Coming up on this episode of The Outlaw Lawyer, Josh and I talk about ransomware, how it can affect you, steps to take to protect yourself, and what it's all about. Next.
Welcome to The Outlaw Lawyer. You're here with Josh Whitaker and Joseph T. Hamer. Joe, how you doing? I'm doing fantastic, Josh. How are you doing?
I'm doing good. Hopefully, you have tuned into our show, The Outlaw Lawyer, on purpose. This isn't an accidental dial. We didn't just, uh, you didn't mean to tune into something else and get us. So hopefully you're tuned into The Outlaw Lawyer.
If you did tune in by accident. By God, are you lucky? You are lucky. It's your lucky day. You've won. You've hit the lottery of radio. It's, uh, you know, it's Saturday afternoon. You've got us on our, your radio dial.
And if it's by accident, just, just hang out with us. Your, your lawn work's done. Yard looks good.
You've already weeded. And hopefully you're cracking open a cold, uh, cold beer. I would say for yard work, Bush Ice would be my preferred, uh, beer to crack open.
Bush Ice is the official beer of yard work. I tell you, you know, we had an episode here not too long ago where we were trying to paint a word picture. We were trying to, you know, this is radio. We're attorneys.
We fancy ourselves, wordsmiths. We wanted to paint a picture, you know, what me and Joe were doing here in studio. And we kind of went off on, uh, top hats and monocles. You remember that, Joseph? I remember that. I remember that vividly.
I was here. And I think that paints the wrong picture. I think that was too formal for us. I want people to think of us more like, uh, you know, and I don't want to be like a hoppy IPA.
I want to be like a Bush Ice of radio. You know what I'm saying? I think, I think that's what we are. And I think that's the picture you paint.
So how do you even, so what do we look like? So, you know, you know, Joe and I are attorneys. We're, believe it or not, we're lawyers and we have a successful law practice called Whitaker and Hamer with offices in Raleigh, Clayton, Garner, Fuquay-Varina and Goldsboro. And we would never have you into our office for a consult and be having an alcoholic beverage. I think we all know that's not what you want out of an attorney. Yeah, absolutely.
We retire. The Bush Ice is reserved strictly for weekend yard work on Saturdays. But if it was okay, so if it was okay for you to come to our law office for a consult and we could have an alcoholic beverage and we could offer you an alcoholic beverage, I want you to know that I would offer you a Bush Ice.
That's what the people want to hear. And not a Bush Ice from like a fridge. Like I would have a cooler that had just a few left and like most of the ice had been melted.
So it's just cold, cold water, basically, you're slipping your hand into it. That's right. Because that's the best way to have. And the Bush Ice people, they haven't paid me to say any of this. They should. This is some of the best advertising that Bush Ice has had in years. But that's what I want the people to think about when they think about me and they think about Joseph here in the studio. And we're gonna get rid of the top hats. I think we're going cowboy hats. So straight cowboy hats. In my mind, you know, in my mind's eye, I'm wearing a really good tight Stetson, you know, like a good... A tight, like tight on your head, like cutting your... No, no, no, just like well cut, you know what I'm saying? Just like... Yeah, I'm wearing an oversized sombrero. I had you more, you know, have you ever been to a Poison concert, Joseph? I think you know the answer to that.
I'm thinking more about a cowboy hat, like someone who got like a really drunk really early at a Poison concert. Oh yeah, that guy. I'm that guy. I think it's... I'm with you. I'm with you.
It's more of a girly, more of a feminine cowboy hat that I've... A lot of lace and fancy stitching on it. Right. Yeah, I'm good with that. I can live with that. And I think I've got gigantic, colorful boots on with spurs that jingle just a little bit when I walk.
And we'll get some of those. And so that's... I think that's the mental picture.
And maybe we paint a different one for a different episode, but that's the mental picture I wanna paint for this episode. So as you listen to this voice, tight, tight cowboy hat, spur boots, two cold bush ices, and that's it. Yeah. I think that's... And then when we're just talking, what are we gonna talk about though, Joe? So that's a great conversation to... Great conversation starter. We're gonna talk about ransomware today, which is a very serious topic. We've approached the intro to the show lightly, but we will soon become more serious as we discuss a very serious issue. We've actually talked a little bit about cyber fraud in the past.
In the past episode, all of our loyal listeners, I know, take very detailed notes on every show we've done in the past. So our note-taking listeners will know that that's something we have discussed, but we're gonna do a real, like we like to do on the show, a deep dive on the topic of really ransomware. It's gonna be a subset of that cyber fraud discussion.
And we're just gonna talk all about it, what it is, what it looks like, and why it's relevant to you, our loyal listener. I was talking to someone today, the company that manages our firms, that manages Whitaker and Hamer's IT security. And so I was talking to them just today, and they're seeing this ransomware is just exploding. It's every day they're dealing with a ransomware cyber fraud issue. And they're used to dealing with that, which is not as much.
It's multiplied. They couldn't even tell me how much more they were seeing it. Yeah, I think that's the thing. Ransomware has been around in some form for a long time.
We'll talk about that. But I think it's definitely escalated. It's definitely escalated recently. And a big reason is the success that the people who are doing the attacks are having. It's been something that they've been able to do and they've been able to get away with for various reasons. And so I think we've seen a rise in attacks and a kind of an evolution, and I think we'll continue to see an evolution. All things we'll talk about in painstaking detail over the course of this program. I also wanted to just touch on, if you've never listened to the outlaw lawyer before, what me and Joe do as practicing attorneys, we try to take tidbits out of the news and just kind of take a look at them from just kind of a nonpolitical, just kind of as reasonable as we can be.
