on Facebook. I know you talked in the past.

He spent a substantial market, Facebook, and one of the things if you have any elderly friends on Facebook. You see, like 60 times a day as I've been hacked. Don't accept a friend request for me is the these people are being targeted. You know there's probably a lot of individuals and then gradually over time as the ransom where practitioners saw that individuals are willing to play. I think the volume of attacks increased and the targets kind of escalated to small businesses to medium-size businesses and eventually they start targeting the super high value targets like the pipeline things like that what you are targeting individuals as crazy as you think this of these are organized. These are organized bad guys in either criminal enterprises based usually almost hundred percent of time on the outside of the US so you know you got you got these these hackers. These ransom were folks that they they track to being somewhere in China are somewhere in Russia. You know the jurisdiction that we may have.

Like the you know it's almost like they're never getting in trouble for this. Yeah. And I don't even know that we can say that with full confidence because I think that's part of the issue with the way that they carry these attacks out in the way that they're getting paid.

It's so difficult to track even really know where they are. Josh, how do we know they could be you Josh is Facebook.

It's I was reading my Facebook newsfeed pretty sure that you click on anything. I recommend that you click on anything and I understand you know the older folks are on Facebook for your time.

I like years old that you get to a certain injury. Draw a line in the sand and that's it that's as far as as technologically advanced as I'm getting man I tell you I'm very let you know I grew up my generation heavily involved in. You know that the Internet when it first became a thing you counted your entrenched and that you used to that and then gradually technology evolves and I can't even imagine how helpless I'll be when my kids are older and their wave of technology comes in and I looking forward to a man I think I remember a time in my household, we were know I was in elementary school I was and I was young elementary school to give myself some credit, but I remember we bought something on a Commodore 64 if you ever had a Commodore 64. I didn't have one that I know what it is I'm familiar.

We had to move the typewriter. I had to take the typewriter that went in the basement and we all set around and hooked up the Commodore 64 was an amazing time has nothing to do with ransom where I don't make me a great point, the no one's ransom where in your typewriter will just go back to the old-fashioned click in the clicking out the letters to send your mail a snail mail, or 64 had the print shop is a very fancy program that you print out banners and birthday cards and then there were video games and that's probably where we should stop for safety. Yes, I say we stop at banners.

Who needs anything more than that, but it's these are these are the people domestics are criminals and there's there's a financial motive. They're doing this their spending money you spend money to make money and crowns are spending money. It's a financial motive. That's what drives these attacks. They want money and I don't even know that there really spending a lot. It's not like they're having to expend substantial resources. A lot of the time the the way that they get in. It's just a simple person clicks on something they should click on Dennis like you said, they shoot it all out there and email. Tons of people in there and hope someone accidentally or intentionally clicks on something provides the information they need in therein, and then at that point. That's it. The they got you yeah exiting your computer basically is is as useful as a Commodore 64, after that you got you get there you go you got your own, and they can even play video games or make cards or banners yes so there's there's a distinction there so there's the there's the ransom where factors that are looking to hold your things ransom and get payment from you and there's some people that just are terrible human beings. I just want to watch the world burn in the literally just infect your computer just to break it. Just to give you a bad day or to ruin your time so those people are out there as well.

This is why it's important you know if you if you run a business, you need an IT professional like you know I first open my law firm. We I was the IT professional at the law firm in an in the days essay and not that it's good but that's how it was you just open up a business, but we, especially in the in the line of work that were in like IT support went from being a very small part of our annual budget to quite large, quite large and God only knows where that budget will grow to in the future because again, this is an evolving thing that's continually changing and kind of a really evolving. We are going to keep talking about ransom where but I want to remind you that you are listening to the outlaw lawyer.

You can reach Joe and I at 1-800-659-1186 that's 1-800-659-1186 you can email us questions@theoutlawwhileyour.com you can visit us@theoutlawlawyer.com is where old episodes are old episode sounds bad.

Archived episodes live classic Vintage.

Our greatest were put out a greatest hits album.

