Artwork for podcast The Backup Wrap-Up
Preparing an incident response plan for ransomware
13th March 2023 • The Backup Wrap-Up • W. Curtis Preston (Mr. Backup)
00:00:00 00:49:07

Share Episode

Transcripts

Speaker:

We've got another good one for you on the topic of ransomware this time, it's

Speaker:

about how to prepare for a ransomware attack with an incident response plan.

Speaker:

Hope you enjoy the episode.

W. Curtis Preston:

hi, and welcome to Backup Central's Restore it All podcast.

W. Curtis Preston:

I'm your host, W.

W. Curtis Preston:

Curtis Preston, aka a Mr.

W. Curtis Preston:

Backup, and I have with me my super expensive vacation planner coordinator.

W. Curtis Preston:

How's it going?

W. Curtis Preston:

Prasanna,

Prasanna Malaiyandi:

I'm doing well, Curtis, how are things going?

Prasanna Malaiyandi:

Are you excited?

W. Curtis Preston:

I am excited, um, uh, and my wife is starting to get excited.

W. Curtis Preston:

I started showing her some pictures a while ago and she's

W. Curtis Preston:

been like downplaying it.

W. Curtis Preston:

Like she doesn't want to get excited.

W. Curtis Preston:

She wants to be sort of, Excited, but I needed her to prep for the vacation

W. Curtis Preston:

because this is, so this is, we're going to the Maldives, uh, which for

W. Curtis Preston:

those that don't know, is a series of islands off the southern coast of India.

W. Curtis Preston:

And, um, and, and I'm on one of those islands and, and it's a tiny island that

W. Curtis Preston:

literally we could walk from one end to the other in probably about 10 minutes.

W. Curtis Preston:

Um, and.

W. Curtis Preston:

We're staying in one of those, uh, for the first couple of nights we're staying

W. Curtis Preston:

in one of those things over the water,

Prasanna Malaiyandi:

:

Oh, the Villas over the.

W. Curtis Preston:

villas over the water with our, we have our own

W. Curtis Preston:

pool, and then right on the other side of the pool is the ocean.

W. Curtis Preston:

And then for the rest of the week, we're staying in a, a deluxe, um, beach.

W. Curtis Preston:

Uh, Villa, which basically you, you have your own private section to the beach.

W. Curtis Preston:

Um, I mean, it's really, really cool.

W. Curtis Preston:

Uh, but it's the

Prasanna Malaiyandi:

away your

W. Curtis Preston:

we've ever gone.

W. Curtis Preston:

What's that?

Prasanna Malaiyandi:

Can I stow away in your luggage

W. Curtis Preston:

Yeah, I mean, it looks really cool.

W. Curtis Preston:

Um, and, uh, we're very excited.

W. Curtis Preston:

I'm just trying to, you know, what happened was, I saw this movie last

W. Curtis Preston:

week, it's really kind of funny.

W. Curtis Preston:

It, it's a horror movie called Infinity Pool.

W. Curtis Preston:

and it was about a book author who goes with his wife to a resort island.

W. Curtis Preston:

And I watched it and one of, one of the things I said, I was like, wow,

W. Curtis Preston:

everybody's really nicely dressed there.

W. Curtis Preston:

Maybe I should have my wife look into the way she should prepare for the trip.

W. Curtis Preston:

Cuz if she shows up and you know, , whatever, and then she sees

W. Curtis Preston:

everybody else dresses some other way.

W. Curtis Preston:

She's gonna be really mad at me.

W. Curtis Preston:

So that's the phase that we're in right now is, is, um, looking at

W. Curtis Preston:

their, looking at their Instagram account, So this is what we're doing.

W. Curtis Preston:

We're looking at the Islands Instagram account, uh, and looking

W. Curtis Preston:

at the way people dress there.

W. Curtis Preston:

And, uh, I think we'll be okay.

W. Curtis Preston:

Uh, they're, um, I, I will say everyone on their Instagram account looks a

W. Curtis Preston:

lot younger than us, but you know,

Prasanna Malaiyandi:

Have you not heard about Instagram filters?

Prasanna Malaiyandi:

Oh, speaking of, did you hear, I know you're a big movie person, Curtis,

Prasanna Malaiyandi:

but they're making a movie with Tom Hanks and someone else, and they're

Prasanna Malaiyandi:

gonna use AI to make them look younger.

W. Curtis Preston:

really

Prasanna Malaiyandi:

:

Yeah, I can't remember.

W. Curtis Preston:

to make who look younger, Tom

Prasanna Malaiyandi:

Hanks.

Prasanna Malaiyandi:

Yeah, Tom Hanks and someone else.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

I, I don't remember the name of the movie or who the director was, but

Prasanna Malaiyandi:

I read that somewhere the other day.

Prasanna Malaiyandi:

I was like, I should tell Curtis

W. Curtis Preston:

AI is gonna be the death of us.

W. Curtis Preston:

That's a whole other podcast.

Prasanna Malaiyandi:

which is go listen to Curtis's other podcast,

Prasanna Malaiyandi:

other, other podcasts with you and Jeff talking about movie.

W. Curtis Preston:

is, yeah, we, uh, it's called the things that

W. Curtis Preston:

Entertain Us and, um, the, uh, yeah, so, uh, not too many episodes, but

W. Curtis Preston:

yeah, basically we end up mostly talking about movies that we've seen.

W. Curtis Preston:

Um, and, uh, I'll be talking about in our next recording about this, this

W. Curtis Preston:

movie be called The Infinity Pool.

W. Curtis Preston:

Anyway, it's, um, an interesting movie.

W. Curtis Preston:

So speaking of interesting, we're having our, a repeat guest and,

W. Curtis Preston:

um, we, we had her on, uh, a few weeks ago and we got talking about

W. Curtis Preston:

ransomware, one of our favorite topics.

W. Curtis Preston:

And we, we, we got into this phase where it was like, you know what?

W. Curtis Preston:

That, that is a great conversation, but there's no way we could, we could

W. Curtis Preston:

do it justice on that recording.

W. Curtis Preston:

So it was, Hey, we're gonna have her come back.

W. Curtis Preston:

And, uh, she is, uh, she's been in the industry for quite a while and she's been

W. Curtis Preston:

specializing in, uh, she's done VMware.

W. Curtis Preston:

Uh, she did.

W. Curtis Preston:

Now she's, she's working, uh, Starting to specialize in security and ransomware.

W. Curtis Preston:

So we're, uh, and she's the author of the vmiss.net blog, and we are

W. Curtis Preston:

excited to have her on the podcast.

W. Curtis Preston:

Again, Melissa Palmer, aka @vmiss.

W. Curtis Preston:

How's it going?

W. Curtis Preston:

Thank you for

Melissa Palmer:

having me back.

Melissa Palmer:

It's going good.

Prasanna Malaiyandi:

I was surprised that you were like, Ooh, I'll

Prasanna Malaiyandi:

come back on the podcast after

Melissa Palmer:

yeah, that was, of course, when I come back

Prasanna Malaiyandi:

Well, thank you for

Melissa Palmer:

scare.

Melissa Palmer:

It takes a lot more.

Melissa Palmer:

You said it.

Melissa Palmer:

I've been in around this industry for a while.

Melissa Palmer:

It takes a lot more than that to scare me away after all these years.

Prasanna Malaiyandi:

And Curtis, I think, uh, now might be a good time

Prasanna Malaiyandi:

to put out our normal disclaimer.

W. Curtis Preston:

Yeah, prasanna and I work for different companies.

W. Curtis Preston:

Uh, he works for Zoom.

W. Curtis Preston:

I work for Druva.

W. Curtis Preston:

This is not a podcast of either company and the opinions that you hear are ours.

W. Curtis Preston:

Also, be sure to rate us at, uh, Uh, rate this podcast.com/restore

W. Curtis Preston:

and, um, if you wanna join the conversation, reach out to me.

W. Curtis Preston:

By the way, I, I gotta give a bunch of ways cuz I, I got some

W. Curtis Preston:

complaints and people say, well, I don't use Twitter anymore.

W. Curtis Preston:

So how you give your Twitter address.

W. Curtis Preston:

So my LinkedIn is, you know, linkedin.com/ally/mr.

W. Curtis Preston:

Backup.

W. Curtis Preston:

Uh, you can find me there.

W. Curtis Preston:

Uh, you can find me on Facebook.

W. Curtis Preston:

I'm on Facebook, Facebook Messenger, but my email is, uh, w Curtis Preston.

W. Curtis Preston:

Uh, my Facebook is w Curtis Preston.

W. Curtis Preston:

I'm pretty easy to find if you're looking for me.

W. Curtis Preston:

Um, and reach out to me and we'll get you in on the, on the conversation.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Um, the, um, this, this thing of responding to a ransomware attack,

W. Curtis Preston:

this, this is something I've been spending a lot of time on lately, uh,

W. Curtis Preston:

because I've been, I'm, I'm working on writing my next book, which will be

W. Curtis Preston:

about responding to ransomware attacks.

W. Curtis Preston:

You know, one of the things that you said in the pre-call was that if, if

W. Curtis Preston:

the first time you're thinking about responding to a ransomware attack is

W. Curtis Preston:

after you got a ransomware attack,

Melissa Palmer:

Um,

W. Curtis Preston:

it's not so good.

W. Curtis Preston:

Right.

