Artwork for podcast Tech Talk with Amit & Rinat
Ransomware
Episode 8328th June 2024 • Tech Talk with Amit & Rinat • Amit Sarkar & Rinat Malik
00:00:00 00:38:16

Share Episode

Shownotes

In this week's talk, Amit and Rinat dive deep into the world of ransomware, a type of malicious software that encrypts files or locks systems until a ransom is paid. We explore its various types, learn how ransomware typically infiltrates systems and discover the sophisticated evasion techniques attackers use to bypass antivirus defences. We also discuss essential preventive measures to protect against these evolving threats. Join us for an insightful discussion on ransomware.

Transcripts

Speaker:

...

Rinat: Hi everyone.

2

:

Welcome to Tech Talk, a podcast where

Amit and I talk about all things tech.

3

:

We don't just talk about tech.

4

:

We talk about how the tech impacts

our lives and the society overall.

5

:

Today we want to talk about ransomware.

6

:

We've talked about deep fakes before,

today would be a complimentary

7

:

episode to talk about ransomware

and how it affects everyone.

8

:

And how we should be careful and vigilant

to protect ourselves on the internet.

9

:

Looking forward to learn as

well as talk about ransomware.

10

:

Please start us off

with what is ransomware.

11

:

Amit: Hey, . Thanks.

12

:

Thanks a lot for the

introduction . Ransomware I felt

13

:

was quite an important topic.

14

:

We have read about it in the news.

15

:

We heard about NHS under a ransomware

attack because they were using, old

16

:

Windows XP machines and they had a attack.

17

:

I don't know what happened.

18

:

Did they actually pay the money or not.

19

:

But essentially that's what triggered

this idea that we have talked about

20

:

a lot of things, but there are some

tech or there are some things which

21

:

have a very dangerous consequence

and ransomware is one of them.

22

:

And in essence, ransomware comes

from the word ransom and ransomware

23

:

essentially means that you need to pay

money, in lieu of the information on

24

:

your machine, it could be a laptop,

it could be a computer, it could be a

25

:

mobile device, it could be anything.

26

:

And essentially what happens in ransomware

attack is your phone or your laptop or

27

:

your computer gets locked and you're

not able to access any of your files.

28

:

And in order for you to get

access, you have to pay a ransom.

29

:

Instead of something happening in

the real world, it still happens

30

:

in the real world, but it is got to

do with the data on your machine.

31

:

Rinat: That is actually really interesting

and thank you for that example as well.

32

:

There are many ways of being scammed and

threatened and bullied on the Internet.

33

:

And all the things that we've

been facing in the last century,

34

:

physically in the real world now

has found its digital version on

35

:

the internet and it is inevitable.

36

:

There will always be people who would try

to take advantage of new technologies

37

:

. so in this scenario, the data that you

own, or that is important to for you to

38

:

have access to, you get locked out of it.

39

:

So it gets kidnapped away.

40

:

And the only way you can regain access

to that data or platform is by paying the

41

:

malicious person who locked you out of it.

42

:

I didn't actually even know about

the incident at NHS, but this

43

:

reminds me of, for those of you who

has seen Grey's Anatomy, there was

44

:

an episode where this exact thing

happens that the whole computing

45

:

systems in that hospital all the.

46

:

Doctors and hospital personnel gets

locked out of, and then they demand a

47

:

huge sum of money to get that released.

48

:

it's very interesting and it is

happening in real world as well

49

:

as we are seeing it in the media.

50

:

Amit: Yeah, the interesting part of

ransomware is that it's not there are

51

:

attackers who are trying to target you

specifically but there are there are so

52

:

many people connected to the internet.

53

:

So there is not a group of people

who are sitting there and looking

54

:

at, Oh, this person is vulnerable.

55

:

Let's target them.

56

:

No.

57

:

They send out a piece of software

and they package it in a way that

58

:

you can accidentally download it

or install it on your machine.

59

:

Now the ways to do that

is by a phishing email.

60

:

A phishing email is an attack where

you're trying to impersonate someone.

61

:

So say, Rinat sends me an email, and

it's actually not from Rinat, it's

62

:

from someone else, but they make it

look like it's coming from Rinat.

63

:

Or you can say Google.

64

:

So you get the Google logo, you

type all the words that are normally

65

:

are there in a Google email.

66

:

And then you say, Oh, you have forgotten

your password or your something is

67

:

expiring and you have to pay some

money to get access or download

68

:

this file or click on this link.

69

:

Et cetera, et cetera.

70

:

So this is a phishing email and when

you do something like click a link in

71

:

the email or download an attachment on

that email or go to a website where if

72

:

you go and you enter some information.