And then on Facebook and Twitter. We do exist there as the outlaw lawyer coming up next on the outlaw law we are we are going to talk about how to present ransom where attacks and right back at the outlaw your again I like to remind people Joseph and I enjoy doing this that we enjoy sitting on the studio and without these outlaw lawyer episodes for listeners what we actually do for a living as we are attorneys we are. The law firm of Whitaker name or we have offices in Raleigh Clayton Garner Fuquay in Goldsboro.

Lots of attorneys in our law firm, lots of staff would be happy to help your real estate transactional family law, personal injury, we want to be your resource your legal resources when the reasons were doing this showed outlaw lawyer answer today were spending some time talking about some things we seen affect our very own clients we've it's something we have to take into consideration in our own law firm were talking ransom where tax ransom.

Where were back discussing ransom where we what would you say we talk about ransom where hackers we talked about where they may be. We don't know where they may be, you speculated they are overseas somewhere weaving the typical ransom where attacker looks like Josh in my mind, and this may be more movie related but in my mind they are of Russian descent and their aggression I that I got this facility on the Baltic accident.

That's right, I got a Eastern European Russian hide out where this like everything in the whole world like a guys that's what I'm that's what I'm envisioning yeah I like it like I might see in a damp, damp, dark hats that's accurate. It was either that or it was either God living in his mom's basement very computer savvy eating chinos. That was my guy got back years that I got like a bond, 64, you know, is a cool way to think, but I think more Elizabeth is the guy that spent a lot of time on computers like the I don't know will never know. But these people are motivated by money. We talked about that and they they realize people are going to pay to get their files back because once again once you've been got by these things. You've been got and if you need access to your data urgently. You don't really have many other choices, but to pay. So just what can you do. What are some things you can do to either prevent it or to mitigate that damage by thing IT folks would say the first thing you can do is really just to know backup you know whether that be personal files. I'm guessing you know dropbox or anything like that is probably a good idea.

But even as a business you you backup backup every day. I think you do nothing, that's that that's the solution because I mean again that may not be the perfect solution because work on a simple find this you know certain systems could be locked up that you can't really back up and you can't have access to them and this doesn't help in that scenario, but any other kind of data. If you can back it up. And if it gets locked up then, but your you have a current backup that you can just restore to then you may not be in a situation where you even need to pay the ransom. It could just be something you could access that backup and keep on rolling along, but I think it's an important distinction to make sure that that backup is kinda separate from your your existing server. It's not something that they're going to be able to access to the back door as well and that's an additional safeguard that you got a counter put in place or else it's not really in a super effective method of prevention you know we three thing about that a lot. Like in our situation, we backup the data that we need to backup off-site in the cloud and the magic cloud and then you we a lot of people going to where you, your system doesn't live on a hard drive or your your system as you login via the Internet and your you know cloud-based system so you know, it's also a little disheartening that like a Colonial pipeline got taken so hard you know like you Colonial pipeline mega millions and millions of dollars a second.

I would think and yet we did you know it seems like you believe it just seems as we should be more prepared metal were talking about here, but yet backing up. That's a big deal, backing up and like you said you mentioned you mentioned the cloud and that's true a lot, you know, I think I think were moving more towards the cloud. A lot of people are probably already hundred percent cloud exclusive, but the in the cloud is is not a perfect solution because the cloud is vulnerable as well. Your cloud account is only as good as your password or your credentials in your safeguards on those things. So if you fall victim to a phishing scam. You just as likely to give them the access to the cloud as you are to give them access to your your physical server. So again it's your protections only as good as you or your employees ability to discern the scams and not fall victim to the big thing is really just you know if you get an email from somebody you don't know is that simple.

Writing an email for some. I don't know who you get at least look at it wrong. Yes, so you know it's a developing field and and you said it will touch more on that you know there's there's tools that are in place. There's things out there that can help safeguard your computer are never there was a time where like Norton antivirus. You would think that's the BSC I've got that I'm safe I can do and I can go anywhere on the Internet with no worries and no cares nothing could touch me and you'd like press a button to run it and it would take 72 to cycle through your entire computer and these are all things that are valuable.