W. Curtis Preston:

, there's a lot of, yeah.

W. Curtis Preston:

In fact, when I was looking at the, sort of the outline that I've been

W. Curtis Preston:

working on for the book, most of the outline is the first half , right?

W. Curtis Preston:

Everything that you need to do before, right.

W. Curtis Preston:

Um,

Melissa Palmer:

that's, it's like you can't just talk about

Melissa Palmer:

ransomware recovery, right?

Melissa Palmer:

Like, it, it, it's a hard topic to talk about because you're like,

Melissa Palmer:

there's all this other stuff that if you haven't done it, guess what?

Melissa Palmer:

You are not gonna be able to recover.

Melissa Palmer:

So we can't just talk about recovering.

Melissa Palmer:

It doesn't work that way.

W. Curtis Preston:

Right.

W. Curtis Preston:

It's sort of like I, I've made the joke, uh, a few times probably on

W. Curtis Preston:

the pod where I've said, listen, you know, I've been in the backup

W. Curtis Preston:

industry, you know, a long time.

W. Curtis Preston:

I, I've decided to give up backups and I'm just gonna skip straight to restores.

W. Curtis Preston:

Right?

W. Curtis Preston:

You can't really , you can't really do that.

W. Curtis Preston:

Just like I've also said that if I'd have known how great grandkids were,

W. Curtis Preston:

I would've just gone straight to them.

W. Curtis Preston:

Um, but not, not really

Prasanna Malaiyandi:

:

It's not how it works.

Prasanna Malaiyandi:

:

Yeah.

W. Curtis Preston:

Yeah.

Melissa Palmer:

It is a really good analogy though.

Melissa Palmer:

It really

W. Curtis Preston:

Yeah, it is, it is.

W. Curtis Preston:

By the way, you want a little, little sad thing.

W. Curtis Preston:

So my granddaughter and her mother and, and her husband,

W. Curtis Preston:

uh, are, this is their last day

Prasanna Malaiyandi:

Oh, I was gonna ask you about

W. Curtis Preston:

been living here for a while, and they're moving out tomorrow.

W. Curtis Preston:

So,

Prasanna Malaiyandi:

Hmm.

W. Curtis Preston:

little sad moment.

W. Curtis Preston:

Little sad moment.

Prasanna Malaiyandi:

No.

W. Curtis Preston:

Um, but, uh, anyway, so, you know, sorry to bring that down.

W. Curtis Preston:

So let's talk about what, what do you think, Melissa?

W. Curtis Preston:

Let, let's sort of go through those things that we really needed to have done before.

Melissa Palmer:

Uh, well, lemme, lemme try to set the stage a little bit.

Melissa Palmer:

Like, does everybody remember like, the disaster recovery tests, like

Melissa Palmer:

back in the day, you go to the colo, you got the checkbook, the, the.

Melissa Palmer:

Clipboard you make, the checkbox isn't like, I don't know, you play

Melissa Palmer:

doom for a while and eat some food.

Melissa Palmer:

Someone restores a server and it's like, well, it kind of worked and we're good.

Melissa Palmer:

Yeah, that's how old I am.

Melissa Palmer:

Um, so and then you're like, oh, it kind of worked.

Melissa Palmer:

So we passed our d r test, but we can't actually recover.

Melissa Palmer:

Right?

Melissa Palmer:

So what you need to do is actually do a ransomware recovery test where

Melissa Palmer:

you actually recover everything.

Melissa Palmer:

There's a novel concept, and when you do that, you're gonna figure out all the.

Melissa Palmer:

but you didn't do cuz it's not gonna work or something's not gonna whatever.

Melissa Palmer:

But it, it's, you know, talking from the backup lens cuz I was

Melissa Palmer:

at Veeam for quite some time.

Melissa Palmer:

Um, something I talked a lot about with Veeam customers was, you know, trying to

Melissa Palmer:

understand the whole recovery process.

Melissa Palmer:

Cuz if I'm the backup admin and we get ransomware, I don't just

Melissa Palmer:

go start restoring stuff all over.

Melissa Palmer:

Like that's not what happens.

Melissa Palmer:

It's not like, oh no, right somewhere tech, let me start restoring servers.

Melissa Palmer:

We'll be back online in 20 minutes.

Melissa Palmer:

Like it doesn't work that way.

Melissa Palmer:

, you have to figure out what happened.

Melissa Palmer:

Before you can start restoring, you have to figure out what happened.

Melissa Palmer:

You have to figure out if the threat actors are still around.

Melissa Palmer:

You have to understand what was impacted.

Melissa Palmer:

I have heard a lot of people say, um, oh, well, we treat ransomware

Melissa Palmer:

different and we just recover in place.

Melissa Palmer:

So we're good to go.

Melissa Palmer:

And I'll go back to the little VMware.

Melissa Palmer:

Yeah, I'll go back to the VMware ransomware thing.

Melissa Palmer:

Well, if your VMware environment is ransomware, guess what?

Melissa Palmer:

You're not recovering in place cuz there's nowhere to recover to.

Melissa Palmer:

Uh, so it's understanding all those different things.

Melissa Palmer:

You need to have some kind of understanding of what happened

Melissa Palmer:

before you can recover.

Melissa Palmer:

And that is generally driven by the incident response process, which is

Melissa Palmer:

gonna be driven by the security team.

Melissa Palmer:

So again, if you haven't talked to the security team before,

Melissa Palmer:

ransomware has attacked you.

Melissa Palmer:

You're gonna have a bad time.

Prasanna Malaiyandi:

Or vice versa, if the security team hasn't talked to you about

Prasanna Malaiyandi:

how backup integrates into that process.

Melissa Palmer:

that's really scary.

Melissa Palmer:

That's really, that's really, that's really disturbing.

Melissa Palmer:

Those are actually really even, I think that's

Melissa Palmer:

scarier.

W. Curtis Preston:

I think it's, it's a, it's a combination, right?

W. Curtis Preston:

Well, you know, uh, yesterday, I think that was yesterday, we recorded

W. Curtis Preston:

a, a great podcast, uh, by the way, with Tom from Gestalt, um, that,

W. Curtis Preston:

that, uh, net, uh, @networkingnerd.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

and he, uh, we were talking a lot about the networking side

W. Curtis Preston:

of the, the response, right?

W. Curtis Preston:

Shutting down things.

W. Curtis Preston:

Um, and, and using a combination of technologies, many of which are easier

W. Curtis Preston:

to use if you, if you set them up front.

W. Curtis Preston:

Right.

W. Curtis Preston:

And, uh, talking about things like VLANs and, uh, you know, like one of

W. Curtis Preston:

the things we talked about was having a VLAN for all of your desktops and

W. Curtis Preston:

laptops, so that if you want to stop everybody from doing anything, you

W. Curtis Preston:

just shut off those VLANs and boom.

W. Curtis Preston:

Um, there, you know, instead of having to notify 5,000 users, hey, stop doing

W. Curtis Preston:

anything, you just shut off their network.

W. Curtis Preston:

So they can't, they can't do anything.

W. Curtis Preston:

And then if stuff is still happening, , um, well, it's not the users, right?

W. Curtis Preston:

It's, it's malware, right?

Prasanna Malaiyandi:

back to segmentation.

W. Curtis Preston:

know, yeah, the, the network segmentation and the, the

W. Curtis Preston:

security part, I think, um, What, what, what role do you think the, I'll ask you

W. Curtis Preston:

what you think before I say what I think

W. Curtis Preston:

So what role do you think cyber insurance companies and then the, the companies

W. Curtis Preston:

that they can put you in touch with?

W. Curtis Preston:

The, the

Melissa Palmer:

Cyber insurance is becoming more and more interesting

Melissa Palmer:

cuz it gets to the point where they hand you the list of things you

Melissa Palmer:

need to do before they'll issue your policy and guess what you're gonna

Melissa Palmer:

probably be able to cover anyway.

Melissa Palmer:

Um, but a big part of, I've seen in a lot of policies lately is

Melissa Palmer:

having, um, basically an instant response from on retainer ready

Melissa Palmer:

to go as part of your policy.

Melissa Palmer:

And I think that is invaluable.

Melissa Palmer:

I.

Melissa Palmer:

, everybody should have some kinda relationship with an IR firm

Melissa Palmer:

if you can't do it in house.

Melissa Palmer:

And uh, even if you can, right?

Melissa Palmer:

Sometimes you do still need that outside perspective.

Melissa Palmer:

I know a lot of larger orgs are like, no, no, we do our own ir, well, you do

Melissa Palmer:

your own ir, but you're not dealing with ransomware every day and these people are

Melissa Palmer:

so you might want a little bit of help.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Um, you know, um, I hate to do it, but a another, another movie reference.

W. Curtis Preston:

I just saw the , the movie plane, and you know, the plane goes down in the

W. Curtis Preston:

middle of nowhere and they brought in the guy, they brought in the incident

W. Curtis Preston:

response guy basically once he showed up.

W. Curtis Preston:

Right.

W. Curtis Preston:

See, there's a movie reference for everything,

Melissa Palmer:

I haven't, I can't tell you the last movie I've watched.

Melissa Palmer:

I really can't.

Melissa Palmer:

I don't

W. Curtis Preston:

I can, I can, I can pull up my app, uh,

W. Curtis Preston:

cuz I have the Regal Unlimited.

Melissa Palmer:

tell you the last thing I watched.

