What Is Ransomware and Why Should You Care?

You found the backup wrap up your go-to podcast for all things

backup recovery and cyber recovery.

In this episode, we answer a question that gets searched tens

of thousands of times every month.

What is ransomware?

Honestly, if uh, you think you know the answer, the game has probably changed.

Today's attacks always, or almost always include what we call a double

extortion attack, where they threaten to publish your dirty laundry.

If you don't pay up, imagine the worst email anyone at your group has

ever written on the evening news.

We'll break down both types of attacks.

Talk about why literally everyone is a target.

And discuss why the odds of you getting hit are basically a hundred percent plus.

I talk about my new book with, uh, WR, that I wrote with Dr. Mike Saylor.

And, uh, I hope you enjoy it.

By the way, if you don't know who I am, I'm w Curtis Preston, AKA, Mr.

Backup, and I've been passionate about backup and recovery for over 30 years.

Ever since.

I had to tell my boss that there were no backups of the database that we just lost.

I don't want that to happen to you.

That's why I do this.

On this podcast, we turn unappreciated admins into Cyber Recovery Heroes.

This is the backup wrap up.

welcome to the backup wrap up.

I'm your host w Curtis Preston, AKA, Mr. Backup, and I have with

me Prasanna, the subnet mask.

Molly Andi, how's it going?

Prasanna.

Yeah, I probably deserved that.

Uh, I fell down a YouTube rabbit hole and spent many, many, many, many hours

and redid my home networking to make it look nice and spent way too much money.

Oh, you spent a, oh, I didn't know you spent a bunch of money.

You just said you like redid things.

I just thought you just like, you know, move cables around or whatnot.

no, it was also like buying a mini rack and a UPS and a NAS and a switch.

Yeah, and some network cables to make it all look nice and

Yeah.

yeah,

it looks really, really good,

yeah.

Yeah.

You spent a few dollars.

There was a few years ago.

You may recall when I did, I had my, my wifi project 'cause I

was tired of like my way too many smart devices that didn't have a, a wifi.

A reliable wifi connection and that, that's, that worked out

really well for me since then.

That was like a few years ago now.

Yeah.

Yeah, I

remember that.

yeah.

So it's been nice to, to have a reliable wifi connection.

So I wish you all the best.

so what, what do you think if you woke up one morning, you know, you

went into work and then all your computers have a little screen on

'em that start talking about Bitcoin?

Yeah, I would just turn around and walk right out.

Yeah.

Yeah.

gonna be one of those not so productive days.

How

Yeah.

You know, I think about your, your current employer, they've

got one or two computers.

Can you imagine?

Right.

Uh, yeah.

I mean, the bigger you are as a company, the bigger target you are

I agree with that statement, but I also think that that's sort of the danger,

Uhhuh?

in that situation, because smaller companies might think, Hey,

they're going after the big guys.

I don't need to worry about this.

But as we all know,

everyone is a target.

Yeah, we're talking of course about ransomware.

I think that's, is that how it's pronounced?

Ransomware?

Um, and, uh, we're, you know, I, I thought we'd, with the upcoming release of.

My little book here.

By the way, for those of you watching us, uh, or listening to us on, uh,

you know, apple Podcasts or whatever, you can actually watch us on YouTube

and you get to see, I've now got wall art with the picture of my upcoming

book that I wrote with, uh, Dr.

Mike Saylor

Learning Ransomware Response and Recovery.

Uh, it's a. Lizard?

I don't

No.

Have you named the lizard?

Oh, If I give it, you know, I've never named any of the other ones.

Like, you know, I've got the garal over here and I got the seven banded armadillo.

I don't have,

I think you should name them.

you think I should

name 'em?

think so.

I.

I'm gonna call this one Prasanna.

I knew you were going to do that, especially after you had named your Tesla.

Yeah, my Tesla is called It's Prasanna's Fault.

Uh, yeah,

it it is your fault that I have a Tesla.

100%. So, uh, yeah, we're talking about ransomware and I thought we'd do a

little bit, you know, again, celebrate the, the upcoming release of the book.

We're gonna, like, just, we're gonna be talking about ransomware for

quite a bit, so if ransomware bores you, uh, you know, maybe you should

go watch some YouTube.

so I know that we're talking about ransomware in this episode, but

I wonder how many people in it

Mm-hmm.

don't know what the word ransomware is in the year 2026.

Like,

just

think that there's actually anyone in it who doesn't know what ransomware is?

Well, yeah.

You know why?

The Google Keyword Planner, which I use to plan my episodes.

What do you suppose the average monthly search for?

What is ransomware?

Uh

Oh.