73

:

Your information gets leaked

and that's how the ransomware

74

:

gets installed on your machine.

75

:

Now, there are different things.

76

:

We are talking about ransomware.

77

:

We are not talking about viruses.

78

:

We are not talking about other

malicious files because these can

79

:

damage the data, but , it will

not prevent you from accessing it.

80

:

Ransomware prevents everything.

81

:

You, you can't use your keyboard.

82

:

You can't use your mouse.

83

:

You can see that there is a screen a

banner that appears on your computer.

84

:

And then it says in order for you

to view the data, pay this much

85

:

money, normally in cryptocurrency.

86

:

So you pay in Bitcoin because

then the transaction is anonymous.

87

:

So you can't actually figure

out who the money has gone to.

88

:

You just know to this wallet, you have

to transfer the Bitcoin, but that wallet

89

:

could be of a person, a company, a group.

90

:

We don't know.

91

:

And that's how you go for the attack.

92

:

So you have a phishing email.

93

:

The second way is an exploit.

94

:

It's always recommended that we

update our software regularly.

95

:

Now, why?

96

:

Because sometimes there is a

vulnerability in the software

97

:

that gets patched with an update.

98

:

Patching means you fix the problem.

99

:

The problem in your operating system or

the software that you're trying to use.

100

:

In case anyone tries to take advantage

of that vulnerability in the non

101

:

upgraded version of the software

or the operating system, then

102

:

that means you can get exploited.

103

:

So the same thing happened with NHS.

104

:

Windows 10 was out.

105

:

They were still using Windows XP.

106

:

Microsoft has dropped support

for Windows XP a long time back.

107

:

They don't release any security

patches, so if there is a vulnerability

108

:

in XP, someone can exploit that

vulnerability and get access to all

109

:

the information on the computer.

110

:

Now, that was exploited to get

access and lock all the files.

111

:

I don't know if they paid the money,

but this is a type of extortion.

112

:

So you have to be very careful of what

you're trying to click, where you're

113

:

going on the web on the internet.

114

:

And what are you clicking?

115

:

Are you downloading a safe file?

116

:

Because anything can happen.

117

:

It can download a virus on your machine

or it can lock your machine completely.

118

:

Rinat: I hadn't actually thought about

all the different types of malicious

119

:

emails or malicious approaches that

you could, we are facing it all every

120

:

day, but I didn't really think about

the categorization the way you just put

121

:

it . Some of them are trying to harm

your data or corrupt it but ransomware

122

:

is different in a way that it will keep

the data, but it will lock you out of it.

123

:

So you can't use anything.

124

:

And I imagine that even if you reset

your computer or turn it on and

125

:

off, none of these will help at all.

126

:

Just to be clear about

the severity of this kind

127

:

of attack.

128

:

So in our past episodes, we've

talked about various ways, how you

129

:

should be careful on the internet.

130

:

We've talked about deep fake, we talked

about scamming and phishing earlier

131

:

as well on, on dedicated episodes.

132

:

So let's just put ransomware in its place

among all of these different things.

133

:

Ransomware is a piece of

software, which you don't want

134

:

it in your Computing IT systems.

135

:

Just like virus, you don't want a

virus to be , in your IT system.

136

:

And the way ransomware would try and

get access to your IT system is similar.

137

:

A lot of the times it is social

engineering, trying to find a

138

:

way that you unintentionally

have it downloaded or installed.

139

:

It's very rare that they can actually,

hack into a secure system unless you

140

:

provided a way for them to do that.

141

:

So this is why it's so important to be

aware of all the different ways they are

142

:

trying to get access to your IT system.

143

:

And now once they get access, there

are , different kind of things that

144

:

this malicious group would want to do.

145

:

One is to trick you to send money

over to them, which is a scam and

146

:

phishing as we talked about earlier.

147

:

Maybe say that, there was a

unauthorized purchase with your

148

:

PayPal account and you've got to send

money to this account and whatever.

149

:

So that's scamming and

phishing, et cetera.

150

:

And then there are ways like viruses,

which will actually harm or corrupt

151

:

your data or your IT system, which

is another thing that they will

152

:

threat you in terms of ransomware.

153

:

But yeah, we have access and we will

delete it or, completely destroy

154

:

your data if you don't pay up.

155

:

So that's all of these things

are one way or another related.

156

:

The way ransomware would try

and get access to you to your I.

157

:

T.

158

:

System is the same as,

phishing or scam or whatever.

159

:

How a virus gets access.

160

:

So that's the part we need to

be really careful and vigilant.