We put on our attorney hats and just try to be reasonable. But the COVID mask thing is coming up again, Joseph. It is coming up again, Joshua. I mean, COVID in general, it just seems to really be ramping back up. We filmed the content for the show ahead of time. And so there's no telling that where it will develop, because it seems to me personally, like there's been a fairly rapid development in just a short period of time, as far as where there was a period there where it seemed like things were really returning to normal and there was a real sense of normalcy.
And I feel like we're kind of starting to backslide in the opposite direction. Well, last week we were in Charlotte to watch a live event. I hadn't been to a live event in a long time. So last week we were in Charlotte to watch an event. How many people do you think were there at that thing? Tens of thousands. And the first thing I remember you entered the arena before us.
And I remember your text to me said, if you don't have COVID, be prepared to get COVID when you come in. We went to this event and it was, I don't know how many, I mean, I'm guessing that might've been like 10,000 people. A lot of people.
It was packed. And, and, and, and I'm not a big mask guy. Um, but, you know, I had maybe two masks out of 10,000, like.
I was one of the masks out of the 10,000. Your text really put the, uh, I don't want COVID. Um, and again, with, with the, the new variants and the, the fact that there's, there's some breakthrough cases and vaccines aren't necessarily, I mean, again, without getting into a political or scientific discussion, we're not going to talk about the veracity of vaccines and how well they work, but there have been confirmed cases of people who have been fully vaccinated who have still gotten COVID. And again, I think it's, it's doing a great job of keeping people out of the hospital, keeping people from dying, but people are, they're still getting it.
They're still transmitting it. And, um, it just really seems like there's been a tonal shift back more to what we saw last year, as far as the level of concern and some of the restrictions popping back up. Well, as of our time in the studio today, uh, I think JOCO, Johnston County, leaving masks for school kids for the school year, leaving it up to the parents. It sounds like. Yeah. You're seeing a county by county approach where you're seeing some counties that are mandating it.
And some counties that are again, like Johnston County, making an optional. And, and then you're seeing people who have extremely strong opinions about each of those options, like the, as we tend to see it's, uh, yeah, it's a, it's amazing as you just, we talk to a lot of people every day, just is the nature of what we do. So we, on any given day, I talk to, I don't know, 20, 30 people, 40 people.
And, uh, it's amazing to see just where people are. Like, uh, I'm a big, I don't really, I don't, I don't really care. I don't really spend a lot of time thinking about it. We do the best we can in any situation that we have.
And, and, uh, a lot of it's, you know, if something's out of my control, I forget about it. Yeah. My experience on the Outlaw Lawyer, you know, we take a neutral, apolitical approach. And so it has really trained me to have no opinion. I'm just here going along for the ride. That's, that's why, that's how we can keep the Outlaw Lawyer free of any political, uh, swing one way or the other, because we have no political beliefs whatsoever. There you go. I have, exactly.
I am as neutral and as independent as they come. It's interesting. I'm starting to see, we're starting to see some, and this might be an issue for another show. We're not going to go too far into this, but, um, you know, you're seeing a lot of universities require it out of staff and students. I know there's a case bumbling up out of Virginia where, you know, some professors are not going to get it and it's being mandated. Are they going to lose their jobs? I know you've got the healthcare workers. Um, you know, a lot of them are being mandated to get it and refuse to do it. And, uh, I know folks that are, that work in healthcare nurses and there's, there are a large number of rumblings from those people. Uh, anyone who has any vaccine hesitancy and is, is not willing to get the vaccine.
These people are essentially all assuming that they're, they're going to lose their jobs fairly soon. And anytime we talk about something like this, like I wouldn't got the, the Johnson and Johnson vaccine. So I got that. What was the day before it got paused? I don't remember when that was, um, you got it.
Yeah. I remember you, you got it. You didn't stroke out. That was good.
My arm still kind of hurts a little bit where I got it though. I don't know what that means. Your body's a well-oiled machine.
Our viewers need to understand that. All right. Well, let's take a break. Um, again, this is the Outlaw Lawyer. We always encourage you to give us a call. Uh, 1-800-659-1186 is our number. 1-800-659-1186. That is set up for you to leave a message.
Um, you can email us questions at theoutlawlawyer.com. But when we get back up next, we talk about ransomware. Very scary.
Ransomware, terrifying, scary word. Um, it's a scary concept too. And it's, it's something that a lot of people it's been in the news recently. I think a lot of folks who aren't the most tech savvy that don't spend a lot of time on the internet, on their computers may not understand exactly what it is. So we will do a deep dive and discuss what it is.
We will discuss how it can affect you, the individual listener and how it in a broader sense affects, you know, medium to small businesses. So I think we've got a little bit of something for everybody. Joe, I want to make a quick note for future shows here. I think we say deep dive way too much. I think we don't say deep dive enough. And I think we should do a deep dive on how we should say deep dive at least 20 more times an episode. I think this week I'm a crack open the thesaurus and try to get more synonyms for deep dive. Give me one right now at the top of your head. You can't because it's the perfect word.
It's the perfect thing to describe what we're doing. We're gonna do a medium, medium level dive, but, uh, ransomware, you know, it actually hadn't been in the news. They've been in, it was in the news constantly for months.
And then I actually haven't heard anything new in the past couple of weeks. I'm sure it's coming, but it's coming. And I think it's not going away.
Uh, it's something that's going to stick around. So, you know, you hear ransom and just as part of any word and you immediately think what hostage situations and essentially just taking, taking things hostage and demanding payment for the return of them. I think a lot about Liam Neeson and the movie taken.
That's a great example. Um, I've never seen that movie. Have you never seen that movie? I've never, I've got the gist of what it was about, but I didn't know who Liam Neeson is. I am, but I'm only familiar with his work in star Wars.
What are you talking about? I don't think I've ever seen another, what other movie has he been in? He's been in the movie taken Josh.