You know firewalls are valuable antivirus programs are valuable anti-spam filters are valuable, but the real wildcard in the way that these people succeed is really just that element of human error. They're targeting individuals and the main tool that they're using are these phishing emails so all you gotta do. You can have the best firewalls you can have the best protections and all that has to happen is one email gets through to a person who doesn't understand they click on it and you're you're completely you're completely bone yet you can never you can never be hacker proof and a lot of this comes back to training what you think me I can't think of why this goes without saying you think it would be easy for most people to catch a phishing attempt but it's it's not in people they have to be trained as my grandmother who just got hacked on Facebook would say it's not the easiest thing to discern and and I think the single most important thing that you can do as a business owner as yourself is train yourself on what to look for how to identify questionable email when something looks suspicious. You should be able to immediately look and determine this is questionable. This is fishy, and you should know what to do when that happens I know in our firm. If there's ever any question you you delete right if there's enough it's important so I'll reach back out.I delete a lot of emails as this looks bad. Click find me somehow. What y'all you always err on the side of caution. I think having people understand that these days and I think people know that you just have to be. You have to be careful yeah I think is a baseline rule. Step one. Don't click on anything especially if it's for Tina, especially if it looks questionable and then don't respond to the individual sender of something that looks suspicious. You know that's that is the advice that the professionals give you enough myself not he that there's been several times where I've gotten a clear's fraudulent email and I just mess with the person I like to do that. Tell him to call me, and given the local police department number line.

That's a good one that I like to throw out that I don't recommend that I recommend. Don't engage in because again, your chances of of getting scammed go up but you really need to be able to identify what is fishy and immediately spammed or deleted you at the firm. We do we do a lot of real estate transaction. We represent buyers and closings and refinances and we work with a lot of title companies and lenders and in real estate agent so we all the time at people emailing us that maybe we've never emailed before as early does become an art form on on trying to figure out some will be secure. Some will be unsecure yet federal laws we at the firm. Absent certain things out secured unsecured. It just you just it's like 1/6 sense at some point you just get used to seeing stuff out and say Spidey and Spidey's really do like I can.

It's a skill you you get used to it.

I can look at an email and almost from the evening that the person's email, or just the subject line. You can immediately like… This is bogus. This is not a thing yet we we always get the once our emails are on our website so people can get in touch with us and are certain you know you know that is its available to them by you can search the web and so we get a lot of the ones or people pretend to be near Joe in email staff about getting some way to get some depth to gag gift cards you email me a bunch of town.

Hey, I'm stranded in Haiti you send me a $600 Amazon gift card slamming this and I would send you that if that was used by the way I like you a lot. One day I really mistreated in Haiti, yet another area of violence can help just call me Manny. That's what it does.

It doesn't make any sense so you said earlier, if you get an email from someone you don't know your first red flags immediate red flag. We flag that we immediately say this is most likely I think you treat that is a scam. Until that person like shows up in front of you with their physical identification and shakes your hand and proves that there are legitimate person. I think I think the thing to take from this is just really you know individual. I don't how many emails people get their personal accounts. But you know that you just take your time and I think personal is probably pretty easy edit the pineal kind of business surety can be tougher but just you look at the email addresses coming from INS like it if anybody can can create an email address and input Josh Whitaker and yet, anything no email and everybody had a look at you. That is not a call to our listeners to create an army spake Josh Whitaker emailed a bunch of Josh Whitaker box looking for but anyway don't email me as Josh asking for an Amazon gift card.

We are the outlaw your phone number is 1-800-659-1186 email us questions at the outlaw, while your.com will be back after the break coming up on the outlaw law or we wrap up our discussion of ransom, where with some more Hallmark signs to look for some tips for prevention and some third-party assistance Josh back with you now law lawyer, Joe, one of the things I think we need to make clear is no one ever has gotten an offer in their email that resulted in them getting $1 million. That's fantastic point Josh, the Prince of Nigeria is not going to be emailing you.