161

:

And in order to protect yourself,

your assets and your data, which

162

:

are all very valuable nowadays.

163

:

even if you are a non techie

person, you should have this kind

164

:

of understanding just so you can

protect your assets and property.

165

:

And, data is a valuable property nowadays

anyway as well as your actual physical

166

:

asset like bank account and money and

all the other finance and everything.

167

:

Everything is online now.

168

:

So it's very important even for non

techie folks out there, especially

169

:

a majority of our listeners to be

Aware of all the things that can

170

:

happen and how to protect yourself

171

:

from it,

172

:

Amit: When we talk about ransomware we

think, okay, why am I getting targeted?

173

:

But as I mentioned earlier,

you are not getting targeted.

174

:

You just got scammed or you clicked

on some link or you downloaded

175

:

an attachment or you went to

a website that was malicious.

176

:

And the moment you went, you

opened something and it downloaded

177

:

something on your computer.

178

:

So that's how it happens.

179

:

So you're not targeted.

180

:

You just fell a victim.

181

:

Let's look at what actually

happens in a ransomware thing.

182

:

So something gets delivered

onto your machine.

183

:

And So you download it, you

install, it, gets installed

184

:

automatically, et cetera, et cetera.

185

:

So something gets installed

on your machine.

186

:

Once it gets installed, it

starts doing various things.

187

:

So how does the ransomware lock you out?

188

:

One way is it encrypts all the files

on your machine, and encryption

189

:

means that you're putting it an

in an envelope and you're locking

190

:

it with a code or with a key.

191

:

And if you don't have the key,

you cannot open the envelope.

192

:

And that is in a sense, encryption.

193

:

And it basically means

your files are there.

194

:

You can see it, but you can't open it.

195

:

So that's one way in, in which ransomware,

blocks you access to your files.

196

:

The other way is putting a lock screen.

197

:

It locks you out of the system.

198

:

So whenever you start a machine, it

asks you for your username and password.

199

:

Same thing with your smart devices.

200

:

So it asks for a

fingerprint or a pin code.

201

:

That locks you out.

202

:

So you even cannot get in.

203

:

So forget about seeing the file.

204

:

You can't even get in to see the file.

205

:

Okay, so that's one way.

206

:

The other way is, it

doesn't allow you to boot.

207

:

So when you switch on the power button, It

doesn't load the operating system because

208

:

that's the first thing that happens.

209

:

The BIOS starts and it looks at the

master boot record and it looks where

210

:

the operating system is installed.

211

:

We've spoken about BIOS as well.

212

:

So it does all the check and then it tries

to load or start the operating system.

213

:

And in some ransomwares,

it prevents this as well.

214

:

So you can't even now start your machine.

215

:

You can switch it on, but nothing

will load and it'll just show

216

:

a screen pay this much money.

217

:

Okay.

218

:

Now there are different

techniques as well.

219

:

So in, in one technique, you pay the

money and you get a key like a code.

220

:

And you type in the code and

then it unlocks everything.

221

:

It decrypts all the files.

222

:

It unlocks your system.

223

:

It lets you start your operating system.

224

:

So that's one way.

225

:

The other way is it will prevent

access by showing you a countdown.

226

:

So it's 10 days.

227

:

If you don't pay the money in 10

days time, all the data on your

228

:

computer will be lost forever.

229

:

So these are different

types of ransomware attacks.

230

:

And we have to be very cautious and

aware that this can happen to us.

231

:

Okay.

232

:

Normally the things that we read in

the media are about big companies.

233

:

So a lot of big companies, they get

ransomware attacks and then they

234

:

have to pay money because they have

confidential information which they

235

:

don't want to leak because the other

part of ransomware is that they will

236

:

encrypt your file, they'll download

all the file to their machine and then

237

:

they will say, we will expose all your

secrets if you don't pay us the money.

238

:

So this is a kind of extortion and

this is what a ransomware is all about.

239

:

It's trying to extort money from you.

240

:

It could be 0.

241

:

015 Bitcoin BTC.

242

:

That's it.

243

:

But it's enough to it's enough for a

lot of people because they have millions

244

:

of computers running these ransomwares.

245

:

So yeah

246

:

Rinat: They could be , doing

this to so many people.

247

:

So even a small amount although not small

amount for the victim, 1, 000 or pounds,

248

:

and if they found a hundred victims,

that's a hundred thousand dollars or

249

:

pounds, whatever it's quite a huge sum.

250

:

And.

251

:

Again this is what really boggles

me that, to, if you agree to pay

252

:

the ransom, there is no guarantee

253

:

ever that they will give you

the decryption key, or they will

254

:

not delete your files anyway.