Melissa Palmer:

I can't tell you the last movie I watched, cuz I don't remember.

W. Curtis Preston:

I, I, yeah, I, I saw like three this week.

W. Curtis Preston:

So in, in the theaters

Prasanna Malaiyandi:

so back to the cyber insurance from movies.

Prasanna Malaiyandi:

Uh,

Prasanna Malaiyandi:

I, yes.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

No, but, but, but I think, well, this is one of the points that I remember

Prasanna Malaiyandi:

because remember when Tony came on from SPECT Logic, Curtis, and he was like,

Prasanna Malaiyandi:

oh my God, they got hit with ransomware.

Prasanna Malaiyandi:

And he's like, just the previous month they had signed up for cyber insurance.

Prasanna Malaiyandi:

They had an IR firm come in, give them sort of the list of, Hey, here's

Prasanna Malaiyandi:

everything you need to do to help.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And he was like, that was probably the most valuable thing of that sort of

Prasanna Malaiyandi:

cyber insurance policy was having the experts who could walk you through.

W. Curtis Preston:

And it, and it wasn't even like he, he was just

W. Curtis Preston:

lucky enough to have already, you know, contracted with them.

W. Curtis Preston:

Right.

W. Curtis Preston:

But the best I think would be to , well, not that you would know

W. Curtis Preston:

this, but to do it not a month in advance, but obviously way in

Melissa Palmer:

right.

W. Curtis Preston:

to get, and to give you some time to work with the incident

W. Curtis Preston:

response team and to make sure that you are doing the things that they want

Melissa Palmer:

but that's like, that's like the problem, right?

Melissa Palmer:

Like it's not, if it's when, and you don't know when.

Melissa Palmer:

It could be tomorrow, it could be next week, it could be next month.

Melissa Palmer:

It could be next year.

Melissa Palmer:

Like you don't

W. Curtis Preston:

It could have been three weeks ago.

Melissa Palmer:

and you just haven't realized it yet, right?

W. Curtis Preston:

Yeah.

Prasanna Malaiyandi:

Do it today.

Melissa Palmer:

That's my favorite.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Uh, so, which is why it doesn't matter when you invent a time machine.

Melissa Palmer:

You know, I have bad news to you.

W. Curtis Preston:

What

Melissa Palmer:

I haven't invented a time machine because there are certain

Melissa Palmer:

points I've always promised to myself.

Melissa Palmer:

If I invented the time machine, I would go back to this point and tell

Melissa Palmer:

myself I invented the time machine.

Melissa Palmer:

And if that hasn't happened, I haven't invented it because

Melissa Palmer:

time is not linear, right?

Melissa Palmer:

So I haven't invented a time machine.

Melissa Palmer:

I'm very upset about that.

W. Curtis Preston:

Me neither.

W. Curtis Preston:

Um, but, um, well, it's been a weird, it's been, we've been jumping in and out

W. Curtis Preston:

of the topic here on this podcast, but,

Prasanna Malaiyandi:

Incident response.

W. Curtis Preston:

yeah.

W. Curtis Preston:

So we, we, we get the cyber insurance folks because I

W. Curtis Preston:

think in the, in the initial.

W. Curtis Preston:

Ransomware phase, what people thought of cyber insurance was just a

W. Curtis Preston:

company to pay their ransom for you, and that they're definitely saying

W. Curtis Preston:

they're not interested in it anymore.

Melissa Palmer:

Yeah.

Melissa Palmer:

And there's more costs beyond the ransom, right?

Melissa Palmer:

So you paid the ransom, but what about everything else?

Melissa Palmer:

Um, that's the thing.

Melissa Palmer:

And policies have changed over time, like, back in the day a couple years ago, right?

Melissa Palmer:

Like before the pandemic, uh, it was like easy to get cyber insurance.

Melissa Palmer:

Like, oh yeah, I'll take a cyber insurance policy for 5 million, please, whatever.

Melissa Palmer:

And now it's hard.

Melissa Palmer:

And if you do actually use your, I've seen a lot of cases where if you actually

Melissa Palmer:

use the insurance policy, guess what?

Melissa Palmer:

They don't necessarily drop you, but guess what Your deductible co becomes.

Melissa Palmer:

What they paid for your last ransomware attack, right?

Melissa Palmer:

So if I had to pay 2.5 million, guess what?

Melissa Palmer:

I now have a 2.5 million deductible for my next attack because let's face it.

Melissa Palmer:

We get IR in, right?

Melissa Palmer:

We figured out what happened, we have to recovered, and then there's a whole

Melissa Palmer:

stage where we have to do a postmortem, figure out how they got in, if they're

Melissa Palmer:

still in and close up the gaps.

Melissa Palmer:

That doesn't always happen cuz people are so, like, ohms are back, we're good to go.

Melissa Palmer:

Happy day, happy day.

Melissa Palmer:

And they get hit again because they never fixed the way they

Melissa Palmer:

got in in the first place.

W. Curtis Preston:

What, what do you think about the idea of.

W. Curtis Preston:

And again, this would be driven by management.

W. Curtis Preston:

And you know, a lot of times, like you said, management isn't necessarily

W. Curtis Preston:

at that moment thinking about the the best way to do something.

W. Curtis Preston:

They just wanna do the fastest way to do something.

W. Curtis Preston:

Right.

W. Curtis Preston:

So another thing I've been looking into is the idea of wouldn't the best

W. Curtis Preston:

practice to be to figure out how they got in before you do the recovery,

W. Curtis Preston:

before you turn everything back on.

Melissa Palmer:

Yeah.

Melissa Palmer:

And that, that's where the IR firms come in, because.

Melissa Palmer:

they'll kind of get in and they'll be able to do that.

Melissa Palmer:

They'll be able to say like, you guys are so messed up.

Melissa Palmer:

You didn't have any logging unabled anywhere.

Melissa Palmer:

Like we, we can't tell right now.

Melissa Palmer:

Right?

Melissa Palmer:

It really depends on what happens in that first phase.

Melissa Palmer:

Um,

W. Curtis Preston:

Yeah.

Melissa Palmer:

and it comes back to kind of getting ready for the

Melissa Palmer:

attack and what kind of security practice you have in some places.

Melissa Palmer:

Yeah.

Melissa Palmer:

We could see, people can figure out, uh, throw in a tool and say, yeah, guess what?

Melissa Palmer:

They came in here.

Melissa Palmer:

We know we're good to go.

Melissa Palmer:

Other times they might not find it just because there was never.

Prasanna Malaiyandi:

they came in.

Prasanna Malaiyandi:

They went out before you even knew

Prasanna Malaiyandi:

or nothing was

W. Curtis Preston:

under

Melissa Palmer:

or we didn't, you know, we didn't have logging on or whatever.

Melissa Palmer:

Or they turned something off or,

W. Curtis Preston:

Logging is a beautiful thing and, and also

W. Curtis Preston:

a system to get those logs off

Melissa Palmer:

yeah,

Melissa Palmer:

that's what people like, forget about, like

Melissa Palmer:

who cares about the logs, like whatever their logs.

Melissa Palmer:

No, you're, you're going to care about the logs someday, I promise you.

W. Curtis Preston:

Yeah, I mean, even if it's something as simple of making

W. Curtis Preston:

sure that the logs are represented as text somewhere, that is then

W. Curtis Preston:

backed up by the backup system so that you can restore all of them.

W. Curtis Preston:

That's basic, but there are systems that you can buy that will just automatically,

W. Curtis Preston:

uh, exfiltrate all of those logs for you.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah.

Prasanna Malaiyandi:

I wanna go back to a point you made earlier, Melissa, about

Prasanna Malaiyandi:

sort of, okay, how do you make sure that you fix the things that broke so everyone

Prasanna Malaiyandi:

isn't like, Hey, my VMs are back up.

Prasanna Malaiyandi:

I don't need to worry about these things anymore.

Prasanna Malaiyandi:

Have you heard any cases where, I know sometimes executives have

Prasanna Malaiyandi:

sort of financial liability, right?

Melissa Palmer:

I've heard of that trend, right?

Melissa Palmer:

Like your guess what your bonus is tied to if you get ransomware or not, and how you.

Melissa Palmer:

And stuff like that, that's starting to happen in some places.

Melissa Palmer:

Um, but a lot of it comes down to maybe the processes were

Melissa Palmer:

never clearly defined upfront.

Melissa Palmer:

Right.

Melissa Palmer:

And that's where a lot of the cyber insurance stuff can

Melissa Palmer:

actually come in and help.

Melissa Palmer:

Well, they'll be like, you need to show us your response process.

Melissa Palmer:

And they'll be like, here you go.

Melissa Palmer:

And they'll be like, okay, so where's the rest of it?

Melissa Palmer:

Or something like that, right?

Melissa Palmer:

Like, what, what

Melissa Palmer:

happened?

W. Curtis Preston:

the.

Melissa Palmer:

this is it.

Melissa Palmer:

Like here's a page.

Melissa Palmer:

Like it's not gonna work.

Melissa Palmer:

Um, and again, it comes back to.

Melissa Palmer:

the old school DR test.

Melissa Palmer:

Like there needs to be ransomware recovery tests and postmortems of

Melissa Palmer:

that ransomware recovery test, right?

Melissa Palmer:

Like y'all need to get in room, figure out what worked, what didn't work.