That's the only thing you should know him from. I didn't see that movie. Yeah. Well, anyways, there's three of them. There's they progressively get worse to the point where, anyways, you should, would you say they're a good movie? I mean, the first one's probably worth watching. There's a lot of quotes. I don't understand how you haven't seen this.
Well, I hear about it, you know, on the streets, people talk about it. I'd say watch the first one and then you can just read a recap of this. I don't think you miss much with the second two, but ransomware ransomware. I thought you were going to, I thought you'd have more knowledge of the movie taken and we would be able to go somewhere with that, but obviously, um, star Wars. Yeah. He was in star Wars, wasn't he? Ah, he was, I thought you said star Trek. I got confused. You're right. I apologize. Um, so yeah, ransomware, we, like you said, we saw it in the news.
It may have tailed off a little bit, but it's still around. So basically ransomware is kind of an umbrella term that we're going to use to describe several things, but at its root, it's basically a type of malware that threatens to either publish or destroy or block access to the victim's personal data unless a ransom is paid. Yeah. It really seems like they've got a, you know, the bad guys, the fraudsters, they got a big playbook when it comes to ransomware. Cause they actually seem like they pay attention to what kind of business you are, government entity, what kind of data you have.
Like they really, um, there's a lot they can do. And I was talking to you, Joe, before we went in the studio today about, uh, that one instance I heard it was like a cosmetic surgeon out of, uh, I think it was Florida or California. I don't remember where it was, but they got attacked with the ransomware and the, and the bad guys use the data two ways. One was to shut him down and freeze his networks.
And so I think he paid the ransom to get it back. And then they also looked at the individuals that they had data on like before and after pictures for cosmetic surgeries and threatened, uh, you know, put that out on social media, like threaten people individually on top of that. So there's a lot they can do with this stuff once they get in there.
Exactly. And they're resourceful. And like you said, they've got the playbook and we will talk a little bit about the history and how it developed, but, uh, you're right. That that's the general gist of how it's used.
And usually they're asking for payment and in some form of cryptocurrency, be it Bitcoin or be it some other there's like 60,000 different types of crypto now that you can use, but they basically do that to make it more difficult to trace back to whoever's whoever's perpetrating the crime. Um, and so we've seen targets of literally every size. You know, the colonial pipeline was one of the, the biggest, uh, the biggest, more recent things that was in the news. McDonald's has been attacked.
If McDonald's isn't safe, man, who's safe from these people. And it goes all the way down to just small businesses and then individuals. I mean, that's really how ransomware got started was targeting of just individuals and, and locking their systems up and I may be asking for smaller sums, but it's really run the gamut of who the target is and no one's really immune from it. I know following the colonial pipeline, a ransomware attack. I know the, I can't remember the name of the entity that was pegged with doing it, but they kind of almost apologized. Like we didn't, we didn't mean to get a target that big. You know, I think they were surprised it was successful, you know? Yeah, they did. I guess as hackers go, they did like the top of the food chain of the hackers to be able to pull something like that off.
So, but yeah, it looks like it can affect anybody, you know, big, small, you know, individual corporation there. It's they, I think they just kind of, it's like a shotgun. They just kind of spray it and then catch who they can catch in their web. And I think sometimes they even, it's just amazing.
And so it's kind of a low tech, uh, situation, you know, it doesn't take a lot for them to fund this. And then if they catch somebody big, it's a big score. Yeah. And I think that's, that's the, that's the case. And one thing we want to talk about is we want to always arm in addition to taking a, an apolitical, neutral approach to things. We want to give you guys the tools to protect yourself from things and give you guys army with the information. And so I think we'll talk a little bit about how you can guard against these types of attacks, whether it be in your personal life or whether you are a business owner and how to protect against it at your business.
And I think the first step is really just constant vigilance. You know, you should really have a protocol and that protocol should start with, if you get a questionable email, don't click on anything. Don't respond to the person who's sending it. Just basically delete it, send it to spam.
Uh, don't touch it and move on with your life because the second that you start interacting with the fraudster, then the chances that you're going to be infected are going to increase dramatically. You know, when I was, when I talked to people in that, in that industry, they're pretty much, you know, everything you do. And we at the law firm, we've, we've taken this very seriously as this has become a big issue over the past five, six, seven years. And, and kind of try to be on the same level as, uh, you know, like an A plus level as far as being, uh, doing everything we can in the IT world to secure our databases. We deal with, as attorneys, we deal with a lot of confidential information. We have trust accounts.
And so we take this very seriously in our own personal world. Um, but you, nothing's foolproof and nothing you do is going to make you hacker proof. Nothing, nothing is. And we'll talk about that in more detail, but that's an important point because we're going to talk a little bit about things you can do to safeguard. And some of that includes, you know, antivirus software spam filters, but all the equipment in the world, the most sophisticated technology is not going to prevent the number one cause of these types of attacks, which is just human user error.
Someone falling victim to just a phishing scam or clicking on something they shouldn't click on. And that's really why the number one preventative measure is good training for people and, and at making sure that your employees or you yourself know what to look for, how to identify things that are potentially fraudulent and how to avoid those things. I know I saw a, um, in a recent interview with, uh, Yahoo, uh, John Chambers, former CEO of Cisco systems, uh, said that United States companies are expected to endure over 65,000 ransomware attacks this year. And that's a conservative number. So it's, it's out there. It's out there and it's growing. And, uh, you know, we've, we've seen it in the news and I think we're just going to continue to see it and we're going to continue to see kind of an increased prevalence of it.