255

:

Or even, a likely scenario is that

they've just managed to block you out.

256

:

They haven't even got the

257

:

power to give you access

258

:

back.

259

:

They just need to

convince you to send money.

260

:

And after that, they don't have

any care in the world to whether

261

:

or not you get access to that

data, however important it is.

262

:

The people who can lock out

hospitals or NHS out of patient data.

263

:

And there might be critical patients

who might need that information, a

264

:

surgeon might need to operate in minutes.

265

:

And if they're okay to do that, then they

don't care about, whether the doctors

266

:

get those information ever, . We're

not professional, disaster advisors.

267

:

So , none of those are

advice in a professional way.

268

:

But what I would do is that it's never

worth uh, paying the ransom, because

269

:

first of all, there is no guarantee you'll

get whatever it was taken from you data,

270

:

whether it's locked out of your computer,

whether it's the hardware, if it's an

271

:

expensive gaming laptop or whatever you're

worried about, whether you're going to

272

:

get that back, or whether you're going

to get the data back, or whether or not

273

:

they're going to expose your secrets.

274

:

There is no guarantee of any of that going

your way, especially once you've paid,

275

:

they don't have a lot of information on

you, but they do know this for sure that

276

:

you are the kind of person who will pay.

277

:

So you're like the prime target

to extort you even further because

278

:

you've already taken their bait.

279

:

So I would never actually pay the ransom

because there is absolutely nothing

280

:

that to be gained from this scenario.

281

:

And actually this is from

personal experience as well.

282

:

When I was a, teenager, when the

internet was first about, I've

283

:

had accounts open with very easy

passwords all numbers, et cetera.

284

:

And that somehow did get leaked.

285

:

And have I been pwned, has

those passwords and I can see.

286

:

And then once I received these

Emails after every few months, I've

287

:

been receiving these emails, which

actually have my, that password.

288

:

It's all digits, like very easy, I

didn't use that in 15, 20 years now,

289

:

but I did have that as one of my very

first password when I was teenager

290

:

and internet was new back then.

291

:

So I see that password in the subject

line, all exposed and that kind of does,

292

:

make you skip your heartbeat a little bit.

293

:

And then in the message email message

body, it says that, , we have all

294

:

of your secrets and apparently we

have some of your videos , , because

295

:

I know that, no such thing exists.

296

:

That's why I could be confident because

at the time when I got those emails,

297

:

I was still a teenager even then.

298

:

So I would have been quite

scared if I, because I know that

299

:

no such thing exists anyway.

300

:

So it wasn't possible.

301

:

It didn't really apply to me.

302

:

And even nowadays, and sometimes

I get like transfer this amount of

303

:

Bitcoin to this address, and then

we won't share your secret videos

304

:

or whatever to be honest, even if I

did have any secret videos, share it

305

:

all you want, I don't really care.

306

:

But again this is really, I can see why.

307

:

Anyone, any regular person would be

really scared and they would do anything.

308

:

They could have like really secret

things that they don't want to

309

:

be exposed in any way, and they

actually don't have anything.

310

:

These emails that I've received.

311

:

Then I know that there is nothing.

312

:

So these emails are a lot of the times

they just have that old password which

313

:

has been leaked years ago and they're

just hanging on to that to make you

314

:

believe that there is something and

they're taking a chance and they're

315

:

sending these emails to a million

people and Out of those million people,

316

:

that password is actually correct.

317

:

So if you see your old password

and exposed in an email subject

318

:

line and then say something like

that, you are bound to be scared.

319

:

So this is why I would advise not

ever to give anything because they

320

:

don't probably have anything anyway.

321

:

And even if they do, there is no guarantee

that they won't share it anyway, right?

322

:

They're they are malicious people.

323

:

So they'll probably enjoy doing that

regardless and then the third thing

324

:

what I would say Which is an actual

preventative measure, for an individual

325

:

for a company They have obviously,

cybersecurity advisors, etc but for,

326

:

on a personal level, what I would say,

and this is something I do as well,

327

:

your data is important and valuable.

328

:

It could be like you

have a invention idea.

329

:

You want to patent it and

you've written it all down.

330

:

You've done the drawings and everything.

331

:

And that is in your computer.

332

:

And it is obviously a secret.

333

:

You don't want the world to know about it.

334

:

And there could be many other secret or

valuable assets stored in your computer.

335

:

And what I do is on a periodic

basis is have an offline backup.

336

:

It's not a cloud backup,

not an online backup.

337

:

It's not even attached to

electricity in any way.

338

:

So definitely do this . Set yourself

up every quarter of a year or every

339

:

six months or even yearly if you can't

be bothered with it too frequently.

