Ken Dwight, CEO of The Virus Doctor, joins us to talk about all of the things that can go wrong when you are not protected against viruses and malware.
Please excuse any typos in this hasty transcript.
Jay Curry: Hello Texas, welcome to the Texas Business Radio. We have a power packed program today. We’re talking about the Internet of Everything. IoT, I think is the way that Ken calls it. We’ve got four great CEO’s coming in here. We’re going to talk about forensics. How do you go back and figure out what happened in the past. That’s going to blow you away folks. You’re thinking computers. We’re talking about; they’re monitoring your heart rates. They’re monitoring where you are and how your rates going up and down. Were you really in that accident? It doesn’t show you got excited. Really powerful stuff. Coming up, we’ve got a specialty software company. Oh this can be so good. And maybe the best of all, George, is this segment on viruses and ransomware and things of that sort. What do you think?
George Walden: Oh, I’m very excited. The truth is we’re talking to the virus doctor today and we’re going to learn about ransomware. We’re going to learn a little bit about what’s going on with Equifax.
Jay Curry: The latest and greatest things. This is going to be interesting. So in the studio we have Ken Dwight, “The Virus Doctor”. That’s your official name, right?
Ken Dwight: That’s it.
Jay Curry: Ken, we are delighted to have you here. We’re going to learn a lot. And we’re going to learn maybe, some things we ought to do and some things we shouldn’t do. So, but let’s start with what is “The Virus Doctor” all about? What is that?
Ken Dwight: Well, “The Virus Doctor” is the DBA for a company I started, oh, way back in 1972 as a computer consulting firm. But I really developed a specialty in viruses in 2002. So it’s been about 15 years now. And that really came about as a result of a particular client situation I had. That called me and said “There’s something strange happening on our computers. Can you come help?” And I did. It didn’t take long to realize it was a virus. But prior to that, viruses had always been just pranks and bored kids and, and mischief. This was the first one I saw that was actually making money at it.
Jay Curry: The beginning.
Ken Dwight: Yeah. When I came to realize that, I thought, yep, the whole world is different from what people think they know about viruses. Somebody needs to get the word out. So I became the Paul Revere to say “The viruses are coming, the viruses are coming!”
Jay Curry: So this is, this isn’t giving away too much but you and I are probably in the same generation. And you were involved and saw this early. So this isn’t like you just got out of college and you took a few courses. You have lived this for many years and actually wrote a bestselling book on the, on the topic. Right?
Ken Dwight: I did it. It was called “Bug Free Computing, Stop Viruses, Squash Worms and Smash Trojan Horses”.
Jay Curry: I love it. Boy, things have gotten much more sophisticated since then.
Ken Dwight: Yeah. Yeah. That’s 15 years ago.
Jay Curry: Right.
Ken Dwight: Yeah. Well, not, not quite 15, it came out in 2005, second edition in 2006. But obviously things are much more sophisticated than then, than now than they were then. So, everything I say in the book at the time is still accurate. But a lot of the Web sites and the screenshots and things are obvious are…
Jay Curry: And it’s much more sophisticated now.
Ken Dwight: Much more.
Jay Curry: They maybe accomplishing the same things but they were much better at doing it.
Ken Dwight: Yeah.
Jay Curry: Talk to us about ransomware. That’s one that, I know my CEO’s are, you know, they almost shake when they hear about that.
Ken Dwight: Ransomware is a huge deal. It has become by far the most prolific form of malware out there because it’s really easy money for the bad guys. And generally what happens and if anybody hasn’t heard the term and doesn’t know what we’re talking about, basically you get hit by a virus that goes out and encrypts all of your data files. An encryption is a technique that was used as a security measure to keep people from being able to see what was in your files. And that’s a good thing. Unfortunately the bad guys have turned it against you because they encrypt your files and don’t tell you how to get them decrypted, unless you pay the ransom. So that’s where the term ransomware comes from.
Jay Curry: So one day you wake up and you’re, you can’t access any your files, there all been encrypted.
Ken Dwight: Exactly.
Jay Curry: Which means they could be decrypted. That, it’s not like they delete them.
Ken Dwight: It theoretically means that could be decrypted.
Jay Curry: Yes. So, does that not work? And they’ve also figured out how to work around the anti-virus and so on.
Ken Dwight: That’s pretty much a given. Yeah. They, they all, before they even release them, they test against all the anti-virus programs to make sure they will not be detected.
Jay Curry: Holy smokes.
Ken Dwight: So it’s quite a game of cat and mouse.
Jay Curry: It is unbelievable.
George Walden: So is this a situation that’s getting worse today? I mean…
Ken Dwight: Absolutely.
George Walden: Wow.
Ken Dwight: Yeah. The, it was really popularized right at four years ago. September of 2013 was when a program came out called CryptoLocker. Which was the first one to do this on a massive scale. The technique has been around for a long time. In fact, I mentioned it in my book. Again that was 2005. So, back then it was very crude and in a lot of cases they claimed they’d encrypted your files, they really hadn’t. But CryptoLocker really did and they follow best practices. So they really were encrypted and you really couldn’t decrypt them without the, the encryption key. They only, were the only ones that had.
Jay Curry: One of the things that made this particularly bad… I mean, I’ve always heard that if that happens, pay the ransom and just write it off and go. Because they increase the costs every day till you finally pay it, to the point it really hurts. You can just, they make a quick buck and get out and they would actually decrypt. Now they’re not doing that. Huh? What’s going on?