So, um, just getting into a little more detail, you know, we talked about the fact of how it's kind of a general umbrella term and you got, you have a few variations of how it can actually play out. So it can be as simple as just stealing your sensitive data and then threatening to release it. Like you said, the cosmetic surgeon, uh, they, they got ahold of that data and basically threatened to release it. And then they went person by person and threatened to release it to those individuals. Um, and it can also be used in the way that we've kind of referred to it as where essentially access to your own valuable information, whether it be your database, whether it be client files, whether it be the systems that you need to conduct your business, basically they'll lock up access to that information and then hold that ransom, your ability to, to access and use that information. And they'll, they'll look at what you do and what you, what they think you can afford. And they'll make these, these ransom demands and they get, I don't know, you know, you don't ever see the statistics, but on most of the famous ones that you've heard about, the ransom was paid because they do, they lock, they lock you up your business, whatever it may be, can't function as certainly immediately. And without some, you know, there's, you know, we'll talk about it or some things you can do, but, uh, but it's, it's debilitating.
It's absolutely debilitating. So, you know, if you guys have any questions, uh, we always encourage you to reach out to us. Um, the phone number, you can always give us a call. It's 1-800-659-1186.
Again, that's 1-800-659-1186. We always encourage you guys to reach out with any questions you may have, whether it be about ransomware or whether it be about anything. If you just want to tell us how you're doing, uh, questions that's questionsplural at theoutlawlawyer.com. And then again, you can always visit us at our website, which is www.theoutlawlawyer.com. We've got some great classic episodes. We encourage you to go revisit there. Um, but we're going to take a little break. We're going to come back and we'll keep on talking about ransomware and we will keep on start digging into some things you can do to prevent it. And some of the things to look for and be aware of to, to keep yourself safe.
How does ransomware work? You ask? Well, we'll tell you after the break. All right, Joe and Josh back with you here on the Outlaw Lawyer. As always, we encourage you to give us a call. If there's something you want us to talk about, uh, you want to talk, do you want to talk to me and Joe and more of our personal capacity as lawyers with Whitaker and Hamer? Either way, you can call us at 1-800-659-1186. That's 1-800-659-1186.
That line is set up to take your message. So make sure to leave us contact information and we'll reach back out to you. You can also email us at questions at theoutlawlawyer.com. Uh, our website is theoutlawlawyer.com and that's where we archive our past episodes. So you can listen to those there.
And then we do live on social media as the Outlaw Lawyer on Facebook and Twitter. But today the topic is ransomware. Um, Joe, one of the things that I think a lot of people, they hear the term, but how does ransom, what does it do? How does it actually work to accomplish, uh, getting money into the pockets of the bad guys?
So we talked about it a little bit. It's basically a type of malicious software and what it does. And again, it comes in various forms and we're strictly talking about the variation where someone's going to lock up your access to your own files and make you pay to get access back to them. So you've got a type of malicious software that's going to get delivered to you in several different ways, but generally it's going to be you inadvertently provide the information that gives the hackers access, or you click on something that's going to allow them to install the back door to get into your system. And what they're going to do is they're going to encrypt the files on your system. So once the ransomware is on your computer, it's going to systematically encrypt pretty much every file on your system and lock it up to where you need what's called a decryption key to access them. And then the hacker is going to withhold access to that key until their payment's received.
And then you hope, I mean, I guess the hope is that they do give it to you. I know I read like a, I think on the colonial pipeline, they paid the ransom. I guess they didn't want people to know they did that, but they paid the ransom and then they got a key and then it didn't really work.
It didn't really work all that well. Um, but I know this happens all the time cause they encrypt your data, but then they also have your data. And it's just one of those things like where does, where does the blackmail even stop once that happens? Yeah. And it's, it's funny you mentioned that and it's a good point because like you said, once I don't think I can't, I wouldn't handle any hostage situation well, because I don't trust, I don't trust that I'm going to hand over the money and then I'm getting back anything. Like I guess I'm just a natural pessimist in that way.
But, but you're right. It's a big concern. And that handoff is such an interesting concept that I would have a very difficult time and struggle with. And, and one thing we'll talk about is the fact that there's actually third party companies now that will handle the negotiation of that payment and that handoff process for you.
That's how prevalent this has become. Um, so yeah, you don't know, you don't know if they're going to comply. You don't know if they're going to give it to you, which is why again, the best method to prevent the situation is just don't allow it to happen in the first place. Cause once it does, you're going to see that there's very few options and you're really at their mercy. And another thing that is difficult and that really can cause further problems is say they give you the key, say you get all your information, uh, everything's great, right? Well, they can keep a back door into your system and they could jump back in at any point, you know? So there's no, once it happens, it's like the only foolproof method is like to just scorch the earth, start over, destroy your computer, smash it, uh, start to change your name.
That's might be extreme, but you know what I'm saying? There's no great solution to get out of it. And yeah, that, I think that specter has to hang over your head and there haven't been a lot of, there's not a lot of repeat business in the ransomware industry. Like there's not a lot of, uh, from, you don't hear a lot about a lot of people being targeted multiple times, but that's kind of counterintuitive. Cause if you get an easy mark, you would think you're just going to keep hitting them up constantly. You know, you think, uh, you're thinking like a bad guy there.
I'm not, that's not me, Josh. I'm just trying to put myself into the shoes of the, uh, the hackers. But I just, I can't imagine how, how demoralizing it has to be having to pay someone to access your own information, your own files and things like that.
But yet it happens all of the time. The, um, so who are usually victims or targets of ransomware? Like who, who, who are they seeking when they, when they, when they plan out who they're going to target?
Yeah. So, you know, there's a wide variety of targets. We've talked about it.
We've talked about the fact that they, uh, it, it really varies. And so I think it kind of started off with the individuals, the home computer user, regular people, just like me and you. Uh, it reminds me of like, if you're ever on Facebook, I know you've, you've talked in the past, you spent a substantial amount of time on Facebook. And one of the things, if you have any elderly friends on Facebook, you see like 60 times a day is I've been hacked.
