In this week's talk, Amit and Rinat dive deep into the world of ransomware, a type of malicious software that encrypts files or locks systems until a ransom is paid. We explore its various types, learn how ransomware typically infiltrates systems and discover the sophisticated evasion techniques attackers use to bypass antivirus defences. We also discuss essential preventive measures to protect against these evolving threats. Join us for an insightful discussion on ransomware.
...
Rinat: Hi everyone.
2
:Welcome to Tech Talk, a podcast where
Amit and I talk about all things tech.
3
:We don't just talk about tech.
4
:We talk about how the tech impacts
our lives and the society overall.
5
:Today we want to talk about ransomware.
6
:We've talked about deep fakes before,
today would be a complimentary
7
:episode to talk about ransomware
and how it affects everyone.
8
:And how we should be careful and vigilant
to protect ourselves on the internet.
9
:Looking forward to learn as
well as talk about ransomware.
10
:Please start us off
with what is ransomware.
11
:Amit: Hey, . Thanks.
12
:Thanks a lot for the
introduction . Ransomware I felt
13
:was quite an important topic.
14
:We have read about it in the news.
15
:We heard about NHS under a ransomware
attack because they were using, old
16
:Windows XP machines and they had a attack.
17
:I don't know what happened.
18
:Did they actually pay the money or not.
19
:But essentially that's what triggered
this idea that we have talked about
20
:a lot of things, but there are some
tech or there are some things which
21
:have a very dangerous consequence
and ransomware is one of them.
22
:And in essence, ransomware comes
from the word ransom and ransomware
23
:essentially means that you need to pay
money, in lieu of the information on
24
:your machine, it could be a laptop,
it could be a computer, it could be a
25
:mobile device, it could be anything.
26
:And essentially what happens in ransomware
attack is your phone or your laptop or
27
:your computer gets locked and you're
not able to access any of your files.
28
:And in order for you to get
access, you have to pay a ransom.
29
:Instead of something happening in
the real world, it still happens
30
:in the real world, but it is got to
do with the data on your machine.
31
:Rinat: That is actually really interesting
and thank you for that example as well.
32
:There are many ways of being scammed and
threatened and bullied on the Internet.
33
:And all the things that we've
been facing in the last century,
34
:physically in the real world now
has found its digital version on
35
:the internet and it is inevitable.
36
:There will always be people who would try
to take advantage of new technologies
37
:. so in this scenario, the data that you
own, or that is important to for you to
38
:have access to, you get locked out of it.
39
:So it gets kidnapped away.
40
:And the only way you can regain access
to that data or platform is by paying the
41
:malicious person who locked you out of it.
42
:I didn't actually even know about
the incident at NHS, but this
43
:reminds me of, for those of you who
has seen Grey's Anatomy, there was
44
:an episode where this exact thing
happens that the whole computing
45
:systems in that hospital all the.
46
:Doctors and hospital personnel gets
locked out of, and then they demand a
47
:huge sum of money to get that released.
48
:it's very interesting and it is
happening in real world as well
49
:as we are seeing it in the media.
50
:Amit: Yeah, the interesting part of
ransomware is that it's not there are
51
:attackers who are trying to target you
specifically but there are there are so
52
:many people connected to the internet.
53
:So there is not a group of people
who are sitting there and looking
54
:at, Oh, this person is vulnerable.
55
:Let's target them.
56
:No.
57
:They send out a piece of software
and they package it in a way that
58
:you can accidentally download it
or install it on your machine.
59
:Now the ways to do that
is by a phishing email.
60
:A phishing email is an attack where
you're trying to impersonate someone.
61
:So say, Rinat sends me an email, and
it's actually not from Rinat, it's
62
:from someone else, but they make it
look like it's coming from Rinat.
63
:Or you can say Google.
64
:So you get the Google logo, you
type all the words that are normally
65
:are there in a Google email.
66
:And then you say, Oh, you have forgotten
your password or your something is
67
:expiring and you have to pay some
money to get access or download
68
:this file or click on this link.
69
:Et cetera, et cetera.
70
:So this is a phishing email and when
you do something like click a link in
71
:the email or download an attachment on
that email or go to a website where if
72
:you go and you enter some information.
73
:Your information gets leaked
and that's how the ransomware
74
:gets installed on your machine.
75
:Now, there are different things.
76
:We are talking about ransomware.