340

:

But I would say every quarter

or six months is a good time.

341

:

You basically take all of your data

by a really big storage external

342

:

drive, take all of your data, copy

everything and have that external drive

343

:

disconnected from power and separate.

344

:

obviously they can say, still

be extortionate by, saying

345

:

that we'll share your data.

346

:

That's one way that

will still remain open.

347

:

But the other way is that, okay, you're

locked out and you can never get access

348

:

to your data or your, precious memories,

maybe your loved one has passed away and

349

:

you have their photos and videos , and

you can never have access to those.

350

:

So you will never be in that situation.

351

:

If you regularly back

your, all of your data out.

352

:

And I've spent a significant amount

of time in my life, sorting out all my

353

:

data from past, like from the beginning

of digital age and before that, which

354

:

I've scanned . And it is worth it.

355

:

I would still say that I still have that

peace of mind that everything I have.

356

:

From photos, videos, everything is

organized, documents and everything

357

:

is organized and easily backupable.

358

:

I've done that and I would

recommend anyone to do that.

359

:

So that's one area of, holding you

hostage is completely eliminated.

360

:

But then again, obviously you

still have that secret being shared

361

:

problem, which, if you have any idea,

please share with the rest of us.

362

:

Amit: Yeah.

363

:

So you've touched a good points and

I didn't know about your personal

364

:

experience, but , yes we did interview

Troy Hunt, who's the founder, who's the

365

:

creator of have I been pwned website.

366

:

And I, even my data has been

leaked and I have seen some of my

367

:

passwords online published as well.

368

:

The passwords are not

connected to you directly.

369

:

The passwords are just leaked.

370

:

It's like a password file, which has

a lot of passwords and you can maybe

371

:

connect to it because it's your password.

372

:

But if it's a very simple password Amit123

there could be millions of people with.

373

:

And they would have typed one, two, three.

374

:

So it's not related to you.

375

:

It could be millions of people.

376

:

And as you mentioned that the email,

the phishing emails or scam emails

377

:

are sent out to millions of people.

378

:

And even if one person clicks

that's money for them, right?

379

:

And with so much advancements, now it's

very easy to fool people because there

380

:

is so much technology around us and we

don't know how the technology works.

381

:

And That is one of the biggest

reason we are doing this podcast.

382

:

We want to educate people because there

are so many things about technology

383

:

that people don't understand.

384

:

You mentioned about backups.

385

:

You always need to have three backups.

386

:

One is local backup, one is a

cloud backup, and one is offline

387

:

backup, which is not local.

388

:

So local backup is anything on your

machine that you That you can access

389

:

easily cloud backup is anything on the

cloud and offline backup is an offline

390

:

backup, which is not connected, which is

air gapped, which is, which means there is

391

:

no internet connectivity and it is not in

your location because if your house burns

392

:

down tomorrow or if there is a burglary,

you lose that data because a lot of times

393

:

people steal the electronic equipments.

394

:

So if that is exposed somewhere,

or if it's not in a locker, then

395

:

of course you lose that data.

396

:

Of course, you need to

have a password manager.

397

:

So I have a password manager.

398

:

It's offline password manager.

399

:

But I store it on the cloud.

400

:

So whatever is getting stored is

actually password protected.

401

:

So even if it's on a Google

server, it is encrypted.

402

:

So it's not stored on the Google

server as a clear text file.

403

:

It's not like someone will click the

file and they will be able to read it.

404

:

No, you need a master password.

405

:

So that's how I secure myself.

406

:

You touched some of the

important techniques like, okay,

407

:

be aware, be this, be that.

408

:

And as individuals people

are getting more aware about

409

:

technology but it's the enterprise.

410

:

The challenges are that even with a

robust IT system and antivirus and many

411

:

other ransomware or virus mitigation

strategies, people still get fooled.

412

:

And as you mentioned previously,

that people are the last

413

:

defense against security and

if they fall, everything falls.

414

:

So that's why Most of the attacks

are focused on people rather than

415

:

on the actual software because it's

easy to fool people than software.

416

:

And one of the ways we can prevent all

these things is by educating ourselves by

417

:

making sure that we are clicking the right

link by verifying the source of the email,

418

:

by looking at whether the website is

HTTP secure or not et cetera, et cetera.

419

:

So there are various ways you,

which with, which you can stay safe.

420

:

Now, coming back to ransomware,

there is a very interesting concept

421

:

about, Why does ransomware goes

undetected by the antivirus?

422

:

Nowadays, if you have Windows

10 or Windows 11, it gets

423

:

updated very frequently.

