Dead America

In addition to Greg's company CryptoStopper, which, provides ransomware protection by automatically detecting and stopping actively running ransomware attacks. They are the world’s first digital security product to offer 100% ransomware protection.

In addition, Greg also owns an MSP IT business and our company has been helping businesses recover from the Derecho (land hurricane) that just hit Cedar Rapids, Iowa, where he lives.

https://www.getcryptostopper.com/

https://kitcaster.com/greg-edwards/

Transcript Download

Interview Transcript

Ed Watters 0:00  

In our ever increasing technological world, with all the advancements, there are security issues today. Ransomware is one of the number one leading threats in the digital age. Hospitals, Governments, and personal computers all fall under attack from ransomware. Today we are talking with Greg Edwards, the creator of crypto stopper. crypto stopper is what you need to protect you in this digital age. Let's listen to Greg explain to us about ransomware and crypto stopper. 

To overcome, you must educate. Educate not only yourself, but educate anyone seeking to learn. We are all dead America. We can all learn something. To learn. We must challenge what we already understand. The way we do that is through conversation. Sometimes we have conversations with others. However, some of the best conversations happen with ourselves. Reach Out and challenge yourself. Let's dive in and learn something right now. 

Would you please introduce yourself and tell people exactly what you do, Greg?

Greg Edwards 1:47  

 Sure. So I'm Greg Edwards. And I've been in the technology field since the late 90s, which kind of shows my age.

But the the latest company that I've started is called crypto stopper. And what we do is detect and stop ransomware that's actively running on a business network. So my background is in technology. And I've started three different technology companies starting out in 1998, with a managed services business that I actually still own today. But in in 2002, I started an off site backup and disaster recovery company that we started seeing in 2012 started seeing these ransomware attacks happening and that happened to coincide with Bitcoin coming out. And so what transpired and what's happened is that because of Bitcoin, it's allowed cyber criminals to get paid completely anonymously. And that's why the the cybercrime that we have today has exploded so much. So as far as my background, I've, I've been a technologist, pretty much all of my life, and have started several different technology companies, the latest being crypto stopper,

Ed Watters 3:21  

right now, here in my local area, and I guess quite a few areas just got hit with the ryuk string of ransomware. And it was spread through a Google document. So our hospital is shut down right now due to ransomware. Could you explain to us what ransomware actually is?

Greg Edwards 3:46  

Sure, if fundamentally, all all ransomware is is just a an encryption method that holds files hostage, basically. So if you think about if you've ever used an application like WinZip, or seven zip that, that compress and encrypt a file, then that's exactly what ransomware does it they've just taken these criminals have taken that technology to take an encrypt and put a password on an on a file and taken that to the next level where they encrypt everything on a network and then hold that password as the as the ransom. And so to get access back to your files, you either have to recover from from backup, or rebuild or pay the ransom. I mean those really, I mean, once it's run, and the files have been encrypted, that's the only way to get access back to to those files.

Ed Watters 4:56  

I read that there's different types of ransomware Could you explain to us a little bit about that? 

Greg Edwards 5:03  

Sure.

So the the incident that you're you're talking about with ryuk probably actually started out as a malware called trick bot. So there and there are thousands of variants of ransomware out there. But this trick bot malware within the ryuk ransomware variant is the most common right now. And the FBI actually sent out a warning just yesterday, specifically to healthcare providers and hospitals, that that there is an imminent threat. And I mean, it's been happening. It's been happening for years. But right now, in particular, this, this group is Eastern European cyber criminal group is specifically targeting hospitals, and Ed, if you so so we maintain on our website, we maintain different decryptors for ransomware variants. And I think the last count, we were a little over 1200 different variants that we have identified. So so this is something that it's not like, they're just a couple out there. I mean, there there's probably a dozen that are the most common. But there are, well, at least 1200 different variants. And and certainly more than that.

Ed Watters 6:38  

That's just mind blowing. Wow, so who's the main target of these attacks?

Greg Edwards 6:43  

Well, so there's really not one specific target. Hospitals, obviously, right now, are a are a target. But I mean, I've worked with, with companies, everything from hospitals, manufacturing, law firms, insurance companies, I mean, it's across the board, the the targeted attacks on these hospitals, I don't know the exact reasoning behind that. And other than the potential for just chaos and causing even more problems during during COVID. And that they think that potentially they'll get paid faster, because the hospitals will want to be back up and running faster, which I you know, that to me is I mean, it's disgusting. But that seems to be the motivation right now.

Ed Watters 7:49  

Unfortunately. So why doesn't our regular antivirus software stop ransomware attacks?

