Repelling A Ransomware Attack: Jeff Chandler of Z-JAK Technologies On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Authority Magazine
Authority Magazine
Published in
13 min readMar 14, 2022

Businesses and individuals must keep their systems patched with the latest updates. Vulnerabilities in common software programs are found frequently. We recommend that you make sure you’re on the notification list from your vendors for updates and set a regular schedule for applying those updates. 60% of breaches happen because of an unpatched vulnerability. Once a vulnerability is made public, cybercriminals are already at work trying to exploit that weakness.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Jeff Chandler.

Jeff Chandler has more than 35 years of experience as a developer, systems architect, business consultant, and insurance executive. Jeff is founder and CEO of Z-JAK Technologies which helps business owners who are frustrated managing their technology or worried about keeping their systems safe from hackers.

As a consultant, Jeff has worked with businesses, government agencies, and Fortune 500 companies advising them on their technology needs and security measures.

He recently authored the book “Hacked! What You Must Know Now to Protect Your Business Financials, Customer Data, and Reputation from Cybercriminals” directed at small business owners available at https://hackedbook.com.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in a typical middle-class family. My dad was one of those people who could never sit still. He always had a project going on around the house and liked to tinker with things. He always emphasized the value of hard work to me and my brothers. I really got my desire to take things apart and learn how they worked from him.

I was a teenager in the 70s so the first “computer” I got was a box that you had to physically hard wire and slide these levers back and forth to turn little lights off and on. Our first real family computer was a Commodore 64 we got when I was in high school. I didn’t really have a lot of other exposure to IT until college. I decided to pursue Engineering because I loved solving problems and that seemed like a logical career choice. It was a computer science professor in college who really inspired me to focus my career in IT.

As part of my internship program, I went to work for an insurance agent. He took me to the computer store to buy an IBM PC with 2 floppy disks. His instructions for me were to make it useful for his business. He wasn’t sure how, just make it work. I went to work observing his office staff and his clients to see what I could do. I ended up developing a piece of software that was adopted by a number of his clients and we started having to hire IT staff to keep up. I was thrown into the deep end programming, managing the rest of the development and IT support team as well as helping with sales. By graduation, I was completely hooked on pursuing a full-time IT career.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

At a former position in a financial services company, I was promoted into a role where I had responsibility to protect the network from cybersecurity threats. Directly seeing the number of threats we mitigated every day led me to devoting a lot of time making sure we were following best practices and staying on top of changing security issues.

I started my own firm and wanted to take everything I had learned working for that large business and adapting those techniques for other businesses. Most small businesses don’t have the kind of resources I had previously so I wanted to do what I could to best help them out.

Can you share the most interesting story that happened to you since you began this fascinating career?

Sometimes it’s just helping a business implement the basic protections they need like changing a default password. I helped one business where they were still using the default admin password on their router. It made them an easy target for the cybercriminals. Doing those simple things brings a lot of satisfaction knowing that we’ve prevented that business from becoming an easy target.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

Number one, you have to be a good listener with your team. Everyone on the team brings a unique perspective that can help make the business better. I’ve been in meetings where you think you know the right direction to go with a decision but taking the time to hear others’ opinions as well gives you more perspective. When you tell everyone what you think first, people don’t necessarily want to disagree with the boss. So, bring up the discussion topic and speak last after getting input from the team. It helps everyone to feel like they are a valuable part of the process.

Second, you have to realize that you can’t do it all yourself. In many cases, I’ve done a task previously and know that I can knock it out quickly. By letting your team work through a problem and coaching them (not telling them) how to solve it will help them to grow in their role and not just feel like an order taker.

Third, to me, is the accountability portion of being a leader. And what I mean by that is you accept responsibility when your team makes a mistake and then let them take the credit when they do something great. That really helps them to feel important and like you’ve got their back. It doesn’t mean they escape all responsibility for their actions, but they know you’re going to be fair about it.

Are you working on any exciting new projects now? How do you think that will help people?