W. Curtis Preston:

Having done the old school DR test, I'm curious as to how

W. Curtis Preston:

they do a ransomware recovery test.

W. Curtis Preston:

Because one of the hardest parts of a ransomware recovery is that the

W. Curtis Preston:

attacker is there is still attacking, like with a dr, you just say,

W. Curtis Preston:

okay, those six systems are dead.

Melissa Palmer:

So, yeah.

Melissa Palmer:

So here's where it gets complicated.

Melissa Palmer:

You need to test multiple types of recoveries, right?

Melissa Palmer:

So maybe I'm recovering, please.

Melissa Palmer:

I, I can't.

Melissa Palmer:

, I will vomit in my mouth if I say maybe I'm recovering in place.

Melissa Palmer:

I can't even like say that.

Melissa Palmer:

So we're not gonna say that, but like maybe I'm going to my second site.

Melissa Palmer:

Maybe I'm going to a warm site.

Melissa Palmer:

Maybe I'm going to a hot site.

Melissa Palmer:

Maybe I'm going to a public cloud.

Melissa Palmer:

Maybe I'm going to a VMware cloud.

Melissa Palmer:

You gotta test all those, right?

Melissa Palmer:

Because you don't know where you're going until that incident response

Melissa Palmer:

phase starts, especially when law enforcement gets involved, right?

Melissa Palmer:

So let's say stuff's really bad, the FBI comes, and guess what?

Melissa Palmer:

We are quarantining your whole data center while we investigate.

Melissa Palmer:

Then what do you do?

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

You're down for business, otherwise,

Melissa Palmer:

do?

Melissa Palmer:

No, you go to public cloud, you go to um, a service provider, you go someplace else.

Melissa Palmer:

So you have to have all that ironed out ahead of time.

Melissa Palmer:

You have to know that there's different considerations for

Melissa Palmer:

recovery from ransomware attack than a traditional disaster.

Melissa Palmer:

So I guess, you know, from a traditional disaster, like what if the

Melissa Palmer:

zombies eat both data centers, right?

Melissa Palmer:

Then you would still need to go to the

Prasanna Malaiyandi:

but people probably aren't thinking about that though, right?

Prasanna Malaiyandi:

The fact that, hey, maybe the F B I will come quarantine, right?

Prasanna Malaiyandi:

Do you have your backups offsite?

Prasanna Malaiyandi:

Do you have it in someplace that you can bring it up?

Prasanna Malaiyandi:

And like you mentioned earlier, Melissa, it's like things you should plan for ahead

Prasanna Malaiyandi:

of time before you get to the point where you are trying to recover from ransomware.

Melissa Palmer:

Exactly.

Melissa Palmer:

And again, unless an organization, so I have a couple of examples

Melissa Palmer:

of, I don't wanna say Dr.

Melissa Palmer:

Done wrong, but uh, I worked for an uh, company when I was

Melissa Palmer:

an intern on Wall Street and everything was in New York City.

Melissa Palmer:

and nine 11 happened and they were a block from the World Trade Center.

Melissa Palmer:

That's what they couldn't, they couldn't do anything like they were done.

Melissa Palmer:

Right.

Melissa Palmer:

Like they were just done.

Melissa Palmer:

So they like rebuilt their systems in a hotel room someplace.

Melissa Palmer:

Right.

Melissa Palmer:

And that kicked off a huge project to say, we actually need a second data

Melissa Palmer:

center and it needs to be not around here.

Melissa Palmer:

Right.

Melissa Palmer:

Um, I'm also on the east coast, right?

Melissa Palmer:

So New York, hurricane Sandy, we had this hurricane roll through.

Melissa Palmer:

And again, like the data centers are like 20 miles from each other.

Melissa Palmer:

Guess.

Melissa Palmer:

, they both tanked.

Melissa Palmer:

Um, so things like that.

Melissa Palmer:

So until an organization actually has something happen to them, it's really,

Melissa Palmer:

and here's the issue, the, the, the difference between disaster recovery

Melissa Palmer:

and ransomware recovery, when we talk about it, traditional disaster

Melissa Palmer:

recovery stuff, until it happens, it's easy to accept the risk, right?

Melissa Palmer:

Well, you know what?

Melissa Palmer:

It's cheaper for us to just like recover from this disaster and be down for

Melissa Palmer:

two weeks than it is to actually put everything into place where we build a

Melissa Palmer:

second site, yada, yada, yada, yada, et.

Melissa Palmer:

that's because the risk is so low, right?

Melissa Palmer:

And there's all kinds of equations for this in, you know,

Melissa Palmer:

cybersecurity and stuff like that.

Melissa Palmer:

But when you change it to ransomware, the risk is going to, it's going to

Melissa Palmer:

happen like a probability of one.

Melissa Palmer:

It will happen.

Melissa Palmer:

Um, and that's what people don't understand.

Melissa Palmer:

Like this is going to happen.

Melissa Palmer:

It's not like you can say like, well, you know, we haven't had a hundred

Melissa Palmer:

years storm ever, so we'll be fine.

Melissa Palmer:

Um, it's different like that.

Melissa Palmer:

And a lot of people, I've actually seen a huge uptick in people getting.

Melissa Palmer:

I don't think a lot of people are where they need to be.

Melissa Palmer:

Um, but I think as people get ready and it gets harder and harder to attack

Melissa Palmer:

people because they've put like some semblance of security in it, right?

Melissa Palmer:

You're gonna go for the low-hanging fruit, you're gonna see the people

Melissa Palmer:

who aren't ready get hit harder and you're just gonna see more and more

Melissa Palmer:

attacks and the threat actors are gonna have to get more creative.

Prasanna Malaiyandi:

So here's a question for you.

Prasanna Malaiyandi:

Normally when we think about backup and recovery, right, it's always

Prasanna Malaiyandi:

about restoring your data or your application because there might be

Prasanna Malaiyandi:

a hardware failure, an application fault, user error, et cetera.

Prasanna Malaiyandi:

Sometimes people talk about ransomware in the same context as

Prasanna Malaiyandi:

disaster recovery and sort of those

Melissa Palmer:

Ransomware is a disaster.

Melissa Palmer:

I

Prasanna Malaiyandi:

but, but here's the question though, Melissa

Prasanna Malaiyandi:

is, Like you had just mentioned, it's not the same as a flood or a

Prasanna Malaiyandi:

hurricane or something like that.

Prasanna Malaiyandi:

And so are we kind of pushing ourselves and kind of giving people the false

Prasanna Malaiyandi:

impression that it is similar to those other disasters and things that they

Prasanna Malaiyandi:

shouldn't worry about versus we should be treating it similar to like an application

Prasanna Malaiyandi:

failure or user failure and treating it

Prasanna Malaiyandi:

similar.

Prasanna Malaiyandi:

It's like more towards that side of the spectrum than this side.

Melissa Palmer:

and you know, that all falls under DR anyway, like hardware

Melissa Palmer:

failure and all that kind of stuff.

Melissa Palmer:

Um, and again, in a lot of those cases, it's easy to say, well, you know what?

Melissa Palmer:

I don't really want a second site.

Melissa Palmer:

It's just cheaper to deal with the hardware.

Melissa Palmer:

It'll take we'll rush order.

Melissa Palmer:

I was in a situation at a company, we'll just rush order at a new array from

Melissa Palmer:

E M C that will solve our problems.

Melissa Palmer:

Like that was the plan and that happened.

Melissa Palmer:

Um, so crazy stuff like that.

Melissa Palmer:

But the problem, why I like to make the analogy so much is the problem

Melissa Palmer:

is when you tell someone that you have to get ready to recover from

Melissa Palmer:

ransomware, they're just like, I don't.

Melissa Palmer:

what to do.

Melissa Palmer:

You have to put it in some context that kind of makes sense.

Melissa Palmer:

I mean, disaster recovery is definitely like not sexy, even though

Melissa Palmer:

I've done it most in my career.

Melissa Palmer:

Um, but it's something that everybody has an inkling about at least, right?

Melissa Palmer:

Everybody kind of knows that there is usually a DR test once

Melissa Palmer:

or twice or year a minimum.

Melissa Palmer:

Um, so it's a way, it's a starting point, right?

Melissa Palmer:

It's not your final destination, but it's a starting

Melissa Palmer:

point.

Melissa Palmer:

It's a.

Melissa Palmer:

place to start context.

Melissa Palmer:

Maybe you have some playbook, some processes that we can leverage to go build

Melissa Palmer:

on top of that and say, okay, so how do we make sure that we can recover now under

Melissa Palmer:

any

W. Curtis Preston:

I like to, I like to say that it's a subset, right?

W. Curtis Preston:

A DR is a subset of a ransomware recovery, but there's so much else, right?

W. Curtis Preston:

And the big thing, the but, and I think you said it already, Prasanna, but the

W. Curtis Preston:

big thing to me, the difference between a DR and a ransomware attack, um, is

W. Curtis Preston:

that the, the disaster isn't, Right.

W. Curtis Preston:

You're, you're still right when

Melissa Palmer:

the disaster never

W. Curtis Preston:

a flood is gone, you're like, okay, all

W. Curtis Preston:

these servers got wiped out.

W. Curtis Preston:

So those are the

Melissa Palmer:

because the threat is still there.

Melissa Palmer:

Just because you recovered from the ransomware attacked doesn't mean

Melissa Palmer:

they're not gonna hit you again, or someone else isn't gonna hit

W. Curtis Preston:

Right.