Greg Edwards 7:56  

So that's a great question, and actually just earlier this week, and still, right now we're dealing with a law firm, that the this our system actually stopped the ransomware attack, that that was happening that got through the antivirus. So as you can imagine these variants with that many different variants coming out, and they change the way that those what they call a signature file of the individual variants, changes on a minute by minute basis. So antivirus just can't keep up with the number of changes that are happening. And so like this law firm, that that we're working, working with right now, they had our product and it stopped the ransomware attack, but we're digging in to see how exactly did it get through the the way that it initially looks, a user clicked on an attachment with an email that was a Word document, opened that it ran the antivirus actually caught part of it and notified the the user. But it really looks like that was just obfuscation to like, make the user think that something was stopped, but it was actually still running in the background. And then that's where our application kicked in and saw that ransomware was actively trying to run and stopped it. So I'm not I'm not sure if that completely made sense. But basically, the short answer is it it's changing so fast that the antivirus can't keep up.

Ed Watters 9:49  

Okay, you've actually answered a little bit more about my next question, is how your software helps people prevent attacks?

Greg Edwards 10:02  

to backup even further, and mentioned that with the off site backup company that I previously owned, and we started seeing ransomware attacks happening as far back as 2012. And the the core of what ransomware does is encrypt files. So antivirus wasn't stopping it. I mean, antivirus has never stopped every single variant of malware that comes out. I mean, there would be no, you know, if it did, the cyber attackers wouldn't, wouldn't still exist, because they wouldn't be able to make any money. But some of those attacks have always gotten through. And so what we did at the offsite backup company is built a tool that would deploy bait files essentially, throughout a network so that when an attack when a ransomware attack, started running, and got out onto the network, and was actively encrypting files, that we would be able to detect that separately from antivirus. And eventually, it made sense to sell the off site backup company and ransomware was becoming such a problem that we took that kind of very simplistic tool that we built, and turned it into a full application that now companies can buy download and and install on their network. But at the core of what it does is it puts bait files out on the network. So when those files are encrypted, then we take automated action on whatever process it is that's running that encryption.

Ed Watters 11:43  

Good way to stop an attack. So does crypto stopper run on any server? and How heavy is the software to deploy on your server?

Greg Edwards 11:55  

Yep, so it's actually very light. In it, it's server based and desktop or laptop based. And we're actually in the process of creating cloud, cloud drive variants, so OneDrive, Dropbox box, those kind of cloud based file storage solutions. But really, I mean, it's, it's less when you when you watch the process monitoring at a desktop or on a server. It's taking about a quarter of the of the processing power that traditional antivirus does. So it's it's very lightweight.

Ed Watters 12:35  

Interesting. So in your professional opinion, should these people be paying the ransom on these ransomware attacks?

Greg Edwards 12:45  

So I mean, that's a great question. And the easy answer is no. But it's not that simple. A lot of times these attackers will also delete the backups. And so So to give you give you an example, Garmin, the GPS company, they were hit earlier this summer. And reportedly I haven't seen official, anything official on this, but reportedly paid a $10 million ransom. And they obviously didn't have any other choice, I would say these attackers likely wiped out their backups. And so they didn't, they really didn't have a choice. Because they couldn't recover from backup, a company like Garmin, they couldn't just recreate that massive amount of data. So at that point, what else can a company do? Other than pay? So and actually, the Department of Homeland Security is started to get involved and has issued warnings that companies like Garmin or any company can't just pay those ransoms, because the people that are being paid are not these aren't legitimate US based businesses, so they're potentially paying terrorists to to get access to their files back, which is not legal to pay terrorists for anything no matter what it is. So that so there's a lot of complicated issues that go into whether a company should pay a ransom or not, and and certainly shouldn't, but sometimes there's just no alternative. And and even Government entities have paid ransoms. So we have we have an employee that worked for Lake City, Florida, and they were hit by a ransomware attack and paid and they wiped out their backups as part of that attack and they paid a $460,000 ransom as a, as a city government. So it's not just individual companies paying but it's government, nonprofit hospitals. It's all kinds of entities. So it's very complicated and whether companies should or shouldn't pay.

Ed Watters 15:23  

Wow. So the little guy like me and the mom and pop sitting around their little desktop computers, we get terrified when we hear about this big ransomware thing. You have what you call a ransomware response kit on your website, would that help people like me and mom and pop.

