 Ransomware bites dental backup firm and getting to the root of this is just gonna leave a bad taste in my mouth I had to start out with a pun. This is a serious topic and It's a dental firm that was well crypto ransomware or at least used to facilitate Several hundred crypto ransomware installations on its clients and is is a little bit of an interesting story There's right here on Krebs. He gives a breakdown of what happened and it sounds like yes They're paying the ransom because well, they don't have those backups that they claim they have on their website And this is where I want to dig in a little bit deeper and talk about We just my bigger problem with this So I also noticed when they're sending these messages here that someone sent screenshots up to Krebs I noticed right away. This looks like screen connect and screen connect is a remote session tools It's now referred to I say screen connect because that's what is originally called and it moved to be purchased by Connect wise and now it is referred to as connect wise control really popular tool full disclosure We use it as well here at Lauren systems great secure software provided you set up two factor authentication set it up correctly I don't know the exact details of the attack and None of us do and I don't think perk soft is really going to give up that information And let's look at their website and this leads to some of the problems. I have with the IT industry in general If you're in this case specifically a dental office, but if you're a small business this becomes a big challenge of how do I pick a company? Let's look at their website pretty basic website really simple professional services digital Digital dental records. They're friendly speed knowledgeable 15 years of dental specific IT knowledge Why wouldn't you choose these guys right? Well, we know why now not to choose them But they claim to be PCI compliant and they're HIPAA compliant a matter of fact after doing a little bit of digging I found out that Percy who owns it high-tech HIPAA compliance and cyber security join us Thursday May 16th for an engaging two-hour Presentation with Percy Chabby who will be discussing high-tech HIPAA compliance and the security of your dental practice So here he is out public speaking Building up this whole clientele the presentation is going to talk about Windows 7 in the life the latest health case Healthcare cyber security threats HIPAA security assessments threat prevention Protection from a breach. That's a good one really really relevant high-tech active compliance PCI compliance and this just irks me quite a bit and I did verify this is there's if you go and this is a link from their website perks off that screen connect comm is Where they're hosting that here is their Facebook page Which we're also going to discuss this just for a second here, too Because I was first started here and there's admittedly they posted some updates here on Facebook Apollo I apologize for late response. We are working on hard and getting all the offices up and running We are continuing to work and continuing to work through the weekend and recovering offices We will continue to work on decrypting offices bringing networks online will update you again this morning So yes, they're actively doing this, but they're also actively This puzzles me seems like too soon to start this Why are there random reviews coming up? They haven't had reviews in a long time and now in the middle of a crisis people are dropping reviews I have and will continue to work and recommend Percy and his team and Someone else point posting Percy and his staff are great at what they do they care about their customers and then Carlos here replies This is all public You know my office been down for four days and still no communications how are you recommending where is your business located and It's starting a discussion There's someone that's seconding the review not a fake client. I I don't know it feels scammy when people start doing this And start dumping data out and trying to really push You know like oh, yeah, this guy this company is great Blah blah blah blah You know one is on there and I did verify looking up each one of these confirm Yes, Percy Chabby's the owner of it I looked up, you know, you can look up Wisconsin Department of Financial Institutions and it tells you who's on the business registration Etc. But like I said, this really brings up a problem in general that small businesses Especially small businesses face but it happens to the bigger companies as well is how do you find the right IT person? I don't have any easy answer But I think some hard questions should be asked before you choose on IT Does that IT company use multi-factor authentication? I'm willing to bet that that is what happened here and I've talked before many people I've talked with breach teams and Publicly Hunter Slabs the whole video and he'd run through breaches of some of these IT contractors And they're not as elaborate as you think they are simply reusing of passwords combined with not having two factor authentication and You should test your IT company. You should confirm with them. Are you using this? You know ask these hard questions. See if you get an uncomfortable answer. I I mean, I'm sure in the face I mean this guy is going around to big talks at dental Associations in events going hey, let's talk about cyber security, you know talk the talk But clearly not walking the walk I'm gonna bet you know money on it that that's exactly what happened in this case Because that's what keeps happening in all these cases with all these companies getting breach It's just a lack of internal security. They get real sales heavy Not tech focused not security focused hurry up get more customers get more customers And not stopping to think about the consequences of not running good solid security. Yes It does take a lot more effort to do things securely Yes, it is a real pain in a butt when I come in in the morning to have to look up You know is even my staff said who's a lot of numbers always got to type in they complain about it too We all complain about it, but we still do it That is just something that's part of the job Security is a real threat. It is a real Problem for small businesses, especially they're getting hit left and right and you know We'll jump back over here and see that you know, we keep looking for a more complicated Details to the attacks, but it turns out like this attack in Texas a huge ransomware messes with Texas You know at first it was thought to be some highly coordinated Cybersecurity attack nope They popped one of the service providers that services all 23 of these Texas cities and that was able to get them Leverage in there and I'm willing to bet if I dug enough they have not released the name of that company that was involved But if you dig around enough you figure out what their name is You'll probably find that they were running around and talking at these established things and landing government contracts and you know Preaching cyber security and goes I'm gonna go with that guy. I don't have any easy answers Feel free to if you have some ideas leave them in the comments below of how small businesses could do some Vetting of these but I mean this person is following all the right steps to proper marketing same things I do with this section. I don't I didn't see Percy on YouTube, but you know the same thing I go and do a lot of public speaking That's how we built their clientele. We do these seminars We come and do them at businesses and all this other stuff public speaking chamber of commerce events Etc. Etc. These are all things we do we have a website that says we follow with security practices, etc So does this person but what's the distinguishing difference? I don't I mean we know in the end what it is But how do you know in the beginning? How is it when you're small business? You don't get caught up in it. I don't have an easy answer Maybe there's another you have a third-party company that comes in audit your IT company I don't know I'm still spitballing ideas here But that's one of the reasons I made this video is not just to talk about the dental breach But to talk about the problems in our industry of how do you find a good IT company? These are some of the challenges that are out there I wanted to bring it up wanted to throw the thoughts to you guys and say hey What are some suggestions out there? But I feel terrible for small businesses. These problems aren't getting better. They're getting worse We're seeing more and more large-scale attacks, and if you are an IT company Hopefully this scares you keeps you up at night like it does me like we're always looking at it We're always auditing ourselves going sir anywhere. We can do better. Is there anywhere? We have 2fa, you know multi-factor authentication turned on doing we making sure we're using unique passwords All of us are using password managers with really long passwords So we're not using even the same passwords on the same systems internally if the systems don't have the same login accounts They have completely separate passwords to help mitigate that type of threat, you know against my business, which would in turn You know attack all the customers that we have behind it So leave your thoughts in the comments below and thanks Thanks for watching if you liked this video give it a thumbs up if you want to subscribe to this channel to see more Content hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post If you want to hire us for a project that you've seen or discussed in this video head over to Lawrence systems.com where we offer Both business IT services and consulting services and are excited to help you with whatever project you want to throw at us Also, if you want to carry on the discussion further head over to forums.lorencesystems.com where we can keep the Conversation going and if you want to help the channel out in other ways we offer affiliate links below Which offer discounts for you in a small cut for us that does help fund this channel And once again, thanks again for watching this video and see you next time