W. Curtis Preston:

Well, and, and how do you even know, um,

Prasanna Malaiyandi:

gone.

W. Curtis Preston:

You know, like when you, when when a hurricane wipes out a

W. Curtis Preston:

data center, you're like, okay, those are the servers we need to restore.

W. Curtis Preston:

But how do, when you walk into your data center and there's a

W. Curtis Preston:

ransomware attack going on, how do you even know which servers have

W. Curtis Preston:

been affected or not affected?

W. Curtis Preston:

Right.

W. Curtis Preston:

That's, that is a big part of it.

Prasanna Malaiyandi:

Yeah, and I guess the other thing is even like you

Prasanna Malaiyandi:

might see the active infection, like things are being encrypted, et cetera,

Prasanna Malaiyandi:

but it might just be lying silently.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

We've talked about dwell time in the past, right.

Prasanna Malaiyandi:

Where it's

Melissa Palmer:

chill.

Melissa Palmer:

They just chill in there for a while.

Melissa Palmer:

Like, who knows?

Melissa Palmer:

Um, I, I can't remember off the top of my head, but I remember reading like a big

Melissa Palmer:

name breach or something like that, or a big name attack, and they said they were

Melissa Palmer:

in the network for like six months or

Prasanna Malaiyandi:

I think Solar Winds was like

Melissa Palmer:

was it?

Melissa Palmer:

I don't remember.

Melissa Palmer:

But I remember reading a couple of them where they've been in there a

Melissa Palmer:

significant period of time and who knows what they're doing there, right?

Melissa Palmer:

Like who knows unless you catch them.

Melissa Palmer:

So it's about

Melissa Palmer:

catching 'em past.

W. Curtis Preston:

The meantime is something like 60 days

W. Curtis Preston:

actually is what I, what I read.

W. Curtis Preston:

Um, I

Melissa Palmer:

be the worst ransomware person.

Melissa Palmer:

I'd be like, let's go, let's go.

Melissa Palmer:

It's like, no, you're not supposed to do that.

Melissa Palmer:

You gotta take your time and traverse through the network and get ad.

Melissa Palmer:

I'd be like, let's go encrypt VMware.

Melissa Palmer:

Let's go.

Melissa Palmer:

I'd be caught so fast.

Melissa Palmer:

Or maybe I wouldn't, maybe I.

W. Curtis Preston:

That's

Prasanna Malaiyandi:

You're only caught if someone's monitoring and watching.

Prasanna Malaiyandi:

Right Melissa?

Melissa Palmer:

Right.

Melissa Palmer:

And you need to be

Melissa Palmer:

looking for the right things.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

As soon as you encrypt a, a vm, uh, you're gonna set off alarm or two.

W. Curtis Preston:

Um, but I, I think you encrypt, I think you encrypt a lot of

W. Curtis Preston:

files that no one's looking at.

W. Curtis Preston:

Right.

W. Curtis Preston:

But the moment you start

Melissa Palmer:

Once you hit the the thing, the only thing is you'll hit.

Melissa Palmer:

You'll hopefully you'll be caught as soon as you start encrypting the VMs.

Melissa Palmer:

You do them all at once, so it doesn't matter.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Right.

W. Curtis Preston:

Cuz it's,

Melissa Palmer:

I got all

Melissa Palmer:

of 'em.

Melissa Palmer:

It doesn't matter that you caught me doing the first one, I did them all.

Melissa Palmer:

Um, but yeah, so generally they're in their wreaking havoc, steal maybe

Melissa Palmer:

exfiltrating data, doing some stuff before they go encryption habit.

Melissa Palmer:

Or maybe like, I've heard cases recently where they don't even

Melissa Palmer:

bother, like encrypting stuff.

Melissa Palmer:

They're just stealing data at this point and be like, by the

Melissa Palmer:

way, look what we have.

Prasanna Malaiyandi:

Is that easier by the way, to steal data?

Prasanna Malaiyandi:

Because it seems that you can sort of fly under the radar if you just steal

Prasanna Malaiyandi:

data because people will probably, maybe they notice, maybe they don't,

Prasanna Malaiyandi:

but it's not as obvious as, say,

Melissa Palmer:

It is definitely not as obvious as encrypting stuff, I'm

Melissa Palmer:

like this weird monitoring nerd too.

Melissa Palmer:

I had like this monitoring fetish at Veeam.

Melissa Palmer:

It was very strange.

Melissa Palmer:

Um, so like, I would like really hone in on like what to look

Melissa Palmer:

for to catch that too, right?

Melissa Palmer:

But not everybody is crazy like me.

Melissa Palmer:

Um,

Melissa Palmer:

network

W. Curtis Preston:

I think, yeah, I do.

W. Curtis Preston:

To answer your question, Prasanna, I do think that exfiltration as an overall

W. Curtis Preston:

process is easier in that if you can get any data out that there's a, there's a

W. Curtis Preston:

much higher chance that they will respond.

W. Curtis Preston:

That they will pay the ransom.

W. Curtis Preston:

Right?

W. Curtis Preston:

Because backups aren't gonna help.

Melissa Palmer:

I'm looking at my black hat over there.

Melissa Palmer:

I'm wondering if I should like, put it on for this discussion or something.

Melissa Palmer:

Um, like you would probably like see like, all right, like if I'm a bad person,

Melissa Palmer:

I'm not a bad person, I'm a good person.

Melissa Palmer:

Um, like they start small, right?

Melissa Palmer:

They grab a file here and there and they see if they

Prasanna Malaiyandi:

if anyone notices.

Melissa Palmer:

this, grab that, right?

Melissa Palmer:

Like, you don't go and just be like, oh look, here's the final.

Melissa Palmer:

25 million gigabytes of MP3s.

Melissa Palmer:

I'm gonna take it all at once.

Melissa Palmer:

No, they're like picky and choosy.

Melissa Palmer:

They try to find the sensitive data.

Melissa Palmer:

They take a little bit here and there.

Melissa Palmer:

Maybe they only need to grab a couple spreadsheets.

Melissa Palmer:

Right?

Melissa Palmer:

It's not like, I think there's this misnomer that like they get

Melissa Palmer:

in there and I'm just gonna start downloading massive chunks of

Melissa Palmer:

data.

W. Curtis Preston:

well, that's the whole point of

Melissa Palmer:

so you could exfiltrate a vm, just like

Melissa Palmer:

download the vmd K and be like,

W. Curtis Preston:

yeah, exactly.

Melissa Palmer:

ad.

Melissa Palmer:

Have a nice life

W. Curtis Preston:

that's that whole phase of the, um, the initial phase of an attack

W. Curtis Preston:

is trying to expand out, seeing what you can find out, seeing if you can find

W. Curtis Preston:

a spreadsheet called customer database

Melissa Palmer:

You know?

Melissa Palmer:

Right.

W. Curtis Preston:

xls , right.

W. Curtis Preston:

Um, or like.

Melissa Palmer:

you might not bother encrypting everything, but if you

Melissa Palmer:

can't find much, you say, all right, I'll steal some stuff and tell 'em I

Melissa Palmer:

have some files, but I won't tell them what I'll hope that'll make them pay.

Melissa Palmer:

And I'll just go, you know, encrypt some stuff while.

Melissa Palmer:

Which is more illegal?

Melissa Palmer:

Is one more legal than the other?

Prasanna Malaiyandi:

I think they both are pretty bad,

Melissa Palmer:

is one more illegal than the other?

W. Curtis Preston:

Well, they're both extortion.

W. Curtis Preston:

Um, the act, The act

Melissa Palmer:

but if you're actually exfiltrating, you're stealing it.

W. Curtis Preston:

yeah.

W. Curtis Preston:

That's gonna depend on where this happens.

W. Curtis Preston:

Uh, whether or not exfiltrating the data is a different crime.

W. Curtis Preston:

And damaging the data.

W. Curtis Preston:

Um, but, uh, but in the, the extortion happens on both sides, right?

W. Curtis Preston:

And that's definitely illegal in

Melissa Palmer:

that

W. Curtis Preston:

pretty much every jurisdiction

Melissa Palmer:

legal kids.

Prasanna Malaiyandi:

Yeah, so we talked about, so we talked

Prasanna Malaiyandi:

about incident response.

Prasanna Malaiyandi:

You've now been hit by a ransomware attack.

Prasanna Malaiyandi:

in, then let's just take VMware environments, right?

Prasanna Malaiyandi:

So what do you see people doing like, or what are things that they

Prasanna Malaiyandi:

should be doing that they're not?

Prasanna Malaiyandi:

Like, how do they even approach

Melissa Palmer:

Yeah, so he,

Prasanna Malaiyandi:

VMware environment gets encrypted Now, what

Melissa Palmer:

Um, to me it's trash.

Melissa Palmer:

I would throw it away and start over, like, I'm not even joking.

Melissa Palmer:

Throw it

W. Curtis Preston:

No, not

Prasanna Malaiyandi:

and, and, and, and how much?

Prasanna Malaiyandi:

And and how much would you, when you say throw it away, are you talking about

Prasanna Malaiyandi:

throwing away the virtual machines, throwing away the ESXi servers, the.

Melissa Palmer:

the host, wipe the storage array, wipe it all and start over.

Melissa Palmer:

Um, and, and here's the thing, right?