77
:We are not talking about viruses.
78
:We are not talking about other
malicious files because these can
79
:damage the data, but , it will
not prevent you from accessing it.
80
:Ransomware prevents everything.
81
:You, you can't use your keyboard.
82
:You can't use your mouse.
83
:You can see that there is a screen a
banner that appears on your computer.
84
:And then it says in order for you
to view the data, pay this much
85
:money, normally in cryptocurrency.
86
:So you pay in Bitcoin because
then the transaction is anonymous.
87
:So you can't actually figure
out who the money has gone to.
88
:You just know to this wallet, you have
to transfer the Bitcoin, but that wallet
89
:could be of a person, a company, a group.
90
:We don't know.
91
:And that's how you go for the attack.
92
:So you have a phishing email.
93
:The second way is an exploit.
94
:It's always recommended that we
update our software regularly.
95
:Now, why?
96
:Because sometimes there is a
vulnerability in the software
97
:that gets patched with an update.
98
:Patching means you fix the problem.
99
:The problem in your operating system or
the software that you're trying to use.
100
:In case anyone tries to take advantage
of that vulnerability in the non
101
:upgraded version of the software
or the operating system, then
102
:that means you can get exploited.
103
:So the same thing happened with NHS.
104
:Windows 10 was out.
105
:They were still using Windows XP.
106
:Microsoft has dropped support
for Windows XP a long time back.
107
:They don't release any security
patches, so if there is a vulnerability
108
:in XP, someone can exploit that
vulnerability and get access to all
109
:the information on the computer.
110
:Now, that was exploited to get
access and lock all the files.
111
:I don't know if they paid the money,
but this is a type of extortion.
112
:So you have to be very careful of what
you're trying to click, where you're
113
:going on the web on the internet.
114
:And what are you clicking?
115
:Are you downloading a safe file?
116
:Because anything can happen.
117
:It can download a virus on your machine
or it can lock your machine completely.
118
:Rinat: I hadn't actually thought about
all the different types of malicious
119
:emails or malicious approaches that
you could, we are facing it all every
120
:day, but I didn't really think about
the categorization the way you just put
121
:it . Some of them are trying to harm
your data or corrupt it but ransomware
122
:is different in a way that it will keep
the data, but it will lock you out of it.
123
:So you can't use anything.
124
:And I imagine that even if you reset
your computer or turn it on and
125
:off, none of these will help at all.
126
:Just to be clear about
the severity of this kind
127
:of attack.
128
:So in our past episodes, we've
talked about various ways, how you
129
:should be careful on the internet.
130
:We've talked about deep fake, we talked
about scamming and phishing earlier
131
:as well on, on dedicated episodes.
132
:So let's just put ransomware in its place
among all of these different things.
133
:Ransomware is a piece of
software, which you don't want
134
:it in your Computing IT systems.
135
:Just like virus, you don't want a
virus to be , in your IT system.
136
:And the way ransomware would try and
get access to your IT system is similar.
137
:A lot of the times it is social
engineering, trying to find a
138
:way that you unintentionally
have it downloaded or installed.
139
:It's very rare that they can actually,
hack into a secure system unless you
140
:provided a way for them to do that.
141
:So this is why it's so important to be
aware of all the different ways they are
142
:trying to get access to your IT system.
143
:And now once they get access, there
are , different kind of things that
144
:this malicious group would want to do.
145
:One is to trick you to send money
over to them, which is a scam and
146
:phishing as we talked about earlier.
147
:Maybe say that, there was a
unauthorized purchase with your
148
:PayPal account and you've got to send
money to this account and whatever.
149
:So that's scamming and
phishing, et cetera.
150
:And then there are ways like viruses,
which will actually harm or corrupt
151
:your data or your IT system, which
is another thing that they will
152
:threat you in terms of ransomware.
153
:But yeah, we have access and we will
delete it or, completely destroy
154
:your data if you don't pay up.
155
:So that's all of these things
are one way or another related.
156
:The way ransomware would try
and get access to you to your I.
157
:T.
158
:System is the same as,
phishing or scam or whatever.
159
:How a virus gets access.
160
:So that's the part we need to
be really careful and vigilant.
161
:And in order to protect yourself,
your assets and your data, which
162
:are all very valuable nowadays.
163
:even if you are a non techie
person, you should have this kind
164
:of understanding just so you can
protect your assets and property.