Greg Edwards 15:47  

So it would help just in the, in giving you some direction on what what you can do to identify and deal with the attack after it's happened. The best thing to do though, is to not put yourself in that position. And and again, this isn't something where we as individuals, or as companies can't do anything about it because we absolutely can. So as individuals, some of the basic things that absolutely should be done on on your PCs is to number one, make sure you do have a backup, make sure that it is it's a cloud based backup, and not just a drive that's always connected to your device, because what will happen if that, so you know, everyone should have a backup for sure, right. So A, do that, but then make sure that that's not just an external USB drive or some drive that's always connected. And the best way is to have that be an off site, online, backup that just happens automatically has a unique password that's separate from anything else that you use, and is cloud based so that if an attack happens, it can't also attack that separated backup. So backup is number one. Second thing is patching. So everyone's probably seen the pop ups that say you need to update Windows, or you need to update this application or you need to update Microsoft Office, you definitely want to run those updates and set your system so that it automatically runs the updates, the most common way that that these attacks come through, is through vulnerabilities in systems that are that are already installed on your computer. So the the attack with the law firm that we're working with came through as a Word document attachment, and then that attachment it exploited a vulnerability in Microsoft Word that allowed the attack then to run and that's, that can be stopped by having the system completely up to date. So patch management, making sure that all of the applications and the operating system are up to date goes that actually, today, I mean, goes further in my opinion, then antivirus. So the third thing is to make sure you do have antivirus and make sure it is up to date. But those are those are three simple things that every person that has a a computer and files that they want to keep, should be doing. Backup, make sure it's separated has its own password, patch management, making sure all the applications in your operating system are up to date, and then up to date antivirus, and making sure it stays up to date. And then on top of that all of that add crypto stopper.

Ed Watters 19:15  

That's some good advice. So from one bad thing to another, let's shift to what you're experiencing in your area. The derecho, that is a land hurricane. Could you tell people about what is actually happening, the situation down in your area?

Greg Edwards 19:35  

Yeah, so we're so I'm located in in Iowa, near Cedar Rapids, Iowa. So as you can imagine, being in the middle of Iowa, a hurricane is not something that we think is ever going to happen and I'd never heard of a derecho before this event. I you know, they've obviously happened before but it's not a very common occurrence. And we have, we have lots of thunderstorms. I mean, having a thunderstorm in the Midwest is very common. In that particular day, I believe it was August 10th, may have been August 11th. Either way. I was have been working from home and, and still working from home from the pandemic. And I took my dogs out for a walk, I knew I looked at the radar, and I saw that this thunderstorm was coming. But no, no major warnings. I mean, we have tornado warnings and severe thunderstorm warnings, no warnings, but I could see this on the radar, this rain that was coming. And so I wanted to take my dogs out for a little walk, I live on a small farm here in Iowa with about 50 acres and took the dogs out and went up. We have a big hill on our property. And I was up at the top of this hill. And I could see probably guessing it was about two miles away, I could see just this black wall of clouds coming at us. And so started thinking okay, well, this looks a little more severe than just rain, and started jogging toward the house. And I look, look back, and it's just bearing down on us. So I start running to the house. And just as I get the get with two big labs, just as I get the labs into the house, the wind just starts blowing, like, like nothing I've ever experienced. And, and I've heard in a tornado, which are pretty common here in the Midwest, that it sounds like a train coming by. And that's exactly like what this wind sounded like sounded like, like you were right next to a train coming by. And so I got into the house safely get go into my basement, because I think it's I thought that it was a tornado. But you couldn't see. I mean, it's pretty open here. And there wasn't a funnel cloud or anything. But I was obviously hurrying to get into the basement, got into the basement. And just you could just hear this train sound for lasted about 30 minutes. And finally, once once everything stopped, I came out of came out of my basement bunker and looked outside. I mean, there were trees, trees down lots of branches, we didn't have a ton of trees completely down and are on our property. But lots of branches down everywhere. Part of our roof actually came off and we had water damage in the house. And so I thought, Okay, well that and it still didn't know that this was a derecho at that point. And there weren't any. I didn't hear any sirens going off. And we live far enough out in the country that typically when there's an emergency event, you can hear sirens from the towns that are around us. Didn't didn't hear any of that beforehand, really had no warning that this was coming. So I really didn't know exactly what had happened. Still, at that point, I thought it was some sort of tornado event that just hit hit our property. But then as and power was out at this point, so no, you know, no connectivity to the outside world other than my my phone was still working. So I started to see reports of that this derecho hit and went to then went to leave and there were trees down across our our driveway. So I helped help my neighbor, clear their driveway and our driveway with chainsaws and got, you know, out into the community and then finally drove into Cedar Rapids. And it I mean devastation is really

all the only way that I can describe it. I mean it if anyone's ever seen a what it looks like after a tornado comes through. That's what it looked like across the entire town. There were in now the reports are that 50 to 75% of the tree canopy in the city of Cedar Rapids and this is a community of about 120,000 in the metro area, a couple couple of small towns combined. So about 120,000 and it looks like it still looks like a tornado came through the whole town. So this was about a 40 mile wide area. Where this this wind storm came through and and we were without power for a full six days. at our house, I luckily have a generator. So we were at least had some power. But there were there were places in Cedar Rapids, you know, you can imagine apartment buildings where people didn't have a basement to go to or didn't have, you know, that that were just destroyed. There were literally...