Don't accept a friend request from me. Um, and so these are the, these people are being targeted. You know, there's probably a lot of individuals.
Um, and then gradually over time as the, the ransomware practitioners saw that individuals were willing to play, I think the volume of attacks increased and the targets kind of escalated to small businesses, to medium sized businesses. And then eventually they start targeting those super high value targets, like the pipeline and things like that. Well, you know, targeting the individuals is crazy because you think this is, these are organized. These are organized bad guys. You know, these are, uh, criminal enterprises based usually almost a hundred percent of the time, I think outside of the U S S so, you know, you've got, you've got these, these hackers, these ransomware folks that they, they track to being somewhere in China or somewhere in Russia, you know, the jurisdiction that we may have, like the, you know, it's almost like they're never going to get in trouble for this.
Yeah. And I don't even know, I don't even know that we can say that with full confidence, because I think that's part of the issue with the way that they carry these attacks out. And then the way that they're getting paid, it's so difficult to track. So how do you even really know where they are? Josh, how do we know it could be you, Josh? It's Facebook. It's I was reading my Facebook newsfeed. I'm pretty sure that did you click on anything?
I can't recommend that you click on anything. And I understand, you know, the, the older folks who are on Facebook that you're talking about, like there's a, you get to a certain age where you draw a line in the scene and then that's it. That's as, that's as technologically advanced as I'm going to get, man. I tell you, I'm very, you know, I grew up my generation, uh, heavily involved in, you know, the, the internet when it first became a thing.
And, you know, you, you kind of, you're entrenched in that. You get used to that and then gradually technology evolves. And I can't even imagine how helpless I'll be when my kids are older and their wave of technology comes in.
And I'm not looking forward to it, man. I tell you, I remember a time in my household and we were in, I was in elementary school and I was young in elementary school to give myself some credit, but I remember we bought something called a Commodore 64. I don't know if you ever had a Commodore 64. I didn't have one, but I know what it is. I'm familiar. We had to move the typewriter.
All right. So we had to take the typewriter and that went in the basement and then we all sat around and hooked up, uh, the Commodore 64. And that was an amazing time and it has nothing to do with ransomware.
I think you make a great point though. No one's ransomware in your typewriter. Why don't we just go back to the old fashioned clicking the, clicking out the letters, just send all your mail, snail mail Commodore 64 had the print shop. It was a very fancy program that you could print out banners and birthday cards.
And then there were video games and that's probably where we should have stopped for safety. Yeah. Yes.
I say we stop at banners. Who needs anything more than that? Uh, but it's, these are, these are the people doing this, these are criminals and there's, there's a financial motive. They're doing this, they're spending money.
You gotta spend money to make money in crime. They're spending money. It's a financial motive. That's what drives these attacks. They want money. And I don't even know that they're really spending a lot and it's not like they're having to expend substantial resources. Uh, a lot of the time they, the way that they get in, it's just a simple person clicks on something they shouldn't click on. They're going to, like you said, they shoot it all out.
They're going to email tons of people and they're going to hope someone accidentally or intentionally clicks on something, provides the information they need and then they're in. And then at that point, that's it. They've got you. Yeah.
And so then your computer basically is as useful as a Commodore 64 after that. Yeah, you've got, there you go. You've got your own and they can't even play video games or make cards or banners. Yeah.
So there's, there's the distinction there. So there's the, there's the ransomware actors that are looking to hold your things ransom and get payment from you. And then there's some people that just are terrible human beings that just want to watch the world burn and they'll literally just infect your computer just to brick it, just to give you a bad day or to ruin your time.
So those people are out there as well. And so this is why it's important, you know, if you, if you run a business, you need an IT professional. Like, you know, when I first opened my law firm, we, I was the IT professional at the law firm and, and, and those are the days and not that that's good, but that's how it was. You just opened up a business, but, but yeah, you, especially in the, in the line of work that we're in, like IT support went from being a very small part of our annual budget to quite large, quite large. And God only knows where that budget will grow to in the future.
Because again, this is an evolving thing that's continually changing and kind of a really evolving. We're going to keep talking about ransomware, but I want to remind you that you are listening to the Outlaw Lawyer. You can reach Joe and I at 1-800-659-1186.
That's 1-800-659-1186. You can email us at questions at theoutlawlawyer.com. You can visit us at theoutlawlawyer.com. That's where our old episodes, our old episodes sounds bad, archived episodes live. Classic episodes.
Vintage. Our greatest, we're putting out a greatest hits album. And then on Facebook and Twitter, we do exist there as the Outlaw Lawyer. Coming up next on the Outlaw Lawyer, we are going to talk about how to prevent ransomware attacks and what you can do to protect yourself. All right, we're back at the Outlaw Lawyer.
Again, I like to remind people, Joseph and I enjoy doing the show. We enjoy sitting down in the studio and pumping out these Outlaw Lawyer episodes for our listeners. But what we actually do for a living is we are attorneys. We are the law firm of Whitaker and Hamer. We have offices in Riley, Clayton, Garner, Fuqua, and Goldsboro. Lots of attorneys in our law firm.
Lots of staff. We'd be happy to help you. Real estate transactional, family law, personal injury. We want to be your resource, your legal resource. That's one of the reasons we're doing this show, the Outlaw Lawyer. And so today we're spending some time talking about some things we've seen affect our very own clients.
It's something we have to take into consideration in our own law firm. We're talking ransomware attacks. Ransomware. We're back discussing ransomware.
What would you say? We talked about ransomware hackers. We talked about where they may be. We don't know where they may be. You speculated they are overseas somewhere.