You have not reached $1 billion. Magically, you know if anything is important enough emails important enough to warrant a response from you. You should basically immediately be able to discern the veracity of that email. If you even have a slight doubt or question about it. If it seems too good to be true. Don't respond.

You know the problem with a lot of spam email or unsolicited email. Especially if you had no business with that person is that it will kind of call out to you and if you respond as soon as they realize allow person behind that email address there to keep plug in there and keep trying to get you.

But if you don't respond a lot of time to move on to the next target. Yeah I and again that scam. I think uniting most people have have figured that that scam out.

You know, and that not to respond in but I guess there's people out there is still fallen for that but it they get more sophisticated that they do and I think one of the things you can do is this really take your time. Go slow and pay attention to the details anytime you get an email from anyone and they are expressing some great sense of urgency not found that attendance can be scanned yes usually have a the you know that's the I guess is more of a phone scam. That's kind of power under the power the electric bills can be shut off kind of thing is is one of those but yet someone's in trouble in Haiti or someone is in trouble overseas.

I that never happens right. There's nothing that urgent asking to be discussed via email. 99% of the time it's going to be's urgent because these are there not plan long con games here generally to try to get you quick and get out so if you see urgent or if you see please help with an exclamation point. Anything that expresses that since of urgency. I think you have to look at that and you have to really scrutinize whatever you're being sent at IRS does an email you saying that you know foreclose on your house and lenders and I can email you the power company doesn't email you to cut off yes is not the way it works. That's slow mail stuff no one wants to send you money ever.

You're not lucky were not. It is not a thing is can happen so again always assume these things are too good to be true scrutinize those things and protect yourself from, but people do it. People fall victim to it. People give away their sensitive information that's another thing I think it goes without saying, but I think will say because like you said happens to people. No one is going to be asking you for your Social Security number for your routing number for your account number for your bank. These are not things that someone's going to cold ask you from an email suggest don't give it to anybody our thoughts. Assume let's assume that all of our warnings have gone on heated and you you you you click on the ransom where email you responded to it what it unit hackers are on see you they got up the got your stuff. They're going to demand a ransom. What where do we go from here so there's really there's two steps.

Step one contact law enforcement.

I think that's important to get them involved, especially if you're talking about something on a larger scale.

Contact law enforcement.

They may not be able to help you, because again these people are kind of veiled behind a lot of safeguards are difficult to track and in step two, unfortunately, is be ready to pay. I have to really it, there's no magic solution to recover these things and like we said, once they've got you. They've got you so there there's a lot of debate and handwringing about whether paying these ransoms is what you should do. But the sad reality is that that at that point it might be the only option that you got that sad to think that you know but you're right there law enforcement. You know if the if they can't locate the folks of the law enforcement. I think this is something that your local law enforcement and this is no shot it down there just ill-equipped to handle. Yeah, I think it's fair to say it's it's a newer field.

A lot of times they may not have the resources to devote to this specific subset and again that may change as this becomes more prevalent, but J once you get got, you're likely going to be got in less you pay so one thing that you can do.

We we touched on this briefly earlier, is the fact that there actually third-party companies out there now that will negotiate down whatever that that ransom amount is for you and kind of settled that matter for you and handle that that handoff process to give you some added layer, I guess, of feeling good about it and feeling better about it but but this is developed so much that there actually companies that are doing that at this point it would be crazy if one of those third party in between Asian companies were also like the bad guy should set one of those seal it now you think like a criminal. You have two criminals and would have any of our Russian listeners and in the basement right now are listening. That's like the Goldmine eureka moment for them to set them up for success but but yeah I mean it's it's I'm I'm glad I personally haven't had to be in that situation as as of yet. I guess it can happen anybody but you. At some point, law enforcement, FBI, but your I made that matters is that point your toast and willing to do what I can do for you.