I am gonna guess.

It's like per month,

10 million.

Oh, no, it's not that bad.

No, but, but,

but

but

10 to a hundred thousand times a month.

But here's the thing, here's my question.

How, how much, like, outside of it,

who cares about ransomware?

So, um, I, I'm, I think this is mostly it and it related people and,

uh, and so, you know, we're, we're spot, we're talking to those people.

So if you already know what ransomware is and you know, I don't know, go listen

to one of our other episodes.

Yeah, you might you always, everyone learns a thing or two let's talk about,

you know, what is ransomware and there, and there are sort of two flavors, if

you will, of, of a ransomware attack.

And I think that the second one is

becoming much more common, right?

interesting.

So I'll talk the first one because I'm not sure what the second one is

you're referring to, but traditionally,

Yeah.

A traditional talk about a traditional

ransomware

Yeah.

A traditional ransomware attack is where someone gains access to your systems.

They might encrypt your data,

Mm-hmm.

and then they ask for a ransom, right?

Usually Bitcoin

in order to provide you back the key to unlock your data,

and then they got smarter.

Because people were like, Hey, I don't need to pay the ransom.

Let me just restore from backups.

And so then they added an additional extortion mechanism where they would

exfiltrate some of your sensitive data emails, et cetera, and then say, okay, if

you don't pay us the ransom, that's fine.

If you could restore your environment, but we're then gonna release all this data

about your company that you may not want out in public, and therefore you really,

really, really should pay a ransome.

And you said you didn't know what the other kind of attack was.

Were they both The second

The first one

you did, the first and the second.

See, you

don't need me.

I don't even need to be here.

Um, yeah.

So that, so basically that second attack is what we, what we now

call a double extortion attack.

Right?

Uh, the, the original was sort of the.

The standard extortion.

Right.

Either give it, you know, but basically it's where the word ransom

came from or ransomware, because it's, you're ransoming the data.

You, I've taken your data essentially, and, and by taking

it, basically we have, we have made your data inaccessible to you.

It, we didn't have to take it.

In the sense of the way

a traditional like ransom would be, but we've essentially taken your

data away from you by encrypting it and you can have it back.

Right.

Um, you know, for the, you

know, for $1 million.

but I, I think though, even that first case, even though the

second one is more bulletproof from a threat actor perspective,

because they're more

likely to be paid, I think though the first one is still common in

consumer personal ransomware attacks,

Where someone opens an email, they encrypt your laptop, and they're

like, Hey, pay me some Bitcoin.

Because it's sort of a volume play, right?

They're looking to hit as many systems as possible, hoping someone pays out.

They don't really need to exfiltrate the data because what are they

gonna find on your laptop, your home pictures, and stuff like that,

Well, home pictures.

yeah,

like

I.

yes, there are some data.

There is technically it is our, there are data, but I'd never say it that

way.

There there is data on many people's home devices that

they would not want out there.

Right.

But then to filter that all out and to process it.

Right.

If you have a million devices

Yeah, well again, well, you know, the spray and pray, right?

So there basically, I'm gonna say there's a

a significant percentage of people that have

sensitive pictures and video on their personal devices that

they would not want out to

the world.

I'm gonna tell those people, please stop putting that stuff on your devices.

Right.

Um, you know, it, it, it's in today's world that is, you know,

I I, I'm not blaming the victim.

I'm just stating a fact that if that data is accessible in iCloud or, uh, you

know, or something like that, right?

Um, Google Photos, et cetera.

Uh.

It is possible that it will

get taken and, and, and, then leaked.

And I mean, look at all of the famous people that, that, have, uh, had their

basically nude photos leaked,

And, I think this is a good segue or analogy into that small business

case we were talking about earlier,

right?

Where an average home user might think, oh, I'm not a celebrity.

I don't need to worry about this stuff.

Yeah.

Yeah.

Well, uh, and, and again, think about, so it's not just, um, I

love using the phrase 11 herbs and spices, right, which is from KFC.

For those of you

that don't

know, that's a u it's a US thing.

But, uh, they used to always talk about their, that that was their secret.

You know, their, their, their, uh, what would their secret sauce, right?

The, you know.

It's not just like your, your secret sauce.

You might not, you're thinking, well, I don't have, uh, 11 herbs and spices.

I don't have some massive corporate secret that if it got

out, my company would be over.

I'm just, uh, an oil change

guy.

Right.

Um, so the question is, you know, is there anything.

On there that you would not want out?

Not not, you know, like I said, ip.

But have you ever searched on anything that maybe you shouldn't

have searched on a company computer?

Right?

Think about those kinds of things, conversations, emails that you had.