424

:

Most of the browsers like Google Chrome,

Firefox, they get updated very frequently.

425

:

You get an alert asking you

to upgrade your machine.

426

:

A windows also gives you an alert

asking you to restart your machine

427

:

and get the update installed.

428

:

If you have not done it in a

while it automatically restarts

429

:

after five or six days.

430

:

So there are different strategies with

the companies are taking because there

431

:

are people who don't take these measures.

432

:

Now even after all these things,

ransomware uh, goes undetected and

433

:

what are the different techniques?

434

:

So one of the simple techniques

is that whenever you Create

435

:

a file on your computer.

436

:

It's written on the hard disk.

437

:

But there is RAM, which is random access

memory and it gets cleared all the time.

438

:

So what if the ransomware

stays on the memory.

439

:

It's never actually

written on the hard disk.

440

:

So an antivirus that is scanning

the drive C drive or a D drive,

441

:

it'll never detect the ransomware.

442

:

So it downloads, starts installing

stuff, locks your system down.

443

:

The memory what happens is the computer

takes the file from your hard disk.

444

:

It loads it into memory and runs it.

445

:

The RAM is quite fast, so if something

is loaded on the memory, then it

446

:

means that it can go undetected.

447

:

I'm not sure about the latest anti

virus techniques, where are they

448

:

scanning memory, but I'm guessing

that some of them are scanning.

449

:

So this is just one of the techniques.

450

:

The other technique is you go

fileless you don't have any files.

451

:

You try to be in a way that

there are no files created That's

452

:

how you evade the Antivirus.

453

:

The other way is that you Once you get

installed on one machine and then you try

454

:

to go get installed on another machine,

you don't have the same signature.

455

:

Rinat: Sorry.

456

:

Amit: you have the file list,

which is stored in the memory.

457

:

And then you have a code that changes

from one machine to another machine.

458

:

So suppose the antivirus detects

ransomware, malicious content.

459

:

And it stores it in its database and

then it tells now because it's in

460

:

its database, it updates everywhere,

every copy of it, wherever it is

461

:

installed, that this is the signature.

462

:

But the problem is that

ransomware changes.

463

:

So every time it changes

itself, it modifies itself.

464

:

So it goes undetected.

465

:

So that's called polymorphism.

466

:

And we have seen it in a lot of

movies, in lot of hacker movies where

467

:

they try to detect or stop the the

ransomware or some malicious content

468

:

from triggering a nuclear attack.

469

:

Because it's polymorphic code

because it's changing constantly.

470

:

The other is that it uses very difficult

or very sophisticated encryption

471

:

techniques, which even the antivirus

can't detect because it's not up to date.

472

:

So there are these things,

then the signature.

473

:

it manipulates the signature.

474

:

So suppose you are a good

software and you have a signature.

475

:

Now antivirus looks for

signatures of those files.

476

:

If it has a good signature, of course

it'll say, okay, it's a safe file.

477

:

What if you can get the good

signature on your ransomware

478

:

file or a malicious content?

479

:

So you can fake a signature and then

480

:

Rinat: Foraging.

481

:

Yeah.

482

:

Amit: so that way you can

evade the antivirus, the

483

:

antivirus say, Oh, this is fine.

484

:

I don't have to worry about it.

485

:

Other is obfuscation.

486

:

you look like a normal file,

but you're actually not.

487

:

So the moment you click on the

directory, it's actually an executable.

488

:

And this has happened

with a lot of viruses.

489

:

They look like a directory,

but they're actually a file.

490

:

So you think it's a folder, you double

click and you'll see some files, but

491

:

no, you've already started the antivirus

and the ransomware has attacked.

492

:

so these are some of the techniques

in which ransomware evades the anti

493

:

virus or anti ransomware softwares.

494

:

So now there are product categories

which are sold as anti ransomware

495

:

or anti malware things like that.

496

:

So yeah, so these are different techniques

in which The ransomware evades antivirus.

497

:

Rinat: Wow.

498

:

I've learned a lot, be a lot of

these things you just mentioned.

499

:

I didn't even know at all.

500

:

And some of those I understand like

polymorphism or some of the other

501

:

techniques, but one of the things

that really boggled my mind was going

502

:

file less to be able to do anything,

you need to, put something in the

503

:

computer and if you're file less, how

504

:

would you do that?

505

:

don't

506

:

Amit: is the thing.

507

:

The file is stored on your

computer on a hard disk, but it's

508

:

not executed from the hard disk.

509

:

It's executed from the memory.

510

:

And when it's written into the

memory, it can also be erased.

511

:

Memories are flashable.