165
:And, data is a valuable property nowadays
anyway as well as your actual physical
166
:asset like bank account and money and
all the other finance and everything.
167
:Everything is online now.
168
:So it's very important even for non
techie folks out there, especially
169
:a majority of our listeners to be
Aware of all the things that can
170
:happen and how to protect yourself
171
:from it,
172
:Amit: When we talk about ransomware we
think, okay, why am I getting targeted?
173
:But as I mentioned earlier,
you are not getting targeted.
174
:You just got scammed or you clicked
on some link or you downloaded
175
:an attachment or you went to
a website that was malicious.
176
:And the moment you went, you
opened something and it downloaded
177
:something on your computer.
178
:So that's how it happens.
179
:So you're not targeted.
180
:You just fell a victim.
181
:Let's look at what actually
happens in a ransomware thing.
182
:So something gets delivered
onto your machine.
183
:And So you download it, you
install, it, gets installed
184
:automatically, et cetera, et cetera.
185
:So something gets installed
on your machine.
186
:Once it gets installed, it
starts doing various things.
187
:So how does the ransomware lock you out?
188
:One way is it encrypts all the files
on your machine, and encryption
189
:means that you're putting it an
in an envelope and you're locking
190
:it with a code or with a key.
191
:And if you don't have the key,
you cannot open the envelope.
192
:And that is in a sense, encryption.
193
:And it basically means
your files are there.
194
:You can see it, but you can't open it.
195
:So that's one way in, in which ransomware,
blocks you access to your files.
196
:The other way is putting a lock screen.
197
:It locks you out of the system.
198
:So whenever you start a machine, it
asks you for your username and password.
199
:Same thing with your smart devices.
200
:So it asks for a
fingerprint or a pin code.
201
:That locks you out.
202
:So you even cannot get in.
203
:So forget about seeing the file.
204
:You can't even get in to see the file.
205
:Okay, so that's one way.
206
:The other way is, it
doesn't allow you to boot.
207
:So when you switch on the power button, It
doesn't load the operating system because
208
:that's the first thing that happens.
209
:The BIOS starts and it looks at the
master boot record and it looks where
210
:the operating system is installed.
211
:We've spoken about BIOS as well.
212
:So it does all the check and then it tries
to load or start the operating system.
213
:And in some ransomwares,
it prevents this as well.
214
:So you can't even now start your machine.
215
:You can switch it on, but nothing
will load and it'll just show
216
:a screen pay this much money.
217
:Okay.
218
:Now there are different
techniques as well.
219
:So in, in one technique, you pay the
money and you get a key like a code.
220
:And you type in the code and
then it unlocks everything.
221
:It decrypts all the files.
222
:It unlocks your system.
223
:It lets you start your operating system.
224
:So that's one way.
225
:The other way is it will prevent
access by showing you a countdown.
226
:So it's 10 days.
227
:If you don't pay the money in 10
days time, all the data on your
228
:computer will be lost forever.
229
:So these are different
types of ransomware attacks.
230
:And we have to be very cautious and
aware that this can happen to us.
231
:Okay.
232
:Normally the things that we read in
the media are about big companies.
233
:So a lot of big companies, they get
ransomware attacks and then they
234
:have to pay money because they have
confidential information which they
235
:don't want to leak because the other
part of ransomware is that they will
236
:encrypt your file, they'll download
all the file to their machine and then
237
:they will say, we will expose all your
secrets if you don't pay us the money.
238
:So this is a kind of extortion and
this is what a ransomware is all about.
239
:It's trying to extort money from you.
240
:It could be 0.
241
:015 Bitcoin BTC.
242
:That's it.
243
:But it's enough to it's enough for a
lot of people because they have millions
244
:of computers running these ransomwares.
245
:So yeah
246
:Rinat: They could be , doing
this to so many people.
247
:So even a small amount although not small
amount for the victim, 1, 000 or pounds,
248
:and if they found a hundred victims,
that's a hundred thousand dollars or
249
:pounds, whatever it's quite a huge sum.
250
:And.
251
:Again this is what really boggles
me that, to, if you agree to pay
252
:the ransom, there is no guarantee
253
:ever that they will give you
the decryption key, or they will
254
:not delete your files anyway.
255
:Or even, a likely scenario is that
they've just managed to block you out.
256
:They haven't even got the
257
:power to give you access
258
:back.