Where you talked about, let's just continue with the oil change guy,

where you talked about how stupid all these people are that come

in and they're always coming in.

They're supposed to do their oil at 5,000 miles and they're

coming in at 57,000 miles.

That was stupid.

In fact, there was a guy named

Steve, you know, and you just, you know,

or, or you're joking about never actually changing someone's oil or

Yeah.

Yeah.

Oh yeah.

Right.

Ooh.

Oh, that would be really worse.

Right?

Um, you know, I can think, um, there's a, there, uh, there's a

local, um, oil change company.

It's a bit of a non-sequitur, but there was an oil change company here

that, um, I caught them talking my wife into a injector cleaning service.

Every oil change.

They were charging her, and by the time I was like, why, why are

your oil changes so expensive?

She goes, well, they said I needed the thing.

And I'm like, oh.

My God, I was so angry.

I was, I, I, let's just say I read, I'm gonna write it.

So think about, you know, anything your company might have done ever

that would not look good in the local news.

That's the kind of thing that would go out.

You know, um, you know, emails between, and also emails that

you might not know about, right?

There may be people at your company.

I know that this is, you know, it's gonna surprise you, but not everybody at your

company is a, is a, what do you call it?

A, a saint,

right?

Think about that, right?

That is what a modern ransomware attack is, and I will say that.

Most of what we cover in the book is how to defend against a traditional

ransomware attack, because by the way, a new ransomware attack of

double extortion is still the old school of ransomware attack, right?

Um,

With a new

st with a new spin,

you still need to be able to restore your data and get to get your data back,

and then you will need to make a dec a business decision as to whether or not.

This secret, whatever it is, whether it's, you know, you know, your company

IP or uh,

embarrassing information, whether or not

you wanna allow that to go out.

yeah.

And if I think, go back and think about like the double extortion one, right?

One of the most famous ones that sticks in my mind is a Sony hack,

Yeah.

Yeah.

right?

Where someone got in, they were in the system, they exfiltrated a bunch of

emails where studio execs were mocking some of the actors and actresses,

and that did not go over well.

No, it did not.

Uh, I mean, they eventually recovered and, and I, and that's

what I want people to think about.

It's gonna be one of those things where you, you have to have a long-term, uh, you

know, view and you have to say, you know.

Long term, it's not good for us, uh, to pay the ransom because all you're doing

when you pay the ransom is to, uh, to tell the people that you pay ransom,

right?

And you are absolutely, just like in the real ransom world, you are setting

yourself up to be kidnapped again.

Yep.

In fact, that's where a lot of these ransomware as a service people do, right?

They still have that persistent connectivity into your environment,

and they sell it to the next person who then uses that to then hack

you, and you now, like you said, you have to pay the ransom again.

Yeah, exactly.

Um,

Well, you know, for a second there, I thought you were going to say

that it's okay to continue writing emails like that and other things and

never learning from your mistakes.

You should learn from your mistakes.

I bet you Sony learned not to talk about their talent in the emails.

Uh, I'm sure they still talk about their talent, you know, talk about their talent.

They just don't do it in email.

Although I have to say, people continue.

To amaze me in terms of what they continue to talk about in email in today's world.

You know, given or or text.

Yeah, text.

Right.

Um, and, uh, like, yeah, because, you know, well anyway, but the

thing is, the thing about all that stuff, all that stuff could come out in a, um.

In, in an attack.

And so there are things and we're gonna talk about in, in, in upcoming episodes.

We are, we are at our heart.

We're still a backup and recovery, uh, focused, uh, podcast.

But you, in a modern world, you need to be, uh, aware and to understand

the threats that your backups have.

And I don't know anyone that would argue with the following statement.

Ransomware is the number one threat to your backups, um, and the number

one reason that you need your backups.

I was gonna say, Billy is the number one threat to your backups.

What?

The random person who might go and just like blow up your environment, but

Billy, Billy Billy's, uh,

sorry,

Billy.

not to.

Yeah.

You know, technically that could be my first name.

You know that right?

The W. The

but it's not

but it's

but it's, it's interesting point you made because if you look at, I'm, I'm just

looking at the poster behind you, right?

Your, your book, right?

And it's really like ransomware response, right?

Which I think everyone thinks about, but I

think that key thing is the last piece, right?

The recovery

Yeah.

Yeah.

right?

Backup is crucial

in recovering from ransomware.

yeah, exactly.

So, so the, you know, and, and this is the, this is the tack that

this podcast and that book takes.

There are a million books you can go by on how to not get ransomware.

Our book basically starts from what they call an assumed breach.