512

:

So it means you can write on

it multiple times and you can

513

:

write multiple information.

514

:

So something that's loaded in the

memory doesn't stay in the memory.

515

:

So when you shut down your computer

and when you switch it on, you have

516

:

to open the apps all over again.

517

:

Windows has become better.

518

:

So it,

519

:

keeps the state.

520

:

And it shuts down.

521

:

So it keeps the state of the memory

and the apps are still there.

522

:

So now instead, so think like this,

instead of writing it to the hard disk,

523

:

what if you download a file, it doesn't

get downloaded onto your hard disk.

524

:

It gets downloaded onto your memory.

525

:

It's written there.

526

:

But it's not stored anywhere.

527

:

So that's how it's fileless.

528

:

So it's written on the memory.

529

:

It's not stored on the hard disk.

530

:

So it means the moment you turn it

off, the information is gone, right?

531

:

But if you don't turn it off and

your computer is on for a long period

532

:

of time and accidentally you do

something that triggers it, then it

533

:

gets installed and you are blocked.

534

:

And that's the evasion technique.

535

:

So antivirus can't detect it.

536

:

But a lot of new antivirus

537

:

Rinat: Yeah.

538

:

Amit: they are doing in

memory profiling as well now

539

:

Rinat: Okay.

540

:

So many innovative ways.

541

:

I do wonder if these guys put their

brilliance onto something good, a lot

542

:

of good things probably would have

happened, to come up with all of these,

543

:

new innovative ways to hack into someone

else's computer for malicious purposes.

544

:

Of course, to come up with these kind of

things and that works, that means you're

545

:

obviously very skilled and talented within

the IT arena and you could easily have

546

:

a, honest way to live a really good life.

547

:

And to be honest, the way obviously

as we mentioned earlier today, that,

548

:

yeah, if you scam a lot of people,

you end up, making a lot of money.

549

:

But, the amount of effort

they have to put in.

550

:

And, if you distribute all of your

returns, over that period of years.

551

:

And, actually how many people

are, taking the bait, etc.

552

:

It's, it feels like it's really going

to be difficult to make as much.

553

:

If you're that talented and skillful,

then you should probably be able

554

:

to make more and with less risk of

going to jail or being punished and

555

:

also making money ethically with

more peace of mind than doing this.

556

:

It's just really

557

:

Amit: think Rinat, you're missing the

point because we have very strict laws.

558

:

We know that people get imprisoned

if they kill someone or they

559

:

steal something from someone.

560

:

Yet it happens.

561

:

Yet it happens, right?

562

:

Yeah.

563

:

Irrespective of what, whatever

stricter laws we have, whatever police

564

:

we have, these things still happen.

565

:

People still kill people.

566

:

People still steal from people.

567

:

They get imprisoned.

568

:

We read about them in the news.

569

:

I'm pretty sure the people

who are doing this are also

570

:

reading about it in the news.

571

:

Yet they do this because sometimes

they don't have the fear.

572

:

Sometimes it just gives them a kick.

573

:

Okay, I can do this.

574

:

I can boast it among my peers, right?

575

:

Sometimes it's a state

576

:

Rinat: Hmm.

577

:

Yes.

578

:

Amit: sometimes you've

created a ransomware 10 years

579

:

ago, but it's still active.

580

:

It goes undetected and

it's working, but you have

581

:

moved on.

582

:

And a lot of these people, we

say that they are brilliant.

583

:

They are brilliant but you and

me all can also figure these out.

584

:

We just don't put the time and

effort to in that direction, right?

585

:

So some people have a constructive

direction and some people

586

:

have a destructive direction.

587

:

And sometimes what happens is they

create something destructively and

588

:

because they've learned so much,

they actually work for companies such

589

:

as an antivirus company or an anti

malware company, et cetera, because now

590

:

they can use their experience for by

creating these malicious software to.

591

:

Tell how to build your

software to detect them.

592

:

So this always happens.

593

:

Hackers become you have the

black hat hackers, the white hat

594

:

Rinat: ethical hacking.

595

:

Yes.

596

:

Amit: So forth.

597

:

Yeah.

598

:

Rinat: Yeah, there is a

obviously different perspectives

599

:

to each of these stories.

600

:

As we're talking about all of

these ways that ransomware or

601

:

viruses can attack your computer.

602

:

And you might think that, okay, these

are more of a a media situation.

603

:

We see on, a hacker movies

that , this is happening.

604

:

But in real life there, where would, who

would build a software as sophisticated

605

:

as, that can do this and that to

that question, I would say that I've

606

:

actually come across a software.

607

:

Yeah.