What do you think the typical ransomware attacker looks like, Josh? In my mind, and this may be more movie related, but in my mind they are of Russian descent. They're Russian. I got this facility. A Baltic accent. That's right.
I've got an Eastern European Russian hideout where everything in the whole world is like eight guys. That's what I'm envisioning. That's accurate. It was either that or it was either guy living in his mom's basement, very computer savvy, eating Cheetos. That was my guy. I like your guy better. I like yours better.
I got like a Bond 64. That's a cooler way to think of it, but I think more realistic, it's just a guy that spends a lot of time on computers and is like, let's do this. I don't know.
We'll never know. But these people, they're motivated by money. We talked about that and they realize people are going to pay to get their files back because once again, once you've been got by these things, you've been got, and if you need access to your data urgently, you don't really have many other choices, but to pay. So Josh, what can you do?
What are some things you can do to either prevent it or to mitigate that damage? Well, I think IT folks would tell you the first thing you can do is really just to back up. Whether that, I mean, personal files, I'm guessing Dropbox or anything like that is probably a good idea, but even as a business, you back up. You back up every day.
I think you do. I think that's the solution because, and again, that may not be the perfect solution because we're simplifying this. Certain systems could be locked up that you can't really back up and you can't have access to them. And this doesn't help you in that scenario, but any other kind of data, if you can back it up and if it gets locked up then, but you're, you have a current backup that you can just restore to, then you may not be in a situation where you even need to pay the ransom. It could just be something you could access that backup and keep on rolling along. But I think it's an important distinction to make sure that that backup is kind of separate from your, your existing server.
It's not something that they're going to be able to access through the back door as well. And that's an additional safeguard that you got to kind of put in place or else it's not really in a super effective method of prevention. You know, we, we think about that a lot, like in our situation, we back up the data that we need to back up offsite in the cloud and the magic cloud.
And then, you know, we, a lot of people are going to, um, where, you know, your system doesn't live on a hard drive where your, your system is you log in via the internet and your, you know, cloud-based system. So, you know, it's also a little disheartening that like a colonial pipeline got taken so hard, you know, like, uh, you colonial pipelines making millions and millions of dollars a second, I would think. And yeah.
How do we get that job? Yeah. Uh, you know, it seems like we, it just seems as we should be more prepared and that's what we're talking about here, but yeah. Uh, backing up, that's a big deal.
Backing up. And like you said, you mentioned, you mentioned the cloud and that's true a lot. You know, I think, I think we're moving more towards the cloud. A lot of people are probably already a hundred percent cloud exclusive, but the cloud is not a perfect solution because the cloud is vulnerable as well. Your cloud account is only as good as your password or your credentials and your safeguards on those things.
So if you fall victim to a phishing scam, you're just as likely to give them the access to the cloud as you are to give them access to your, your physical server. So again, it's your protection is only as good as you or your employees ability to discern the scams and not fall victim to them. The, you know, the big thing is really just, you know, if you get an email from somebody you don't know, I mean, it's that simple, right? If you get an email from somebody you don't know, you got to at least look at it real hard. Yeah.
So, you know, it's a developing field and, and you said it, and we'll touch more on that. Uh, you know, there's, there's tools that are in place. There's things out there that can help safeguard your computer.
I remember there was a time where like Norton antivirus, you would think that's the B that's it. I've got that. I'm safe. I can do any, I can go anywhere on the internet with no worries and no cares.
Nothing could touch me. And you'd like press a button to run it. And it would take 72 hours to cycle through your entire computer. And these are all things that are valuable. You know, firewalls are valuable. Antivirus programs are valuable. Anti-spam filters are valuable, but the real wildcard and the way that these people succeed is really just that element of human error. They're targeting individuals and the main tool that they're using are these phishing emails. So all you got to do, you can have the best firewalls, you can have the best protections. And all that has to happen is one email gets through to a person who doesn't understand. They click on it and you're, you're completely, you're completely bummed.
Yeah. You can never, you can never be hacker proof. And a lot of this comes back to training, which you think, uh, I mean, I, you kind of think a lot of this goes without saying you think it would be easy for most people to catch a phishing attempt, but it's, it's not.
And people, they have to be trained. As my grandmother who just got hacked on Facebook would say, it's not the easiest thing to discern. And I think the single most important thing that you can do as a business owner or as yourself is train yourself on what to look for, how to identify questionable email. When something looks suspicious, um, you should be able to immediately look and determine this is questionable. This is fishy and you should know what to do when that happens. I know at our firm, if there's ever any question you, you delete, right? If there's, you know, if it's important, somebody will reach back out. God, I delete a lot of emails from people.
This looks, this looks bad. Click they'll find me somehow, but y'all, you always err on the side of caution. And I think, I think people understand that these days, you know, I think people know, uh, that you just have to be, you have to be careful.
Yeah. I think as a baseline rule, step one, don't click on anything, especially if it's fit, you know, especially if it looks questionable, um, and then don't respond to the individual sender of something that looks suspicious. You know, that's, that is the advice that the professionals give you.
And I've myself not heeded that. There's been several times where I've gotten a clear fraudulent email and I just mess with the person. I like to do the, tell them to call me and give them the local police department number line.
That's a good one that I like to throw out there. I don't recommend that. I recommend don't engage them because again, your chances of, of getting scammed go up. Um, but you really need to be able to identify what is fishy and immediately spam it or deleted. You know, at the firm we do, we do a lot of, uh, real estate transactional. We represent buyers and closings and, uh, refinances. And we work with a lot of title companies and lenders and, and real estate agents.
So we all the time have people emailing us that maybe we've never emailed before. And so it really does become an art form on, on trying to figure out, and some will be secure. Some will be unsecure. You know, you got federal laws.