Um, you know, a position, which means you're probably gonna get ransomware.

The odds of you as a company not getting any ransomware ever are virtually nil.

So you need to be able to respond to that and to recover.

And, and the, the, the position of the book is that you need

to have these discussions.

Now.

You need to make the decisions.

Now what are we going to do?

When we get a double extortion attack, right?

Think about the worst thing that your company has that

you don't want getting out.

What are we gonna do when some Russian, um, you know, company comes

to us and says, you know, you know, we have this stuff and what they

do, by the way, what they do is they post it on like a proof site, right?

Um, you know, they, they call it a Proof of life site.

Right.

Uh, just like, again, going back with the ransom

concept right here, here, here's the proof that we have your

data and that we can publish it

anytime we want to.

Um, you know what, you need to make all these decisions upfront.

Uh, you know,

if you're gonna be successful,

so I, as you were talking through this, sorry, I might have

looked a little distracted and I

you looked a little distracted.

because when you were talking through that, so we live in California, right?

You

know, the first thing that popped to mind,

What?

earthquake preparedness.

Right?

Really when you're talking about ransomware recovery, like everything you

talked about, have a plan ahead of time.

Figure out what you're going to do, all the rest

as kids, right?

You did the exact same thing, right?

You figured out, okay, if something happened, I'm going here.

Here's my little bag for school that contains like non-perishable

food in case I get stuck at school with water right here.

The emergency contact numbers, everything else, because being

prepared is half the battle.

Yeah.

Yeah.

Agreed.

By the way, um, just a funny little thing.

One of my, uh, uh, technical, uh, editors, right?

Um, uh, Gina, she, um.

She said, you know, the term assume breach means a lot different for women.

And I was like, she, I was like, I was like, uh, yeah.

Okay.

I didn't make up the term.

All right.

It's just a, it's, it's just an industry term.

Assume, breach.

I dunno what to tell you.

Um, anyway.

Yeah.

So, so you, you, I, I think the, the point that we're making right

now, and the point that the book makes is that you need to adopt.

The, the tack that you're probably going to get it, or at least that the

chances of you getting are significantly high.

It's not the same.

When we go back to again, to, to use your, your, your earthquake, uh, thing.

If you live in, there are certain parts of the country where natural

disasters almost don't get to you, right?

The only thing generally you're worried about is like fires, right?

You're not gonna get floods, you're not gonna get.

Hurricanes, you're not gonna get, um, you.

know, actually it's sort of you.

If you think, if you think about the country, our country, I don't know about

other countries, but if you think about the country, you pick your poison, right?

Do you want

hurricanes and tsunamis?

Do you want tornadoes?

Do you want earthquakes?

Do you want

massive forest fires?

My, my point was that depending on, there are parts where you

can pick, where natural disasters don't really go after you.

Um, I'm thinking like south, like not east, you know, like

somewhere

the DRE show

below the south.

I remember the direction.

Maybe there's nowhere you could go,

but the, but your odds are lower.

My point is.

There's nowhere you can go to lower the odds of a ransomware attack.

Right?

Um, and, and that's if, if you learn nothing from this episode,

it's that the odds and, and we go into the stats in the book, uh, the

odds of you getting a ransomware attack are, it's something like 80%.

Uh, you know, in terms of, especially when you look at over time,

right?

Over time, the odds of you getting a ransomware attack are

essentially a hundred percent.

Right.

Uh, and so the question is, there are a bunch of things that you can do in

advance a, to minimize, at least reduce the number of attacks that you get.

There are like the, the book does start out with, and we're, we're

gonna cover that in the podcast.

The book does start out with, here are some things that if you're not doing

them well, you're just, you know, you're, that, that person that never

changes their oil, you've gotta do some things and, and it will stop roughly

90% of the attacks when you look at.

So many of the stories that we've read, and they're like, oh, and they, you

know, they had a bad password and they didn't have MA and they, you know,

you're like, you know, it just kills me.

Or unpatched system

Yeah.

Unpatched systems.

Yeah.

All that stuff, right?

So there are some things you can do to significantly reduce the

frequency of a successful attack, but there are also some things that

you need to do in advance to prepare.

To be able to respond.

Right.

One of them is, uh, obviously backup and recovery,

right?

Having a solid backup and recovery system, um, that uses immutable storage, right?

We, we've, we, we talk about that a lot.

We talked about it in the last few episodes.

Um, you know, and then another I really believe strongly, and this is, you know,

this will sound like I'm, I'm shilling for

Mike, but I believe strongly in having a, a, uh, cybersecurity,

uh, service provider,

right?

Having somebody that this is what they do, right?