608

:

And the name of the

software is 888RAT, R A T.

609

:

And that's a proper hacker software.

610

:

And if that gets access to your

computer, the person who put it there

611

:

will have access to your webcam, your

microphone, everything and every file.

612

:

And you wouldn't even know about it.

613

:

You will be using your computer as is.

614

:

And it's aptly named RAT

at the end with 888 RAT.

615

:

So these kind of software, and

I only known about this one.

616

:

And I've known about it, but then

I can't, I don't have the courage

617

:

to even go to that website.

618

:

Cause who knows, by, I would probably

be thinking that I'm downloading

619

:

that software, but I'm probably

being ratted or being scammed as I

620

:

try to download, a lot of the times,

scammers can be scammed anyway.

621

:

So even to learn about it if I

wanted to really, dissect how it

622

:

works and everything, I would have

to create an offline machine with

623

:

a different wifi network than mine.

624

:

And then only I could probably feel

safe to do something like that.

625

:

And that's a lot of effort.

626

:

So this is what I'm saying, like to be

able to do or to want to do something, the

627

:

amount of effort you have to go through

628

:

is, is

629

:

Amit: in my college, I remember

the computer science students,

630

:

they build the software and it's

basically, um, what do you say?

631

:

It's basically this

server client software.

632

:

So basically there is a server that

communicates with the client and the

633

:

client gets installed on your machine

and the client knows where to send

634

:

the information and it's basically a

screen sharing screen sharing software.

635

:

So it shares everything

that's going on your screen.

636

:

It shares whatever you're sending from

your computer like keyboard or mouse

637

:

or input devices, and again, camera.

638

:

So anything that's getting input

it can send it and the client sends

639

:

it to the server and they built a

very simple software and they said,

640

:

okay, this is how you install it.

641

:

And we have this client server.

642

:

Concepts.

643

:

So zoom has a server and then multiple

clients, and then you share your screen.

644

:

Now imagine if everything goes

in a malicious way where you hide

645

:

everything, you hide the interface,

but everything is still being shared

646

:

without showing you the interface

that your screen is being shared.

647

:

Rinat: How dangerous is that!

648

:

So you might be thinking that, okay,

this is really difficult to achieve

649

:

and whatever, but it's actually,

something that we have right now.

650

:

As Amit, you mentioned, you probably

have zoom or some sort of other meeting,

651

:

remote meeting software installed already,

is this the same kind of software?

652

:

Without the interface.

653

:

So they didn't even have to spend time

on programming how it should look like.

654

:

They just said, okay, it

shouldn't even look like anything.

655

:

They can just do the background stuff.

656

:

So it's actually very

much doable and exists.

657

:

So definitely something to be aware of.

658

:

But also at the same time, I feel like

we talk a lot about to be cautious from

659

:

this and cautious from that, which might

put people off technology altogether.

660

:

We don't want to do that.

661

:

Definitely embrace the

advancement of technology.

662

:

Just do it carefully and have

a bit more attention to detail.

663

:

The more advanced things are going

the more, vigilant you should be in

664

:

anything, like even before the age of

computing, as you said, someone may

665

:

forge the digital signature that, say

Microsoft digital signature, you can

666

:

pretend to be Microsoft by doing that.

667

:

That was happening before with cheques.

668

:

People would forge a

669

:

check with someone else's signature

and take out money from bank.

670

:

So all of this, and

how would you check it?

671

:

You need it to be vigilant to

make sure that this is your

672

:

signature so it's the same thing.

673

:

You be vigilant in your digital world.

674

:

Amit: One of the things you mentioned

is that we don't want to off put

675

:

people from technology by saying

that you have to be cautious.

676

:

It's like using a knife in the kitchen.

677

:

People don't stop using a

knife in the kitchen to cut a

678

:

bread or to cut a vegetable.

679

:

We know it's sharp.

680

:

It can cut your fingers, yet we use it.

681

:

We're just careful.

682

:

So it's technology, something similar.

683

:

So our technology is useful, but you

have to be careful because you don't know

684

:

how it's being you how it can hurt you.

685

:

Yeah.

686

:

Yeah.

687

:

Rinat: Absolutely.

688

:

That's a good analogy.

689

:

Yeah, it's been actually quite

an eye-opening conversation.

690

:

Amit, I've really enjoyed that and

hopefully our audience found it

691

:

useful too, and will have positive

behavioral changes as we navigate

692

:

around the internet, thank you

everyone for listening and hopefully

693

:

we'll see you guys again whenever

we come back with our next episode.

694

:

Amit: Thanks guys.

Chapters

Video

More from YouTube