We at the firm have to send certain things out secure and unsecure. And it just, uh, you just, it's like a sixth sense. At some point, you just get used to seeing stuff.
I was going to say Spidey, a Spidey sense. And you really do. Like I can, it's a skill you, you get used to, I can look at an email and almost from the, either the, the person's email or just the subject line, you can immediately be like, yeah, this is, this is bogus.
This is not a thing. Yeah. We, we always get the ones, our emails are on our website so people can get in touch with us.
And there are certain, you know, you know, that is, it's available to anybody who can search the web. And so we get a lot of the ones where people pretend to me, me or Joe and email staff about getting some, what are they getting? Some debt.
Yeah. Gift cards. You've emailed me a bunch of times like, Hey, I'm stranded in Haiti.
Can you send me a $600 Amazon gift card? You know? So I mean, it's, I wouldn't send you that if that was you, by the way, like, I don't like you a lot one day. I'm really going to be stranded in Haiti out of nowhere. No one's going to help me.
Just call me, man. Yeah. Well, that's what it does.
It doesn't make any sense. So you said it earlier. If you get an email from someone you don't know, that's your first red flag. It's immediate red flag.
We flagged that. And we immediately say, this is most likely, I think you treat that as a scam until that person like shows up in front of you with their physical identification and shakes your hand and proves that they're a legitimate person. I think the, I think the thing to take from this, it's just really, you know, individual, I don't know how many emails people get in their personal accounts, but you know, it just takes your time. And I think personal, it's probably pretty easy, depending on what kind of business you're in, it can be tougher, but just, you know, look at the email address that's coming from, man. That's what I keep telling, you know, anybody can, can create an email address and then put Josh Whitaker in it, you know, then go email on everybody.
You got to look at you. That is not a call to our listeners to create an army of fake Josh Whitaker emails, a bunch of Josh Whitaker bots looking for, but anyway, and don't email me as Josh asking for an Amazon gift card. We are The Outlaw Lawyer. Our phone number is 1-800-659-1186.
Email us questions at theoutlawlawyer.com. We'll be back after the break. Coming up on The Outlaw Lawyer, we wrap up our discussion of ransomware with some more hallmark signs to look for, some tips for prevention, and some third-party assistance with these issues. Joe and Josh back with you on The Outlaw Lawyer. Joe, one of the things I think we need to make clear is no one ever has gotten an offer in their email that resulted in them getting a million dollars.
That's fantastic point, Josh. The Prince of Nigeria is not going to be emailing you. You have not just won a billion dollars magically. You know, if anything is important enough, any email is important enough to warrant a response from you, you should basically immediately be able to discern the veracity of that email. If you even have a slight doubt or question about it, if it seems too good to be true, don't respond. You know, the problem with a lot of spam email or unsolicited email, especially if you've had no business with that person, is that it will kind of call out to you. And if you respond, as soon as they realize there's a live person behind that email address, they're going to keep plugging. They're going to keep trying to get you. But if you don't respond, a lot of times they're just going to move on to the next target. Yeah. And again, that scam, I think, you know, I think most people have, have figured that, that scam out, you know, and then not to respond. And, but I guess there's people out there who's still falling for that, but it, they get more sophisticated.
They do. And I think one of the things you can do is really take your time, go slow and pay attention to the details. Anytime you get an email from anyone and they are expressing some great sense of urgency, nine times out of 10, that's going to be a scam. Yeah. It's usually how they, you know, that's the, uh, I guess it's more of a phone scam, but that's kind of the power. I know the power, the electric bill is going to be shut off kind of thing is, is one of those, but yeah. And, or someone's in trouble in Haiti or someone's in trouble overseas.
I, that never happens, right? There's nothing that urgent. That's going to be discussed via email. 99% of the time, it's going to be urgent because these are, they're not, they're not playing long cards.
They're not here generally. They're trying to get you quick and get out. So if you see urgent or if you see, please help with an exclamation point, anything that expresses that sense of urgency, I think you have to look at that and you have to really scrutinize whatever you're being sent.
Yeah. The IRS doesn't email you saying they're going to, you know, foreclose on your house. Your lender's not going to email you. The power company doesn't email you to cut off. You know, that's just not the way it works. That's a slow mail stuff. No one wants to send you money ever.
Period. You're not lucky. We're not, it's just not a thing that's going to happen. And so again, I always assume these things are too good to be true. Scrutinize those things and protect yourself from it. But people do it. People fall victim to it. People give away their sensitive information. That's another thing.
I think it goes without saying, but I think we'll say it because like you said, it happens to people. No one's going to be asking you for your social security number, for your routing number, for your account number, for your bank. These are not things that someone's going to cold ask you from an email. So just don't give it to anybody.
All right. So let's assume, let's assume that all of our warnings have gone unheated and, uh, you, you, you, you click on the ransomware email, you've responded to it. What do you know? The hackers are, are onto you. They've got a, they've got your stuff. They're going to demand a ransom. Where do we go from here?
So there's really, there's two steps. Step one, contact law enforcement. I think that's important to get them involved, especially if you're talking about something on a larger scale, contact law enforcement. They may not be able to help you because again, these people are kind of veiled behind a lot of safeguards.
They're difficult to track. And then step two, unfortunately is be ready to pay. I mean, that's really it. There's no magic solution to recover these things. And like we said, once they've got you, they've got you. So there, there's a lot of debate and hand-wring about whether paying these ransoms is what you should do. But the sad reality is, is that at that point, it might be the only option that you've got. And that's sad to think that, you know, but you're right there law enforcement. Um, you know, if the, if they can't locate the folks, I mean, law enforcement, I think this is something that your local law enforcement, and this is no shot at them. They're just ill-equipped to handle.