Look at, you know, even if they're just like doing a regular checkup

on what it is that you are doing, uh, but, but they can also provide.

SEIM/SOAR tools and XDR tools where they have like a volume discount, right?

And then they could potentially put in that, you know, and then you get, and, and

they can more importantly, because what matters more than the product you pick is

how it gets configured and they'll know

how to do that.

Right.

Um, anyway, we're getting ahead of ourselves.

Um.

Yeah.

Save those for later.

Come on,

yeah.

Um, but, but buy my book anyway.

Um, we, it's available for pre-order now.

I'm actually literally, right now I'm doing what's called the QC two, which

is the quality control number two.

This is the final,

When it's, so, do you have a date for our

Uh, it's gonna be, uh, yeah,

I think the official date is March and we're on, we're

on target for, uh, that, um, you know, we

have

so

a couple of things.

March, 20, 26.

Yeah.

So if you're listening to this after, then it's already out.

You should just go buy it.

And there's a companion site for the book that will be live

by the time the book is ready.

It's currently not live.

Um.

It's funny, I was, I was, I was using, uh, my French friend as I

like to call him Claude, to, to, to review the text in the book.

Right.

And, and I was like, Hey, look for any typos, look for any,

you know, bad URLs or anything.

And, and Claude was like, Hey, uh, that website that you're pointing

people to, uh, it doesn't exist yet.

I'm like, yeah, I know.

Trust me, I know I will get that website up before the site goes live.

So I've got like.

One month to get it up in there.

Uh, you'll be fine.

Yeah, so I'm

just gonna double check, see if there's anything else I want to cover on this.

So for people who want to pick up the book in

Yeah, yeah.

how do they get it?

So right now the, the, the one thing I can tell you is it's on amazon.com,

right?

It's on amazon.com and it's on O'Reilly dot com.

It, you know, it's wherever you buy books, right?

We'll, we'll have a link for it on the, the show website backup wrap up.com.

We'll have a link for it there.

And, um, and actually if you buy it there, I'll probably get an extra few bucks.

So, you know, feel free to do that.

All right.

Um, anything else that we need to talk about with the,

Nope.

yeah, so basically I'm gonna say ransomware is the number one threat

to the, to the stability of your data center and the business,

and it's a business problem.

Not just a technological problem, right?

It is a thing that could shut down your company, right?

It will shut down your company, right?

You

And it has in the

yeah, you look at um, you look at companies that have ceased to

exist after ransomware attacks.

You

look at companies that are significantly hamper.

I think the worst one that I can think of is actually not

a company, it's Costa Rica.

There's a, Costa Rica got attacked, the entire government got attacked and they

had a, or have a law that it's illegal for them to use taxpayer dollars to pay

ransom.

And so they didn't pay the ransom and basically, um, they

never got their stuff back.

And so they had to like rebuild essentially, whatever the.

I dunno if the right, if you say federal government, but essentially the, their

version of the federal government, like imagine rebuilding the IRS from scratch.

Right.

That's, that's what they had to do.

Right.

Um, so

So, uh, so, uh, adding to that,

Yeah,

um, I was thinking about, well, as you were saying, like what

is the most riskiest, uh, or costliest ransomware attack,

Jaguar Land Rover.

yeah.

Are they still

I think there's still recovering, I think it's like two and a half

billion dollars in counting.

So like three cars.

Um, they're not the least expensive cars on the planet, I'll just say that.

Yeah,

two and a half billion, including all their suppliers and everything

else that's been shut down.

wow.

That is just massive.

Um, and, and, and you know, for most people listening to this, they're

like, oh, well that, you know, they're just such a big company.

You know, just, just think about what you would do if literally any of your mission

critical servers just stop working,

right?

You can't

access orders, you can't access customers, you can't email your

customers.

You wanna let your customers know what's going on, but you don't

even know who your customers

are because your computers are locked.

It's I, it goes back to, I don't remember if you remember this,

but remember the dentist, MSP,

dentist, office, MSP, that got hit with ransomware and

all the dentist's office got

I do remember that.

I was a, as I recall, it was a Dallas company.

Um, yeah.

Um.

are you gonna do if you're a dentist and you're like, I can't email my patients.

The patient shows up and they're like, I would need a teeth cleaned.

You're like, I don't know who you are.

I don't have your records.

I can't entry you into my system.

All the rest of that.

Yeah.

Um, it, it's not a good day, so

just if you, if you're not doing much for ransomware, it's

time to at least look into it.

Um, feel free to check out my book and also, um, you know, following

episodes, follow us and, um.

You know, tell a friend, tell Prasanna, uh, that is a wrap.