Melissa Palmer:

So like, you know, I, I like it.

Melissa Palmer:

I have this weird side of me that also does like weird blogging stuff, right?

Melissa Palmer:

And like, I like SEO and stuff like that.

Melissa Palmer:

And even my career at Veeam people are like, how do I back up my VMware host?

Melissa Palmer:

you don't, they're like, what do you mean?

Melissa Palmer:

I'm like, you don't, um, you automate the build process

Melissa Palmer:

and the configuration, right?

Melissa Palmer:

You don't actually back up your host and restore it.

Melissa Palmer:

It's, you

Prasanna Malaiyandi:

You just rebuild

Melissa Palmer:

thing.

Melissa Palmer:

It's a clean install and you configure it.

Melissa Palmer:

Um, so that's what people need to be testing to is how I would

Melissa Palmer:

actually recover is almost misnomer.

Melissa Palmer:

Cuz Prasannally I would trash it.

Melissa Palmer:

Um, how do I re rapidly rebuild a VMware environment?

Melissa Palmer:

And that's something.

Melissa Palmer:

People don't do every day, right?

Melissa Palmer:

Like that stuff runs like you might have not even reinstalled.

Melissa Palmer:

You could have just been upgrading for the last like 10 years and like,

Melissa Palmer:

whatever, probably not 10, probably four or five years, you'll get a new host.

Melissa Palmer:

I don't know.

Melissa Palmer:

It depends.

Melissa Palmer:

Um, so that's something that people don't practice and don't do.

Melissa Palmer:

Um, and you can actually do that all.

Melissa Palmer:

for the most part, um, in a nested virtualization environment.

Melissa Palmer:

Get all your processes down stuff.

Melissa Palmer:

So it's a pretty low co I mean, you should test on your physical hardware

Melissa Palmer:

at some point for any drivers and stuff, but it's actually a relatively low

Melissa Palmer:

cost and effort thing to figure out.

Melissa Palmer:

It's not rocket science.

Prasanna Malaiyandi:

But when you do this testing, wouldn't you also want to

Prasanna Malaiyandi:

involve, say like your networking team,

Melissa Palmer:

Yes, you would wanna, any of this testing,

Melissa Palmer:

you wanna involve anybody?

Melissa Palmer:

Everybody, right?

Melissa Palmer:

Everybody should be involved in this.

Melissa Palmer:

everybody.

Melissa Palmer:

And that's I think, one of the biggest problems we see that they're not,

W. Curtis Preston:

So when you say,

Melissa Palmer:

They're like, I don't have time to do this.

W. Curtis Preston:

when you say rebuild the VMware environment,

W. Curtis Preston:

um, obviously you're talking about vm, you know, wiping the hosts and,

W. Curtis Preston:

and the storage and all of that.

W. Curtis Preston:

When we get to the phase of actually bringing back VMs,

Melissa Palmer:

Mm-hmm.

W. Curtis Preston:

what way would you do that?

Melissa Palmer:

Um, so most backup software these days have something

Melissa Palmer:

built in where it'll actually scan for ransomware as you are restoring, right?

Melissa Palmer:

And find the ransomware if it's there.

Melissa Palmer:

Cause at that point, you know what you're infected with,

Melissa Palmer:

so you know what to look for.

Melissa Palmer:

Um, so I would be either scanning it or, you know, if you have really good.

Melissa Palmer:

and then you can decide how you're gonna fix it, or you're just gonna go

Melissa Palmer:

back to an earlier point or whatever.

Melissa Palmer:

Um, you know, some people are really good with the IR stuff and say, we know the

Melissa Palmer:

ransomware came in this date, this time we are absolutely a million percent certain

Melissa Palmer:

because we have all these logs go back to the last known good restore point, right?

Melissa Palmer:

Um, so it really depends.

Melissa Palmer:

But the backup people gonna be a big part of that, right?

Melissa Palmer:

Because it's gonna be

W. Curtis Preston:

Y Yeah, I,

Melissa Palmer:

do they have built in?

W. Curtis Preston:

this is something I put a lot of thought into lately

W. Curtis Preston:

of if the meantime of a, of a.

W. Curtis Preston:

Infection is 60 days, and some of them are twice that, um, the, the

W. Curtis Preston:

idea of of saying, oh, well we got, we got infected December 1st, so

W. Curtis Preston:

we're gonna restore to December 1st.

W. Curtis Preston:

That's a

Melissa Palmer:

That doesn't, it doesn't always work.

Melissa Palmer:

In some cases it might, in some cases it won't.

Melissa Palmer:

And then you're going back to scanning,

W. Curtis Preston:

So you've got, you've got to, I think in most

W. Curtis Preston:

cases, if many, if not most cases, you're gonna do a restoring.

Melissa Palmer:

Yeah.

Melissa Palmer:

I've seen kind of almost like two stage recoveries too.

Melissa Palmer:

Like get the bare minimum of stuff something up and run something

Melissa Palmer:

online up and running, right.

Melissa Palmer:

To restore services and then do the full recovery later.

Melissa Palmer:

So you're not, you might be like, all right, so you know what?

Melissa Palmer:

We can roll these servers back to December 29th.

Melissa Palmer:

We can use the newest copy of the database.

Melissa Palmer:

We can mash it together and make it work and serve our customers

Melissa Palmer:

while we're actually restoring everything the right way.

Prasanna Malaiyandi:

Rackspace,

Melissa Palmer:

So it did that.

W. Curtis Preston:

Prasanna.

W. Curtis Preston:

Yeah.

Melissa Palmer:

you okay?

Melissa Palmer:

You were eating another sip of tea there.

W. Curtis Preston:

It's what I thought of when you, when you, as soon as

W. Curtis Preston:

she said that, I, yeah, I know.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Just make sure.

W. Curtis Preston:

Unlike Rackspace, just make sure that you thought of this beforehand.

W. Curtis Preston:

Right.

W. Curtis Preston:

The only way that this is gonna work is if you identify what are the three

W. Curtis Preston:

services that need to be up right away so that we can function as a company and

W. Curtis Preston:

what are the other 20, 5,000 services

Melissa Palmer:

That kind of, um, that ties almost more into like

Melissa Palmer:

the business con, you know, B C D R

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah,

Melissa Palmer:

continuity sort.

Melissa Palmer:

Like what are our key applications and what level of, what do we have

Melissa Palmer:

to do to get those online First comes back to our RPOs and RTOs, right?

W. Curtis Preston:

yeah.

Melissa Palmer:

it's, it's, the thing is, it's such a big discussion that unless

Melissa Palmer:

you've had it cross-functionally with the business owners and the app owners,

Melissa Palmer:

and the infrastructure owners and the security team, you're not in a good.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

I, I think, I think it's, it's just, it's one thing to have a discussion,

W. Curtis Preston:

again, going to Dr versus rr, um, is that it's one thing to go, well, what

W. Curtis Preston:

are the servers we're gonna do first?

W. Curtis Preston:

And what are, what are the servers that we're gonna do three hours later?

W. Curtis Preston:

It's a whole other thing to say, what are the servers we're gonna do the

W. Curtis Preston:

first couple of days, and what are the servers we're gonna do next week?

W. Curtis Preston:

Right.

W. Curtis Preston:

I,

Melissa Palmer:

And that, that's the problem, right?

Melissa Palmer:

You don't know until it happens.

Melissa Palmer:

Like if, if you, if it's your whole environment is done right.

Melissa Palmer:

That is very different than, oh, we know, just, they just did this

Melissa Palmer:

subset of servers or whatever.

Melissa Palmer:

It's, and like we were, um, The company I worked for a company

Melissa Palmer:

that I no longer worked there.

Melissa Palmer:

It was a pr uh, I was a customer and they had a, a very, they were one of the first

Melissa Palmer:

really, really big ransomware attacks in the news, and it was like a disaster.

Melissa Palmer:

I was like, wow, I'm glad I'm not on the VMware team anymore

Melissa Palmer:

there when this is going down.

Melissa Palmer:

Right.

Melissa Palmer:

Um, , but it really depends and you don't know what's gonna happen.

Melissa Palmer:

The only thing you can do is be as prepared as possible, right?

Melissa Palmer:

Test different recovery methods.

Melissa Palmer:

Um, and I love RPOs and RTOs in saying that we can meet them under a testing

Melissa Palmer:

scenario, but in the real world, we don't know that that's gonna happen.

W. Curtis Preston:

Yeah.

Prasanna Malaiyandi:

One of the things on the podcast we talked about a couple

Prasanna Malaiyandi:

days ago was, Like Tom was mentioning, oh yeah, you just shut down your

Prasanna Malaiyandi:

network and you start figuring out, okay, what was affected but in what?

Prasanna Malaiyandi:

And you prevent everything go from going in and out.

Prasanna Malaiyandi:

And I was like, but how do you communicate?

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

And he's like, yeah, make sure you have ahead of time, sort of use cell phones.

Prasanna Malaiyandi:

iMessage can work.

Prasanna Malaiyandi:

You can set up a separate Slack instance completely outside of

Prasanna Malaiyandi:

the corporate environment, right?

Prasanna Malaiyandi:

Whatever it is to keep that ongoing communications.

Melissa Palmer:

like, uh, how am I supposed to use Microsoft Teams to

Melissa Palmer:

communicate with a security team?

Melissa Palmer:

Well, that might be Office 365.