I’m currently working through how to best model solutions for micro businesses of under 5 people. Those businesses are still at risk but seriously underserved by most other IT service providers. The goal is to find ways to cost effectively work with them while making sure they stay protected.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

I’ve been on the frontlines protecting businesses from cyber-attacks since 2012. The ransomware threat actors are constantly changing tactics so I spend time every day looking at the latest attacks and learning how I can protect my clients from them. I also take time to educate business owners on the threats I see and what they can do to protect themselves.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

Ransomware is part of the broader category you hear referred to as malware. Malware is any piece of software designed with the intent to damage your system or steal data. Malware includes viruses, worms, spyware, ransomware and others.

In the most common form of ransomware attack, a computer becomes infected and the software will encrypt any files it can access on that computer. The criminals will then demand a ransom to get the “key” that will unencrypt all the files.

In many cases, the ransomware code will wait a period of time before triggering. The wait time could be used to send a copy of your data to an overseas server or to just try and wait out your backups so that it will be more difficult for you to recover from the attack.

If the business has a good backup and can restore their files without the key, the criminals may still demand the ransom by threatening to release confidential information in those files. This is referred to as “double extortion” ransomware.

A newer form of ransomware is referred to as “triple extortion” ransomware. In this form, they use client data they were able pull from your systems and extort your clients for a ransom to keep their information private.

Another type of ransomware will just lock your computer until you pay the ransom. These will typically show a countdown timer. At the end of the timer, the ransomware will just wipe all the data from your computer.

Keep in mind that ransomware is a business for the cyber criminals. There are groups that specialize in just creating the ransomware and selling it to other groups that will then initiate the attacks.

As businesses get better as protecting themselves, the cybercriminals evolve and find new ways to gain access to your systems. Business owners should not follow a set it and forget type approach. If they don’t have an internal IT team, partner with a local expert to make sure they stay on top of the latest threats.

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

It’s not just businesses that are threatened by this. Anyone can be impacted by a ransomware attack. By clicking an email link, opening an unknown attachment or visiting a malware infected website, you can open yourself up to a ransomware attack.

The large businesses make the news, but many more small and medium sized businesses (including individuals) are impacted that you don’t hear about.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

First, notify your internal IT team or connect with a cybersecurity expert. They’ll be able to help determine what happened, then evaluate and implement the best course of action.

Once you’re able to confirm it was a ransomware attack, you should notify the FBI for them to take action.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

If you have a ransomware message pop-up, take a picture of the alert first. Then turn off that machine immediately. If you’re on a business network, disconnect it from the network. That will stop further damage to your network data.

Next, determine the extent of the data that could have been compromised. If the business is storing confidential client information, they should check with an attorney in their state about notification laws they will need to follow. Businesses in regulated fields will have strict notification procedures they need to follow.

Should a victim pay the ransom? Please explain what you mean with an example or story.

The FBI recommends that you do not pay a ransom to get your data. Paying the ransom does not guarantee you will get the unlock key and it encourages the criminals to continue their activity. Be aware that any software they send to unlock the computer could also contain malware.

In addition, if you send payment to someone on the Treasury Department’s OFAC list, you could face civil fines from the government for paying the ransom. OFAC maintains a list of people and organizations that U.S. entities are forbidden from doing business with.

That being said, I spoke with a business last year that did not have good backups and had no way to recover the data other than paying the ransom. Their only other choice was to spend months re-creating the data and they were fortunate to have the funds available to do this. According to the latest statistics, 60 percent of small businesses end up closing within 6 months of a cyberattack.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

More than anything, its smaller businesses recognizing they are just as much a target as the bigger companies. Once they acknowledge that, we can start evaluating where they’re at and implementing basic controls to help protect them. We recommend they start with a risk assessment process to see where they have shortcomings and then based on the severity, prioritize any issues that are uncovered. A cybersecurity consultant will have tools available to help identify vulnerabilities within their business.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

The shortage of cybersecurity professionals is critical right now. The latest numbers are somewhere close to a half-million unfilled jobs. The only way that gap can be closed is to be more aggressive about recruiting and educating people to fill those roles. This could be retraining of internal people or identifying young people that could be used with some vocational training. There are many talented people who could do this with the right training, and it doesn’t require a college degree.