259
:They just need to
convince you to send money.
260
:And after that, they don't have
any care in the world to whether
261
:or not you get access to that
data, however important it is.
262
:The people who can lock out
hospitals or NHS out of patient data.
263
:And there might be critical patients
who might need that information, a
264
:surgeon might need to operate in minutes.
265
:And if they're okay to do that, then they
don't care about, whether the doctors
266
:get those information ever, . We're
not professional, disaster advisors.
267
:So , none of those are
advice in a professional way.
268
:But what I would do is that it's never
worth uh, paying the ransom, because
269
:first of all, there is no guarantee you'll
get whatever it was taken from you data,
270
:whether it's locked out of your computer,
whether it's the hardware, if it's an
271
:expensive gaming laptop or whatever you're
worried about, whether you're going to
272
:get that back, or whether you're going
to get the data back, or whether or not
273
:they're going to expose your secrets.
274
:There is no guarantee of any of that going
your way, especially once you've paid,
275
:they don't have a lot of information on
you, but they do know this for sure that
276
:you are the kind of person who will pay.
277
:So you're like the prime target
to extort you even further because
278
:you've already taken their bait.
279
:So I would never actually pay the ransom
because there is absolutely nothing
280
:that to be gained from this scenario.
281
:And actually this is from
personal experience as well.
282
:When I was a, teenager, when the
internet was first about, I've
283
:had accounts open with very easy
passwords all numbers, et cetera.
284
:And that somehow did get leaked.
285
:And have I been pwned, has
those passwords and I can see.
286
:And then once I received these
Emails after every few months, I've
287
:been receiving these emails, which
actually have my, that password.
288
:It's all digits, like very easy, I
didn't use that in 15, 20 years now,
289
:but I did have that as one of my very
first password when I was teenager
290
:and internet was new back then.
291
:So I see that password in the subject
line, all exposed and that kind of does,
292
:make you skip your heartbeat a little bit.
293
:And then in the message email message
body, it says that, , we have all
294
:of your secrets and apparently we
have some of your videos , , because
295
:I know that, no such thing exists.
296
:That's why I could be confident because
at the time when I got those emails,
297
:I was still a teenager even then.
298
:So I would have been quite
scared if I, because I know that
299
:no such thing exists anyway.
300
:So it wasn't possible.
301
:It didn't really apply to me.
302
:And even nowadays, and sometimes
I get like transfer this amount of
303
:Bitcoin to this address, and then
we won't share your secret videos
304
:or whatever to be honest, even if I
did have any secret videos, share it
305
:all you want, I don't really care.
306
:But again this is really, I can see why.
307
:Anyone, any regular person would be
really scared and they would do anything.
308
:They could have like really secret
things that they don't want to
309
:be exposed in any way, and they
actually don't have anything.
310
:These emails that I've received.
311
:Then I know that there is nothing.
312
:So these emails are a lot of the times
they just have that old password which
313
:has been leaked years ago and they're
just hanging on to that to make you
314
:believe that there is something and
they're taking a chance and they're
315
:sending these emails to a million
people and Out of those million people,
316
:that password is actually correct.
317
:So if you see your old password
and exposed in an email subject
318
:line and then say something like
that, you are bound to be scared.
319
:So this is why I would advise not
ever to give anything because they
320
:don't probably have anything anyway.
321
:And even if they do, there is no guarantee
that they won't share it anyway, right?
322
:They're they are malicious people.
323
:So they'll probably enjoy doing that
regardless and then the third thing
324
:what I would say Which is an actual
preventative measure, for an individual
325
:for a company They have obviously,
cybersecurity advisors, etc but for,
326
:on a personal level, what I would say,
and this is something I do as well,
327
:your data is important and valuable.
328
:It could be like you
have a invention idea.
329
:You want to patent it and
you've written it all down.
330
:You've done the drawings and everything.
331
:And that is in your computer.
332
:And it is obviously a secret.
333
:You don't want the world to know about it.
334
:And there could be many other secret or
valuable assets stored in your computer.
335
:And what I do is on a periodic
basis is have an offline backup.
336
:It's not a cloud backup,
not an online backup.
337
:It's not even attached to
electricity in any way.
338
:So definitely do this . Set yourself
up every quarter of a year or every
339
:six months or even yearly if you can't
be bothered with it too frequently.
340
:But I would say every quarter
or six months is a good time.