Yeah. I think that's fair to say it's, it's a newer field. Uh, uh, a lot of times they may not have the resources to devote to this specific subset. And again, that may change as this becomes more prevalent, but yeah, once you get got, you're likely going to be got, uh, unless you, you pay. So one thing that you can do, and we, we touched on this briefly earlier is the fact that, there are actually third-party companies out there now that will negotiate down whatever that, that ransom amount is for you and kind of settle that matter for you and handle that, that handoff process to give you some added layer, I guess, of feeling good about it and feeling better about it. Um, but, but this has developed so much that there are actually companies that are doing that at this point. It would be crazy if one of those third-party, uh, in between agent companies were also like the bad guys should say, one of those. See, look now you're thinking, you're thinking like the criminal, you have two criminals.
Uh, but, but yeah, I mean, any of our Russian listeners in the basement right now are listening. That's like the gold mine, Eureka moment for them. You set them up for success.
But, but yeah, I mean, it's, it's, I mean, I'm glad I personally haven't had to be in that situation as, as of yet. I guess it could happen to anybody, but, you know, at some point law enforcement, FBI, but you're, I mean, none of that matters because at that point you're toast. At that point, what are they going to do?
What are they going to do for you? So, um, another thing that you can look into, and this is an, again, a newly developing area, cyber insurance, you know, cyber insurance is a newer thing. And, uh, that is something that can step in in this situation. And you still are going to have to pay some money. You're going to have to make a claim.
You're going to have to pay a deductible, but sometimes that can be something helpful to give you peace of mind. And that may not be the answer for everybody, but if you deal in sensitive information and you have susceptibility to these types of attacks, it may be something worth looking into. You know, this is another thing taking us back to when we started the firm back in, uh, 2000 and I guess four, when we started the firm and you told me that one day we'd be paying a substantial premium for cyber insurance, I would have called you crazy, a substantial premium, but cyber insurance, like a law firm that, that handles real estate transactional, real estate transactions, you're going to, you have to have cyber insurance.
Now it's just, it's part of the deal. This is you need to protect your clients, especially if you're holding client funds, uh, client information, you need to protect your clients. You know, every attorney should have malpractice insurance, you know, insurance, errors and omissions insurance, but now you also have to have cyber insurance. And again, we talked about the fact that it may not be right for everybody. It may not be right for every business. Uh, if you're doing transactional real estate, I think it's almost a must, but a lot of these insurance companies, they're going to give you basically a security audit and there's going to be things you've got to comply with, certain standards you have to meet that just may not be feasible if you're a small to even medium sized business. So it may not be the answer for everybody, but it's definitely worth looking into if you work in a field where one of these attacks could really affect you. So, um, another thing that we can talk about some is the rise of kind of third party monitoring and, and third party it services outsourcing that.
Yeah. So that's, that's important. You know, at our law firm, we have, we have a company that watches our servers and watches for intrusions and watches for, you know, installations of malicious software. I mean, we, we, we're paying somebody to have our cyber, I'm doing quotes, cyber back, our cyber back.
They've got our back in real life and they have our quotes cyber back as well. But you can't, you just, you can't be safe enough. And all the stuff that we've done at Whitaker and Hamer, I mean, that's what businesses, uh, around the world are doing and you're doing everything that you can possibly do. Like if there's anything that makes your clients any safer, like we were going to do it. Um, but it's still not a hundred percent as an attorney, I'm worried about the law and I'm worried about knowing the law. And I can't know the law plus the recent developments in the cyber fraud world.
So if you've got the means to do it, pay a professional, pay someone who is very well-versed in this and who sees it every day and who knows what to look for and who can compete with the Russian eye patch guy in the basement that's doing these crimes. But that's, it's, it's every industry it's spreading. It's going to be until we figure out a way as a, as a, you know, as a world or a country to, to put a stop to this and reign it in, it's, it's only going to get worse.
And as long as there are people who can't discern a fraudulent email and are willing to click on anything or put in their information to any phishing scheme, then this is going to still be a thing. And you're only as good as your least competent employee that is willing to click on something like that. It's a danger for really a business of any size. So again, train your people, talk to them about it, play this episode for them, play this, play every episode for them. I think that would arm them with all kinds of knowledge, but, uh, you need to be informed.
They need to be informed and it's something that is going to continue to grow in importance. Well, Joe, you know, I like to tell everybody again, Joe and I, we are attorneys with the law firm of Whitaker and Hamer. If there's ever anything we can do for you, we'd like to be your legal resource. We'd like to be able to help you. You can reach us here at the Outlaw Lawyer or Whitaker and Hamer by calling 1-800-659-1186. That's 1-800-659-1186.
Again, that message, that line is set to take a message from you. So leave us some contact information, leave us your question or concern. Um, you can all, you can always email us questions at theoutlawlawyer.com. Uh, that comes right to us. Uh, our website is theoutlawlawyer.com where our vintage episodes live and on Facebook and Twitter, we are the Outlaw Lawyer. And I really would like to encourage if you're out there, you're listening. We'd love to hear from you. We'd love to tailor an episode to talk about something that you're seeing that's happening to you or in your industry.
Like we really would like to tailor this. So it's as interesting as possible to our listeners. We want to cater to you, our listener, and we love to interact with you, our listener. We personally love each and every one of you like our own children and, uh, reach out to us, interact with us, and we would be more than happy to talk about the things you guys are interested in. All right. Well, that's it for this week. Uh, hopefully you guys will be tuning in next week and we'll, uh, we'll talk to you then. The attorneys appearing on the show are speaking in generalities about the law in North Carolina and how these laws affect the average North Carolinian. If you have any questions about the content of the show, contact us directly.
Whisper: medium.en / 2023-05-30 14:03:37 / 2023-05-30 14:28:43 / 25