So another thing that you can look into and this is an again a newly developing area cyber insurance you know cyber insurance is a newer thing and that is something that can step in the situation. You still have to pay some money you have to make a claim you have to pay deductible, but sometimes that can be something helpful to give you peace of mind and that may not be the answer for everybody, but if you deal in sensitive information, and you have susceptibility to these types of attacks. It may be something worth looking into. You know this.

Another thing to get us back to when we started the firm back in 2000 and as for we started the firm and you told me that when they would be paying a substantial premium for cyber insurance. I would've called you crazy substantial premium but cyber source like out a law firm that that handles real estate transactional's real estate transactions, you cannot.

You have to have cyber insurance.

Now it's just it's part of the deal… You need to protect your clients, especially for holding client funds. Our client information you need to protect your clients in every attorney should have malpractice insurance. You know, insurance errors and omissions insurance but now you also have to have cyber insurance and again we talked about the fact it may not be right for everybody. It may not be right for every business.

If you don't transactional real estate.

I think it's almost a must. But a lot of these insurance companies they're going to give you yeah basically a security audit and there's good to be things you gotta comply with certain standard, you have to meet that just may not be feasible. If you're small to even medium-size business, so it may not be the answer for everybody but it's deftly worth looking into if you work in a field where one of these attacks can really affect you. So another thing that we can talk about some is the rise of kind of third-party monitoring and in third-party IT services outsourcing that yes that's that's important you know at at our law firm we have.

We have a company that watches our servers and watches for intrusions and watches for you know installations of malicious software mean we we were paying somebody to have our cyber new" cyber back they got our back and realizing they have our quote cyber back as well. But you can't you just you can be safe enough and all the stuff that we've done it would her name or I mean that's what businesses around the world are doing any of you doing every thing that you can possibly do like if there's anything that makes your clients any safer like we were going to do it but it still not hundred percent as an attorney, I'm worried about the law and I'm worried about knowing the law and I can't know the law.

Plus it did recent developments in the cyber fraud world. So if you got the means to do it pay a professional pay someone who is very well-versed in this and who sees it every day. And who knows what to look for and who can compete with the Russian eyepatch guy in the basement that's doing these crimes. But that's it's it's every industry. It spread and is can it be until we figure out a way as as a and Isaac world country to put a stop to this and arraign it in its it's only to get worse. And as long as there are people who can't discern a fraudulent email and are willing to click on anything or put in their information to any fission scheme, then this is going to still be a thing and you're only as good as your least competent employee that is willing to click on something like that. It's a danger really a business of any size so again train your people talk to about it is episode four play display every episode for them. I think that would arm them with all kinds of knowledge, but you need to be informed they need to be informed and it's something that is going to continue to grow in importance. Well Joe you know I like tell everybody again Joe and I we are attorneys of the law firm of Whitaker Hamer. If there's ever anything we can do for you. We like to be your legal resource would like to be able to help you. You can reach us here at the outlaw your or Whitaker name name or by calling 1-800-659-1186 that's 1-800-659-1186 again that message. That line is set take a message from Lisa Levison contact information leave us your question or concern you know you always email us questions@theoutlawlawyer.com comes right to us. Our website is the outlaw lawyer.com were vintage episodes live in Facebook and Twitter. We are the outlaw your and I really would like to encourage if you're out there you're listening. We love to hear from you. We love to tailor an episode talk about something that you're seeing that's happening to you are in your industry like we really would like to tailor this so it's as interesting as possible to our listeners.

We want to cater to you our listener and we love to interact with you our listener. We personally love each and everyone of you like our own children and reach out to us interact with us and we would be more than happy to talk about the things you guys are interested I will exit for this week has been treating you next week and will only as an attorney licensed to practice law in North Carolina just appearing on the show. Maybe license North Carolina attorneys discussion of the show was meant to be general in nature and in no way should the discussion be interpreted as legal advice. We would like. Once an attorney licensed in the state in which you live. Have the opportunity to discuss the facts of your case with you. The attorneys appearing on the show are speaking in generalities about the law. North Carolina and how these laws affect average North Carolinian. If you have any questions about the content of the show, contact us directly