341
:You basically take all of your data
by a really big storage external
342
:drive, take all of your data, copy
everything and have that external drive
343
:disconnected from power and separate.
344
:obviously they can say, still
be extortionate by, saying
345
:that we'll share your data.
346
:That's one way that
will still remain open.
347
:But the other way is that, okay, you're
locked out and you can never get access
348
:to your data or your, precious memories,
maybe your loved one has passed away and
349
:you have their photos and videos , and
you can never have access to those.
350
:So you will never be in that situation.
351
:If you regularly back
your, all of your data out.
352
:And I've spent a significant amount
of time in my life, sorting out all my
353
:data from past, like from the beginning
of digital age and before that, which
354
:I've scanned . And it is worth it.
355
:I would still say that I still have that
peace of mind that everything I have.
356
:From photos, videos, everything is
organized, documents and everything
357
:is organized and easily backupable.
358
:I've done that and I would
recommend anyone to do that.
359
:So that's one area of, holding you
hostage is completely eliminated.
360
:But then again, obviously you
still have that secret being shared
361
:problem, which, if you have any idea,
please share with the rest of us.
362
:Amit: Yeah.
363
:So you've touched a good points and
I didn't know about your personal
364
:experience, but , yes we did interview
Troy Hunt, who's the founder, who's the
365
:creator of have I been pwned website.
366
:And I, even my data has been
leaked and I have seen some of my
367
:passwords online published as well.
368
:The passwords are not
connected to you directly.
369
:The passwords are just leaked.
370
:It's like a password file, which has
a lot of passwords and you can maybe
371
:connect to it because it's your password.
372
:But if it's a very simple password Amit123
there could be millions of people with.
373
:And they would have typed one, two, three.
374
:So it's not related to you.
375
:It could be millions of people.
376
:And as you mentioned that the email,
the phishing emails or scam emails
377
:are sent out to millions of people.
378
:And even if one person clicks
that's money for them, right?
379
:And with so much advancements, now it's
very easy to fool people because there
380
:is so much technology around us and we
don't know how the technology works.
381
:And That is one of the biggest
reason we are doing this podcast.
382
:We want to educate people because there
are so many things about technology
383
:that people don't understand.
384
:You mentioned about backups.
385
:You always need to have three backups.
386
:One is local backup, one is a
cloud backup, and one is offline
387
:backup, which is not local.
388
:So local backup is anything on your
machine that you That you can access
389
:easily cloud backup is anything on the
cloud and offline backup is an offline
390
:backup, which is not connected, which is
air gapped, which is, which means there is
391
:no internet connectivity and it is not in
your location because if your house burns
392
:down tomorrow or if there is a burglary,
you lose that data because a lot of times
393
:people steal the electronic equipments.
394
:So if that is exposed somewhere,
or if it's not in a locker, then
395
:of course you lose that data.
396
:Of course, you need to
have a password manager.
397
:So I have a password manager.
398
:It's offline password manager.
399
:But I store it on the cloud.
400
:So whatever is getting stored is
actually password protected.
401
:So even if it's on a Google
server, it is encrypted.
402
:So it's not stored on the Google
server as a clear text file.
403
:It's not like someone will click the
file and they will be able to read it.
404
:No, you need a master password.
405
:So that's how I secure myself.
406
:You touched some of the
important techniques like, okay,
407
:be aware, be this, be that.
408
:And as individuals people
are getting more aware about
409
:technology but it's the enterprise.
410
:The challenges are that even with a
robust IT system and antivirus and many
411
:other ransomware or virus mitigation
strategies, people still get fooled.
412
:And as you mentioned previously,
that people are the last
413
:defense against security and
if they fall, everything falls.
414
:So that's why Most of the attacks
are focused on people rather than
415
:on the actual software because it's
easy to fool people than software.
416
:And one of the ways we can prevent all
these things is by educating ourselves by
417
:making sure that we are clicking the right
link by verifying the source of the email,
418
:by looking at whether the website is
HTTP secure or not et cetera, et cetera.
419
:So there are various ways you,
which with, which you can stay safe.
420
:Now, coming back to ransomware,
there is a very interesting concept
421
:about, Why does ransomware goes
undetected by the antivirus?
422
:Nowadays, if you have Windows
10 or Windows 11, it gets
423
:updated very frequently.