Melissa Palmer:

That might be, okay, that's a bad example.

W. Curtis Preston:

Yeah, as long as you have a, as long as you have a,

W. Curtis Preston:

um, an internet connection, right?

W. Curtis Preston:

Um, which is pretty easy to get

Melissa Palmer:

but like who has people's phone numbers these days?

W. Curtis Preston:

people with incident response plans, that's who

Melissa Palmer:

yeah, that's

Prasanna Malaiyandi:

But But aren't there issues though, where ransomware

Prasanna Malaiyandi:

actors might still have access to your Slack instance and be monitoring

Prasanna Malaiyandi:

what's going on from an incident

Melissa Palmer:

I've seen that.

Melissa Palmer:

I've seen that.

Melissa Palmer:

I've seen, I have seen that happen where like, they still had access.

Melissa Palmer:

It was teams.

Melissa Palmer:

I think they still had access.

Melissa Palmer:

They were watching the IR stuff happen as they were still in there hanging out.

Melissa Palmer:

It's like, oh yeah, Y again,

W. Curtis Preston:

:

ransomware stuff is bad.

W. Curtis Preston:

:

Melissa, I'm just gonna take that stance.

Melissa Palmer:

bad.

Melissa Palmer:

It's bad, and you don't know what's gonna happen until it happens.

Melissa Palmer:

Which is why, and it ties back to incident response, right?

Melissa Palmer:

And having an incident response firm on retainer that does this every day.

Melissa Palmer:

Right?

Melissa Palmer:

Because I, I don't care how good, even if, like, okay, let's say

Melissa Palmer:

you drop Melissa into X, Y, Z company and you put her in charge.

W. Curtis Preston:

Do are you gonna repel down a rope from a helicopter?

W. Curtis Preston:

Because that

Melissa Palmer:

Yes, I'm gonna repel down a rope from a helicopter,

Melissa Palmer:

drop me in, right, and say, Melissa, get ready for ransomware,

Melissa Palmer:

and six months later you hit me.

Melissa Palmer:

I would like to say that I'll be able to recover, but I don't know that.

Melissa Palmer:

I don't know.

Melissa Palmer:

That doesn't matter how good you are, you're not doing this every day, right?

Melissa Palmer:

Like, so unless you're doing this every day, cuz every attack is different.

Melissa Palmer:

It's gonna be like, what have these people seen in the other events?

Melissa Palmer:

What, what ransomware gang have you been hit by?

Melissa Palmer:

Right?

Melissa Palmer:

So I can put everything into place that I think I will need

Melissa Palmer:

to make sure that we recover.

Melissa Palmer:

And yeah, honestly, we'd probably recover all our data.

Melissa Palmer:

I don't know if we meet our RPOs and our tails.

Melissa Palmer:

I, I, I'm pretty sure I could get all the data to the recoverable point,

Melissa Palmer:

but what was Exfiltrated, how did they get in all that kind of stuff.

Melissa Palmer:

you don't know, which is why you have to call the pros.

Melissa Palmer:

You have to call the people that do this every day.

Prasanna Malaiyandi:

Is there sort of a standard ransomware recovery test, but.

Prasanna Malaiyandi:

That kind of outlines like, Hey, here are the thing.

Prasanna Malaiyandi:

Because I can imagine, say you can't afford, the pros

Prasanna Malaiyandi:

say you can't afford the pros.

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

Is there sort of a, here are the testing scenarios you should be thinking

Prasanna Malaiyandi:

about, or here are the things that sort of get shot in the head when a

Prasanna Malaiyandi:

ransomware recovery or ransomware hits.

Melissa Palmer:

Um, Google tabletop exercises like ransomware recovery,

Melissa Palmer:

disaster recovery, tabletop exercises.

Melissa Palmer:

Right?

Melissa Palmer:

That's a good place to start.

Melissa Palmer:

I've thought about doing like a dungeon and dragon style type,

Melissa Palmer:

like ransomware recovery thing.

Melissa Palmer:

I

Prasanna Malaiyandi:

:

With the actual people.

Prasanna Malaiyandi:

:

Yeah, with like you get the networking security

Melissa Palmer:

think that would be fun and useful.

Melissa Palmer:

And you know what?

Melissa Palmer:

When you make things fun, people actually pay a.

Prasanna Malaiyandi:

Yep.

Melissa Palmer:

right?

Melissa Palmer:

So like, if I get you all in terms and be like, today we are going to talk

Melissa Palmer:

about ransomware recovery and have a mock simulation of what would happen.

Melissa Palmer:

Be like, okay, you're a Paladin, you're a warrior, uh, you're a ma.

Melissa Palmer:

Uh, an adult black dragon just showed up and encrypted your VMs.

Melissa Palmer:

What are you doing?

Melissa Palmer:

Right?

Melissa Palmer:

Like,

Melissa Palmer:

you're gonna have so much fun, you're gonna remember it, and

Melissa Palmer:

it's gonna work out a lot better.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

I like that.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Um, by the way, one of the things, you know, we talked a lot about prepping.

W. Curtis Preston:

One of the things that I think also in terms of, we talked

W. Curtis Preston:

about exfiltration monitoring.

W. Curtis Preston:

I also, uh, like the idea, and we talked about it on a couple of

W. Curtis Preston:

different episodes, this idea of, um, Something on your d n s side

W. Curtis Preston:

that would notice when you start talking to really weird domain names.

Melissa Palmer:

Yeah, that's a big one.

Melissa Palmer:

And there's all these lists.

Melissa Palmer:

Um, a lot of these researchers will just like tweet like, by the way, domains

Melissa Palmer:

looking a little hot, a little suss.

Melissa Palmer:

You might wanna block that stuff.

Melissa Palmer:

Um, so yeah, there's these lists of these like known bad domains

Melissa Palmer:

and ips and stuff like that too.

W. Curtis Preston:

Right.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

And, and the other, uh, but I, I do think that if.

W. Curtis Preston:

If you implement exfiltration monitoring, if you have a specific exfiltration

W. Curtis Preston:

monitoring, I think you could stop mo or, or notice it quickly and stop it.

W. Curtis Preston:

Um, but what I'm hearing from others is that not everybody

W. Curtis Preston:

can afford such a thing.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, that, that,

Melissa Palmer:

lot of people can't afford it or they don't have the

Melissa Palmer:

skill set to build it themselves, and you really wanna be building and

Melissa Palmer:

maintaining your own security systems.

Melissa Palmer:

Probably not.

W. Curtis Preston:

No, but a lot of people do,

Melissa Palmer:

Yeah, because they have no choice.

Melissa Palmer:

It's better than nothing.

Melissa Palmer:

Like I've done some weird stuff with some weird software because

Melissa Palmer:

it was better than nothing.

Melissa Palmer:

Um, it, it, it's really a difficult point to be in.

Melissa Palmer:

And it's kind of like, you know, you all these people put out these, um, all

Melissa Palmer:

these, uh, security companies will do all this research of like, here's the

Melissa Palmer:

top ways they're getting in and blah, blah, blah, and all this kind of stuff.

Melissa Palmer:

Um, there's a lot of marketing that goes into it, but

Melissa Palmer:

there's a lot of truth, right?

Melissa Palmer:

So like, I.

Melissa Palmer:

. The big thing was the people for a long time, the people

Melissa Palmer:

let it in, you know, multi.

Melissa Palmer:

Where was it when, when this whole Cisco thing happened?

Melissa Palmer:

That was like, um, mfa, right?

Melissa Palmer:

They got in through their mfa cuz they kept spamming of them.

Melissa Palmer:

Eventually they said yes because like, stop calling me at 11 o'clock at night.

Melissa Palmer:

Um, . Now they're saying, oh, it's more vulnerabilities than people, right?

Melissa Palmer:

So honestly, I feel like the people might be easier to deal

Melissa Palmer:

with in the vulnerabilities.

Melissa Palmer:

I don't know.

Melissa Palmer:

Um, because then it's gonna be like testing the patches.

Melissa Palmer:

Can we patch everything?

Melissa Palmer:

Can we remediate everything?

Melissa Palmer:

It's, it's just like, what are the areas that you can find within your

Melissa Palmer:

own organization to be quick wins because you wanna prove that you can

Melissa Palmer:

win to your management so you get more money and can do more projects.

Melissa Palmer:

So you need like a balance of quick wins to prove progress and high.

Melissa Palmer:

right?

Melissa Palmer:

What are the things that I can implement that will have the

Melissa Palmer:

most impact to reduce the risk?

Melissa Palmer:

And you're never gonna get the risk to zero.

Melissa Palmer:

I, there's um, a lot of people say that, like assume breach, right?

Melissa Palmer:

Like assume they're gonna get in so we can do all this security stuff.

Melissa Palmer:

We can do all this backup.

Melissa Palmer:

And backup is basically assuming they're gonna get in, right?

Melissa Palmer:

Like, we're not backing this stuff up cuz we think our security is so great.

Melissa Palmer:

Like we're assuming that it's the last line of defense, we're gonna need it.

Melissa Palmer:

Um, so a lot of it is just trying to mitigate what you.

Melissa Palmer:

in a way that makes sense for your organization, because we can't have

Melissa Palmer:

everybody working 20 hour days doing this either, or they're gonna be too fried to

Melissa Palmer:

make mistakes and people are a problem.