Second, the criminals are creative and constantly changing their tactics so continuing education for cyber professionals is also essential.

Third, businesses need to make sure they’re budgeting for this increasing threat. Work with their teams and/or an outside consultant to ensure they have the right tools to do their jobs effectively.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

My list would be different depending on the size of the business so I’m going to focus my list on small businesses. These still apply to everyone but are issues I see more frequently in a small business.

  1. Businesses and individuals must keep their systems patched with the latest updates. Vulnerabilities in common software programs are found frequently. We recommend that you make sure you’re on the notification list from your vendors for updates and set a regular schedule for applying those updates. 60% of breaches happen because of an unpatched vulnerability. Once a vulnerability is made public, cybercriminals are already at work trying to exploit that weakness.
  2. Passwords are key to accessing any business or personal confidential information. Make sure you’re using strong passwords of at least 10 characters and that they’re different for each site. The only way to effectively implement this is to use a password manager. By using a password manager, you have one long, very strong password that you memorize to open a database that maintains the passwords for all of your other accounts. In addition, multi-factor authentication should be setup wherever you can. I highly recommend that you do not use a spreadsheet with a password on it to store your account passwords. A password on a spreadsheet is very easy to crack and there are easily available free tools that can do this. I’ve had people contact me because they forgot the password to a spreadsheet and my team was able to access it with just a few minutes effort.
  3. Make sure your computer(s), email and internet routers are protected from malware. Thorough protection requires many layers of security. You must protect your systems at every point that data enters or exits your network. Sophisticated attacks can come from an email link or attachment, visiting an infected website, or unsecured internet routers. You should have protection for all these components.
    Hackers have been known to clone popular websites with small misspellings in the hopes that someone will land on that site either accidentally or by clicking a link without properly verifying it. Once on the fake site, they’re able to collect information to steal your identity or download malware to your computer in the background.
  4. Make sure you have a good backup. Also, test that backup regularly to confirm it’s working properly. Do a test restore of a few files once a month to verify. Having a good backup will enable you to restore the data to a known good point and avoid paying the ransom for the key. I’ve spoken to businesses who thought they had a backup but never really checked that it was working. When the time came that they needed it, for many different reasons, they discovered it wasn’t backing up properly. The only alternative was to re-create missing files.
  5. Finally, you need to have training on security best practices. One of the largest vulnerabilities for a business are the people who work there. Most cyber security breaches are caused by someone falling for a phishing scam. Cyber security awareness training is readily available from a number of resources. We think it’s important enough that it’s included in all our support plans.

We will also send simulated phishing emails to help employees learn how to better identify what a sophisticated phishing email might look like. If an employee clicks a link in the fake email, they will be directed to a web page for spot training to help them understand what they did wrong. We even use this technique within my business to keep everyone alert. I’ve had more than a few people tell me they were confident they could spot a phishing email before they ended up clicking a link in one of our simulation campaigns (even a CEO).

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

I don’t think we do a good job introducing kids to these online threats. They’ve grown up with technology and it’s integrated into everything they do but they don’t have a good idea how to protect themselves. They are among the most vulnerable population and would benefit tremendously with more effort to educate them on the basics of cybersecurity. Many schools have programs to discuss social media dangers but don’t address the threats they face as they start getting those first jobs and banking accounts.

How can our readers further follow your work online?

I post regularly on my website blog at zjak.net. I’m on Twitter and Facebook @zjaktech. They can also connect with me on LinkedIn at https://www.linkedin.com/in/jeff-chandler-louky/

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

--

--

Authority Magazine
Authority Magazine

Published in Authority Magazine

In-depth Interviews with Authorities in Business, Pop Culture, Wellness, Social Impact, and Tech. We use interviews to draw out stories that are both empowering and actionable.

Authority Magazine
Authority Magazine

Written by Authority Magazine

In-depth interviews with authorities in Business, Pop Culture, Wellness, Social Impact, and Tech

No responses yet