424
:Most of the browsers like Google Chrome,
Firefox, they get updated very frequently.
425
:You get an alert asking you
to upgrade your machine.
426
:A windows also gives you an alert
asking you to restart your machine
427
:and get the update installed.
428
:If you have not done it in a
while it automatically restarts
429
:after five or six days.
430
:So there are different strategies with
the companies are taking because there
431
:are people who don't take these measures.
432
:Now even after all these things,
ransomware uh, goes undetected and
433
:what are the different techniques?
434
:So one of the simple techniques
is that whenever you Create
435
:a file on your computer.
436
:It's written on the hard disk.
437
:But there is RAM, which is random access
memory and it gets cleared all the time.
438
:So what if the ransomware
stays on the memory.
439
:It's never actually
written on the hard disk.
440
:So an antivirus that is scanning
the drive C drive or a D drive,
441
:it'll never detect the ransomware.
442
:So it downloads, starts installing
stuff, locks your system down.
443
:The memory what happens is the computer
takes the file from your hard disk.
444
:It loads it into memory and runs it.
445
:The RAM is quite fast, so if something
is loaded on the memory, then it
446
:means that it can go undetected.
447
:I'm not sure about the latest anti
virus techniques, where are they
448
:scanning memory, but I'm guessing
that some of them are scanning.
449
:So this is just one of the techniques.
450
:The other technique is you go
fileless you don't have any files.
451
:You try to be in a way that
there are no files created That's
452
:how you evade the Antivirus.
453
:The other way is that you Once you get
installed on one machine and then you try
454
:to go get installed on another machine,
you don't have the same signature.
455
:Rinat: Sorry.
456
:Amit: you have the file list,
which is stored in the memory.
457
:And then you have a code that changes
from one machine to another machine.
458
:So suppose the antivirus detects
ransomware, malicious content.
459
:And it stores it in its database and
then it tells now because it's in
460
:its database, it updates everywhere,
every copy of it, wherever it is
461
:installed, that this is the signature.
462
:But the problem is that
ransomware changes.
463
:So every time it changes
itself, it modifies itself.
464
:So it goes undetected.
465
:So that's called polymorphism.
466
:And we have seen it in a lot of
movies, in lot of hacker movies where
467
:they try to detect or stop the the
ransomware or some malicious content
468
:from triggering a nuclear attack.
469
:Because it's polymorphic code
because it's changing constantly.
470
:The other is that it uses very difficult
or very sophisticated encryption
471
:techniques, which even the antivirus
can't detect because it's not up to date.
472
:So there are these things,
then the signature.
473
:it manipulates the signature.
474
:So suppose you are a good
software and you have a signature.
475
:Now antivirus looks for
signatures of those files.
476
:If it has a good signature, of course
it'll say, okay, it's a safe file.
477
:What if you can get the good
signature on your ransomware
478
:file or a malicious content?
479
:So you can fake a signature and then
480
:Rinat: Foraging.
481
:Yeah.
482
:Amit: so that way you can
evade the antivirus, the
483
:antivirus say, Oh, this is fine.
484
:I don't have to worry about it.
485
:Other is obfuscation.
486
:you look like a normal file,
but you're actually not.
487
:So the moment you click on the
directory, it's actually an executable.
488
:And this has happened
with a lot of viruses.
489
:They look like a directory,
but they're actually a file.
490
:So you think it's a folder, you double
click and you'll see some files, but
491
:no, you've already started the antivirus
and the ransomware has attacked.
492
:so these are some of the techniques
in which ransomware evades the anti
493
:virus or anti ransomware softwares.
494
:So now there are product categories
which are sold as anti ransomware
495
:or anti malware things like that.
496
:So yeah, so these are different techniques
in which The ransomware evades antivirus.
497
:Rinat: Wow.
498
:I've learned a lot, be a lot of
these things you just mentioned.
499
:I didn't even know at all.
500
:And some of those I understand like
polymorphism or some of the other
501
:techniques, but one of the things
that really boggled my mind was going
502
:file less to be able to do anything,
you need to, put something in the
503
:computer and if you're file less, how
504
:would you do that?
505
:don't
506
:Amit: is the thing.
507
:The file is stored on your
computer on a hard disk, but it's
508
:not executed from the hard disk.
509
:It's executed from the memory.
510
:And when it's written into the
memory, it can also be erased.
511
:Memories are flashable.