Ken Dwight: They may or may not now. And part of what’s happened is, it has been such a big money maker, that so many people have, have jumped on the bandwagon. A lot of them are buying code from other bad guys. They don’t really understand what they’re doing. And some of them just don’t have the technical capability to decrypt, even if you pay the ransom. And other said “I’m not going to bother. Just take the money and run”.
Jay Curry: Yeah. So folks, you can’t depend upon that anymore. This is very, very serious stuff. So let’s move to the second one then. Equifax crisis, this is… Wow! What, this is amazing. This really is amazing.
Ken Dwight: That’s…
Jay Curry: Tell us about it.
Ken Dwight: That’s bad news all around. And surely almost everybody has heard about this by now. As you know there are three major credit reporting companies in the U.S., Equifax being one of the original three. And in the last week they announced that about 143 million of, identities have potentially been compromised. That information has been hacked and available, it’s now for sale on the black market. And, the fact the breach happened in the first place was because of some really poor security practices on part of Equifax. The way they responded to it has made it even worse by orders of magnitude. In fact a lot of the experts are calling this a classic case of how not to respond to a crisis situation.
Jay Curry: Almost, on every step but there’s, what three hundred million Americans.
Ken Dwight: Roughly.
Jay Curry: I’m going to guess that’s counting children that don’t necessarily have Social Security.
Ken Dwight: Although, a lot of children do have social security.
Jay Curry: Yeah, they do.
Ken Dwight: But a 143 million out of 300 is still close to half…
Jay Curry: Yeah. That one out of, one out of every two.
Ken Dwight: Of all Americans. Yeah.
Jay Curry: And we don’t really know for sure.
Ken Dwight: And it has nothing to do with whether you’ve ever done business with Equifax. They have a file on you whether you are an Equifax customer or user or not. And so, kind of in the fine print they said “There also about 200,000 people whose credit card information may have been compromised.
Jay Curry: Okay.
Ken Dwight: And those be the ones who subscribe to their services or had actually had a working business relationship with a Equifax.
Jay Curry: I think people need to understand how poorly done this is because if you’re a business owner, there’s some real lesson, lessons here. Tell us a little bit.
Ken Dwight: Well, the first lesson is about protecting yourself against this type of threat in the first place. It turns out and without meaning to throw stones unnecessarily, the chief information security officer at Equifax had a bachelor’s and master’s degree in music composition. I don’t think that’s the background I’d be looking for in a CSO or CISO.
Jay Curry: But even the way management handled it after it came out, was…
Ken Dwight: Yeah.
Jay Curry: You know.
Ken Dwight: And there again.
Jay Curry: It wasn’t bad, it was terrible.
Ken Dwight: Yeah. So, and there’s still a lot of that, that we don’t know and a lot of it to, to still be worked out. Including, a lot of it in the court system.
Jay Curry: So, what, what should we do now?
Ken Dwight: In the case…
Jay Curry: Half of us have been compromised.
Ken Dwight: Yeah.
Jay Curry: What should we do?
Ken Dwight: In the case of Equifax and that situation in general, the only real protection that, that most of us have, would be to put a credit freeze on our accounts with all three of the credit bureaus. And that will pretty much keep any new identity theft from occurring. But also if you’re planning to buy a new car or buy a house or rent or apply for a job or a credit card, then you’re going to have to, at least briefly, unfreeze that credit.
Jay Curry: Talk to me just a minute about, what’s that mean? Do we call each of the three and tell them we want to put a freeze. And can you take that off? Give us a little information on it.
Ken Dwight: In general terms, you can either go to the Web site or call them and say “I want a credit freeze”. And there’s normally a charge, it’s nominal, I think 10 or 11 dollars to put the credit freeze on. As part of that process they’ll give you a pin. So that if you need to unlock it for any reason, for any particular inquiry or length of time, you have to have that pin.
Jay Curry: Good. Folks, I hope you’re listening. This is really powerful stuff and you need to be aware that this is going on. Is there anything that a CEO can do for, like on virus, where can, can they contact you? Will you come in and do an assessment? What do they do upfront?
Ken Dwight: Sure, I do that. They’re welcome to contact me at my web site, Thevirusdoc.com.
Jay Curry: Thevirusdoc.com
Ken Dwight: Right. I also train a lot of other techies to do what I do. And so, if you’re not in the Houston area, I have, have trained technicians all over the country, in fact, internationally as well. One quick piece of advice on ransomware. If your technicians says “Well, the only thing we can do is wipe everything and reload.” (BUZZER SOUND).
Jay Curry: Don’t do it.
Ken Dwight: Wrong answer.
Jay Curry: Don’t do it.
Ken Dwight: That has never been a prudent or even necessary step in the case of ransomware. Because with ransomware, your computer, well, it’s a long story.
Jay Curry: Just don’t do it.
Ken Dwight: Don’t do it.
Jay Curry: Okay. Folks we’ve been talking to Ken Dwight, “The Virus Doctor”. You can reach him at thevirusdoctor.com.
Ken Dwight: Nope. Just thevirusdoc.com.
Jay Curry: Just thevirusdoc.com. All right. We got to go pay some bills, take a break. This is going to be a great program. We’re just getting started, so hold on, we’ll be right back.
Sponsored in part by:
Jay W. Curry
Along with hosting “Texas Business Radio”, Jay is a Professional Certified Coach and Master Chair facilitating four Houston-based Vistage peer groups. In addition to being a best selling non-fiction author, the 2015 release of his award winning novel, Nixon and Dovey: the Legend Returns, adds novelist to his title. Jay holds a BS in Mathematics from Oklahoma State and an MS in Computer Science from Kansas State. You can learn more about Jay HERE.