Melissa Palmer:

Um, it, it's difficult.

Melissa Palmer:

It really is hard for any organization.

Melissa Palmer:

It's what can I do with what resources I have and cya, right?

Melissa Palmer:

If I'm, I'd probably be doing a lot of cya when, you know, they tell you

Melissa Palmer:

it's too expensive, you can't do that.

Melissa Palmer:

Well, you better have that documented.

Melissa Palmer:

So when you get ransomware, not like, Melissa, why didn't you

Melissa Palmer:

put in that security system?

Melissa Palmer:

You told me we didn't have the.

W. Curtis Preston:

You don't know what's the current hot way that they're gonna,

W. Curtis Preston:

they're, they're gonna attack you.

W. Curtis Preston:

You can't stop all, uh, vulnerabilities.

W. Curtis Preston:

You can't stop all stupid user things that stupid users are gonna do.

W. Curtis Preston:

Um, and, um, And, and so you, I do think you, you have to assume breach, right?

W. Curtis Preston:

And so you do have to do some things in your network that are going to

W. Curtis Preston:

tell you when the bad guys are here.

W. Curtis Preston:

Um, and that we stop it

W. Curtis Preston:

as quickly as we can.

Melissa Palmer:

Can we make a movie about this?

Melissa Palmer:

Please?

Melissa Palmer:

Like that would be really cool.

W. Curtis Preston:

Nobody.

W. Curtis Preston:

It'll only be

Melissa Palmer:

I'm gonna watch it

Melissa Palmer:

I'm gonna have chat, G b T, write me a movie.

Melissa Palmer:

I've had to write me ransomware, hallmark movies.

Melissa Palmer:

I kid you not, I'm just saying

Melissa Palmer:

have to entertain myself.

Melissa Palmer:

How now?

Prasanna Malaiyandi:

Wait,

W. Curtis Preston:

my wife would watch it if we make it a

W. Curtis Preston:

krama, make it a Korean drama.

W. Curtis Preston:

Um,

Melissa Palmer:

be good.

Melissa Palmer:

Or like a Bollywood ransomware story.

W. Curtis Preston:

yeah, I, there was a ransomware attack and a

W. Curtis Preston:

krama that, uh, I dunno if you saw, there's one called Startup.

W. Curtis Preston:

Um, and, uh, there, there's a, there's a, a really big

W. Curtis Preston:

incubator in Korea in this movie.

W. Curtis Preston:

Um, and this group of people, they, they do a startup there and.

W. Curtis Preston:

Right at the crucial moment they get, they get a ransomware attack.

W. Curtis Preston:

Um, and, and it was because some people did some dumb stuff.

W. Curtis Preston:

They cut some corners, you know, and so they got

Prasanna Malaiyandi:

They got.

W. Curtis Preston:

and the tech wasn't bad.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, there, I, I've actually seen a lot of, there was, uh, the good

W. Curtis Preston:

doctor, that's the one with the guy that has, he's on the spectrum anyway.

W. Curtis Preston:

They got, they got,

Melissa Palmer:

episode

W. Curtis Preston:

they got, they got a ransomware

W. Curtis Preston:

attack.

Melissa Palmer:

Grey's Anatomy

W. Curtis Preston:

Uh, Grey's Anatomy did one.

W. Curtis Preston:

Uh, the good doctor did one and the tech wasn't bad.

W. Curtis Preston:

Right.

W. Curtis Preston:

Uh, I just, I just hate it when it's like, like when you watch, I dunno if you

W. Curtis Preston:

ever watch, did you ever watch the Net?

Melissa Palmer:

Yeah.

Melissa Palmer:

Yeah.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

That tech

Melissa Palmer:

Look, all I know is I was, I don't know, maybe there's some

Melissa Palmer:

Hallmark movies going on in my house and it was on in the other room when I was

Melissa Palmer:

cooking dinner and my ears perked up.

Melissa Palmer:

Cause I heard something about an engineer and it was the dude who was the engineer.

Melissa Palmer:

I was like, oh, I had hopes for this one.

Melissa Palmer:

So Hallmark, if you are listening to this, I would love to be your female

Melissa Palmer:

lead in a I think that would be so much.

Melissa Palmer:

Come on, come on.

Melissa Palmer:

Happy ending.

Melissa Palmer:

They, we, we recover from

W. Curtis Preston:

question is, how can you incorporate a small

W. Curtis Preston:

town with a business that's, you know, on its last legs?

W. Curtis Preston:

And

Melissa Palmer:

Totally.

Prasanna Malaiyandi:

That would

Prasanna Malaiyandi:

work.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

instead of a ran, instead of a, uh, you know, a big

W. Curtis Preston:

bookstore coming into town to shut down your little bookstore, it's

W. Curtis Preston:

the ransomware attack shuts down the little, the little bookstore in

Prasanna Malaiyandi:

Or it could be at a doctor's

W. Curtis Preston:

And,

Melissa Palmer:

Yeah.

Melissa Palmer:

Or local hospital.

Melissa Palmer:

We could do local hospital.

Melissa Palmer:

That would be fine.

Melissa Palmer:

Small town hospital only thing for miles.

W. Curtis Preston:

It's, it's the big city girl that knows, um, that knows

W. Curtis Preston:

about ransomware to rescue the little

Melissa Palmer:

big city girl, leaves her job at a software company, goes back

Melissa Palmer:

to her hometown to go out on her own.

Melissa Palmer:

just

W. Curtis Preston:

Um, can you tell I've seen a Hallmark movie or show a show

Melissa Palmer:

I, it's my guilty pleasure.

Melissa Palmer:

I'm just gonna say that, uh, around Christmas there was a thing going around.

Melissa Palmer:

It was like Hallmark movie generator, and I looked at it

Melissa Palmer:

and I went, this is my life.

Melissa Palmer:

Oh my goodness.

Melissa Palmer:

I'm a Hallmark movie.

Melissa Palmer:

This is so cool.

W. Curtis Preston:

They are kind of predictable as storylines, but, but yet

W. Curtis Preston:

they've yet to have a ransomware attack.

Melissa Palmer:

Come on.

W. Curtis Preston:

I'm behind that.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Well on that note, um, speaking of disappointing, um, you

W. Curtis Preston:

know, if you folks like this

W. Curtis Preston:

episode, I think there's

W. Curtis Preston:

some, I, uh, uh, I think, no, I think this was a good episode.

W. Curtis Preston:

Um, and I like, I think, you know, we covered a lot.

W. Curtis Preston:

We also had a little bit of fun.

W. Curtis Preston:

I love that.

W. Curtis Preston:

That's actually my favorite kind of episode where we, if it's just straight

W. Curtis Preston:

talk the whole time, it's boring.

W. Curtis Preston:

Um, and.

W. Curtis Preston:

This was good.

W. Curtis Preston:

Uh, good, good.

W. Curtis Preston:

Smattering of both.

W. Curtis Preston:

So, um, I think the one thing we're getting away from this is the best way

W. Curtis Preston:

to respond to a ransomware attack is to respond to it before it happens.

Melissa Palmer:

Yes.

W. Curtis Preston:

Right.

W. Curtis Preston:

Talk to people, talk to, you know, talk to a incident response team.

W. Curtis Preston:

A cyber insurance company's a good way to get one of those.

W. Curtis Preston:

Um, you know, uh, do all the, the, those, the ransomware recovery scenarios, right?

W. Curtis Preston:

All the different scenarios from a, the, the backup and recovery standpoint, right?

W. Curtis Preston:

Um, and, um, and do some kind of monitoring, logging, logging.

W. Curtis Preston:

Saving your logs, getting the logs, logging log.

W. Curtis Preston:

I can't, I can't say that.

W. Curtis Preston:

I can't say it that

Prasanna Malaiyandi:

lugging.

W. Curtis Preston:

Yeah, log, logging.

W. Curtis Preston:

Logging, I can't, I don't know.

W. Curtis Preston:

My tongue doesn't do that anyway.

W. Curtis Preston:

Um, and then also some kind of monitoring for what's going on in your environment.

W. Curtis Preston:

That would set off alarms when a ransomware.

W. Curtis Preston:

You know, initial phase is happening.

W. Curtis Preston:

Uh, cuz that's the key to start to stopping it, is to stop it

Melissa Palmer:

Yep.

Melissa Palmer:

Get it.

Prasanna Malaiyandi:

Yeah,

W. Curtis Preston:

absolutely.

W. Curtis Preston:

Well, thanks Melissa

Melissa Palmer:

Thank you.

W. Curtis Preston:

and uh, thanks Prasanna despite the fact that you were the

W. Curtis Preston:

cause of all of our technical problems.

Prasanna Malaiyandi:

I'm sorry.

Prasanna Malaiyandi:

Hopefully not.

Melissa Palmer:

Sounds like a Hallmark

Prasanna Malaiyandi:

I

Melissa Palmer:

Sounds like a Hallmark movie, just saying

W. Curtis Preston:

We'll see this.

Prasanna Malaiyandi:

Thanks Curtis, and enjoy your vacation, Curtis, and

Prasanna Malaiyandi:

thanks Melissa for joining us again.

Melissa Palmer:

my pleasure.

W. Curtis Preston:

All right, and thanks to our listeners, uh, you know, you're

W. Curtis Preston:

the reason we do this, and be sure to subscribe so that you can restore it all.

Links

Chapters

Video

More from YouTube