512
:So it means you can write on
it multiple times and you can
513
:write multiple information.
514
:So something that's loaded in the
memory doesn't stay in the memory.
515
:So when you shut down your computer
and when you switch it on, you have
516
:to open the apps all over again.
517
:Windows has become better.
518
:So it,
519
:keeps the state.
520
:And it shuts down.
521
:So it keeps the state of the memory
and the apps are still there.
522
:So now instead, so think like this,
instead of writing it to the hard disk,
523
:what if you download a file, it doesn't
get downloaded onto your hard disk.
524
:It gets downloaded onto your memory.
525
:It's written there.
526
:But it's not stored anywhere.
527
:So that's how it's fileless.
528
:So it's written on the memory.
529
:It's not stored on the hard disk.
530
:So it means the moment you turn it
off, the information is gone, right?
531
:But if you don't turn it off and
your computer is on for a long period
532
:of time and accidentally you do
something that triggers it, then it
533
:gets installed and you are blocked.
534
:And that's the evasion technique.
535
:So antivirus can't detect it.
536
:But a lot of new antivirus
537
:Rinat: Yeah.
538
:Amit: they are doing in
memory profiling as well now
539
:Rinat: Okay.
540
:So many innovative ways.
541
:I do wonder if these guys put their
brilliance onto something good, a lot
542
:of good things probably would have
happened, to come up with all of these,
543
:new innovative ways to hack into someone
else's computer for malicious purposes.
544
:Of course, to come up with these kind of
things and that works, that means you're
545
:obviously very skilled and talented within
the IT arena and you could easily have
546
:a, honest way to live a really good life.
547
:And to be honest, the way obviously
as we mentioned earlier today, that,
548
:yeah, if you scam a lot of people,
you end up, making a lot of money.
549
:But, the amount of effort
they have to put in.
550
:And, if you distribute all of your
returns, over that period of years.
551
:And, actually how many people
are, taking the bait, etc.
552
:It's, it feels like it's really going
to be difficult to make as much.
553
:If you're that talented and skillful,
then you should probably be able
554
:to make more and with less risk of
going to jail or being punished and
555
:also making money ethically with
more peace of mind than doing this.
556
:It's just really
557
:Amit: think Rinat, you're missing the
point because we have very strict laws.
558
:We know that people get imprisoned
if they kill someone or they
559
:steal something from someone.
560
:Yet it happens.
561
:Yet it happens, right?
562
:Yeah.
563
:Irrespective of what, whatever
stricter laws we have, whatever police
564
:we have, these things still happen.
565
:People still kill people.
566
:People still steal from people.
567
:They get imprisoned.
568
:We read about them in the news.
569
:I'm pretty sure the people
who are doing this are also
570
:reading about it in the news.
571
:Yet they do this because sometimes
they don't have the fear.
572
:Sometimes it just gives them a kick.
573
:Okay, I can do this.
574
:I can boast it among my peers, right?
575
:Sometimes it's a state
576
:Rinat: Hmm.
577
:Yes.
578
:Amit: sometimes you've
created a ransomware 10 years
579
:ago, but it's still active.
580
:It goes undetected and
it's working, but you have
581
:moved on.
582
:And a lot of these people, we
say that they are brilliant.
583
:They are brilliant but you and
me all can also figure these out.
584
:We just don't put the time and
effort to in that direction, right?
585
:So some people have a constructive
direction and some people
586
:have a destructive direction.
587
:And sometimes what happens is they
create something destructively and
588
:because they've learned so much,
they actually work for companies such
589
:as an antivirus company or an anti
malware company, et cetera, because now
590
:they can use their experience for by
creating these malicious software to.
591
:Tell how to build your
software to detect them.
592
:So this always happens.
593
:Hackers become you have the
black hat hackers, the white hat
594
:Rinat: ethical hacking.
595
:Yes.
596
:Amit: So forth.
597
:Yeah.
598
:Rinat: Yeah, there is a
obviously different perspectives
599
:to each of these stories.
600
:As we're talking about all of
these ways that ransomware or
601
:viruses can attack your computer.
602
:And you might think that, okay, these
are more of a a media situation.
603
:We see on, a hacker movies
that , this is happening.
604
:But in real life there, where would, who
would build a software as sophisticated
605
:as, that can do this and that to
that question, I would say that I've
606
:actually come across a software.
607
:Yeah.
608
:And the name of the
software is 888RAT, R A T.
609
:And that's a proper hacker software.
610
:And if that gets access to your
computer, the person who put it there
611
:will have access to your webcam, your
microphone, everything and every file.
612
:And you wouldn't even know about it.
613
:You will be using your computer as is.
614
:And it's aptly named RAT
at the end with 888 RAT.
615
:So these kind of software, and
I only known about this one.
616
:And I've known about it, but then
I can't, I don't have the courage
617
:to even go to that website.
618
:Cause who knows, by, I would probably
be thinking that I'm downloading
619
:that software, but I'm probably
being ratted or being scammed as I
620
:try to download, a lot of the times,
scammers can be scammed anyway.
621
:So even to learn about it if I
wanted to really, dissect how it
622
:works and everything, I would have
to create an offline machine with
623
:a different wifi network than mine.
624
:And then only I could probably feel
safe to do something like that.
625
:And that's a lot of effort.
626
:So this is what I'm saying, like to be
able to do or to want to do something, the
627
:amount of effort you have to go through
628
:is, is
629
:Amit: in my college, I remember
the computer science students,
630
:they build the software and it's
basically, um, what do you say?
631
:It's basically this
server client software.
632
:So basically there is a server that
communicates with the client and the
633
:client gets installed on your machine
and the client knows where to send
634
:the information and it's basically a
screen sharing screen sharing software.
635
:So it shares everything
that's going on your screen.
636
:It shares whatever you're sending from
your computer like keyboard or mouse
637
:or input devices, and again, camera.
638
:So anything that's getting input
it can send it and the client sends
639
:it to the server and they built a
very simple software and they said,
640
:okay, this is how you install it.
641
:And we have this client server.
642
:Concepts.
643
:So zoom has a server and then multiple
clients, and then you share your screen.
644
:Now imagine if everything goes
in a malicious way where you hide
645
:everything, you hide the interface,
but everything is still being shared
646
:without showing you the interface
that your screen is being shared.
647
:Rinat: How dangerous is that!
648
:So you might be thinking that, okay,
this is really difficult to achieve
649
:and whatever, but it's actually,
something that we have right now.
650
:As Amit, you mentioned, you probably
have zoom or some sort of other meeting,
651
:remote meeting software installed already,
is this the same kind of software?
652
:Without the interface.
653
:So they didn't even have to spend time
on programming how it should look like.
654
:They just said, okay, it
shouldn't even look like anything.
655
:They can just do the background stuff.
656
:So it's actually very
much doable and exists.
657
:So definitely something to be aware of.
658
:But also at the same time, I feel like
we talk a lot about to be cautious from
659
:this and cautious from that, which might
put people off technology altogether.
660
:We don't want to do that.
661
:Definitely embrace the
advancement of technology.
662
:Just do it carefully and have
a bit more attention to detail.
663
:The more advanced things are going
the more, vigilant you should be in
664
:anything, like even before the age of
computing, as you said, someone may
665
:forge the digital signature that, say
Microsoft digital signature, you can
666
:pretend to be Microsoft by doing that.
667
:That was happening before with cheques.
668
:People would forge a
669
:check with someone else's signature
and take out money from bank.
670
:So all of this, and
how would you check it?
671
:You need it to be vigilant to
make sure that this is your
672
:signature so it's the same thing.
673
:You be vigilant in your digital world.
674
:Amit: One of the things you mentioned
is that we don't want to off put
675
:people from technology by saying
that you have to be cautious.
676
:It's like using a knife in the kitchen.
677
:People don't stop using a
knife in the kitchen to cut a
678
:bread or to cut a vegetable.
679
:We know it's sharp.
680
:It can cut your fingers, yet we use it.
681
:We're just careful.
682
:So it's technology, something similar.
683
:So our technology is useful, but you
have to be careful because you don't know
684
:how it's being you how it can hurt you.
685
:Yeah.
686
:Yeah.
687
:Rinat: Absolutely.
688
:That's a good analogy.
689
:Yeah, it's been actually quite
an eye-opening conversation.
690
:Amit, I've really enjoyed that and
hopefully our audience found it
691
:useful too, and will have positive
behavioral changes as we navigate
692
:around the internet, thank you
everyone for listening and hopefully
693
:we'll see you guys again whenever
we come back with our next episode.
694
:Amit: Thanks guys.