Cyber Crime Junkies

Ransomware Real Life Stories Effect On People. PART 1

June 05, 2023 Cyber Crime Junkies-David Mauro Season 2 Episode 5
Ransomware Real Life Stories Effect On People. PART 1
Cyber Crime Junkies
More Info
Cyber Crime Junkies
Ransomware Real Life Stories Effect On People. PART 1
Jun 05, 2023 Season 2 Episode 5
Cyber Crime Junkies-David Mauro

NEW! Text Us Direct Here!

Robert Cioffi, CEO of a leading NY MSP and discusses ransomware real life stories effect on people, ransomware shocking toll on people from a real life victim perspective, and the ransomware impact on real life small business. We discuss ransomware what it feels like to be a victim and the ransomware impact on real life individuals. A compelling emotional story of how his company was attacked by REVIL in the infamous KASEYA breach, his depicted of what it feels like to watch ransomware live. The Kaseya breach effected over 1500 businesses in the US. He shares an eyewitness account and tells the story of the emotional journey of trauma, triage, rebuilding and persistence through a remarkable recovery. 
THIS IS PART 1 of 2. 
Highlights: 
đź’ˇransomware real life stories effect on people 
đź’ˇransomware what being a victim feels like 
đź’ˇransomware impact on real life individuals 
đź’ˇransomware impact on real life small business 
đź’ˇransomware impact on small business 
đź’ˇransomware impact on small companies in real life 
đź’ˇwatch ransomware live 
đź’ˇemotions when watching ransomware live 
đź’ˇransomware impact on individuals 

VIDEO Episode Link: PART 1👩‍💻 https://youtu.be/fYH1uzjvsuY

VIDEO EP PART 2: https://youtu.be/2K95SlyRwUI

Thanks for watching! -David, Mark, Kylie and Team @CCJ

Click the link above and leave your message!

You can now text our Podcast Studio direct. Ask questions, suggest guests and stories. 

We Look Forward To Hearing From You!




Custom handmade Women's Clothing, Plushies & Accessories at Blushingintrovert.com. Portions of your purchase go to Mental Health Awareness efforts.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
đź”— Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: đź’¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Show Notes Transcript

NEW! Text Us Direct Here!

Robert Cioffi, CEO of a leading NY MSP and discusses ransomware real life stories effect on people, ransomware shocking toll on people from a real life victim perspective, and the ransomware impact on real life small business. We discuss ransomware what it feels like to be a victim and the ransomware impact on real life individuals. A compelling emotional story of how his company was attacked by REVIL in the infamous KASEYA breach, his depicted of what it feels like to watch ransomware live. The Kaseya breach effected over 1500 businesses in the US. He shares an eyewitness account and tells the story of the emotional journey of trauma, triage, rebuilding and persistence through a remarkable recovery. 
THIS IS PART 1 of 2. 
Highlights: 
đź’ˇransomware real life stories effect on people 
đź’ˇransomware what being a victim feels like 
đź’ˇransomware impact on real life individuals 
đź’ˇransomware impact on real life small business 
đź’ˇransomware impact on small business 
đź’ˇransomware impact on small companies in real life 
đź’ˇwatch ransomware live 
đź’ˇemotions when watching ransomware live 
đź’ˇransomware impact on individuals 

VIDEO Episode Link: PART 1👩‍💻 https://youtu.be/fYH1uzjvsuY

VIDEO EP PART 2: https://youtu.be/2K95SlyRwUI

Thanks for watching! -David, Mark, Kylie and Team @CCJ

Click the link above and leave your message!

You can now text our Podcast Studio direct. Ask questions, suggest guests and stories. 

We Look Forward To Hearing From You!




Custom handmade Women's Clothing, Plushies & Accessories at Blushingintrovert.com. Portions of your purchase go to Mental Health Awareness efforts.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
đź”— Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: đź’¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

ROB CIOFFI PART 1

Ransomware Real Life Stories Effect On People

 

Robert Cioffi, CEO of a leading NY MSP and discusses ransomware real life stories effect on people, ransomware shocking toll on people from a real life victim perspective, and the ransomware impact on real life small business. We discuss ransomware what it feels like to be a victim and the ransomware impact on real life individuals. A compelling emotional story of how his company was attacked by REVIL in the infamous KASEYA breach, his depicted of what it feels like to watch ransomware live. The Kaseya breach effected over 1500 businesses in the US. He shares an eyewitness account and tells the story of the emotional journey of trauma, triage, rebuilding and persistence through a remarkable recovery. THIS IS PART 1 of 2. Highlights: đź’ˇransomware real life stories effect on people đź’ˇransomware what being a victim feels like đź’ˇransomware impact on real life individuals đź’ˇransomware impact on real life small business đź’ˇransomware impact on small business đź’ˇransomware impact on small companies in real life đź’ˇwatch ransomware live đź’ˇemotions when watching ransomware live đź’ˇransomware impact on individuals 

[00:00:00] DAVID MAURO: Lucky to work for a great group of people you really believe in? 

[00:00:06] MARK MOSHER: Find yourself making an impact? 

[00:00:08] DAVID MAURO: Technology is a river that flows through every aspect of an organization, and today is different. We put ourselves and our organizations literally at risk of complete destruction every single time we get online.

[00:00:21] ROBERT CIOFFI: One click, one distraction is all it takes. . 

[00:00:25] MARK MOSHER: Come join us as we explore our research into these blockbuster true cybercrime 

[00:00:30] DAVID MAURO: stories, along with interviews of leaders who built and protect great brands.

[00:00:39] And 

[00:00:39] MARK MOSHER: now the show.

[00:00:48] DAVID MAURO: In the studio today, we have a very special guest, Robert Cioffi. Robert, welcome. 

[00:00:54] ROBERT CIOFFI: Thank you, David. I appreciate the invitation to come and share a bit about what happened to us with the hopes that the listeners will be able to better prepare for themselves for what may happen to them. 

[00:01:06] DAVID MAURO: Absolutely.

[00:01:07] And we are also joined today by our illustrious co-host, mark Mosher. Mark, 

[00:01:11] MARK MOSHER: how are you? 

[00:01:12] I thought 

[00:01:12] maybe, I just disappeared into the background there and. Enormous 

[00:01:15] ROBERT CIOFFI: studio that is the 

[00:01:16] MARK MOSHER: cybercrime junkie 

[00:01:17] DAVID MAURO: studio. 

[00:01:18] Are are, were you feeling like a wallflower? I, I, I, I deviated from my, yeah, I deviated from my normal protocol.

[00:01:26] So for those that don't know typically when we start these, sometimes it messes with Mark's audio. So I'll go to introduce him and he won't hear me. And so he stands there. He's like, are they talking to me? Are they not talking to me? What's going on? And so I just went right to the guest. Yep. I'm the awkward.

[00:01:43] Absolutely. So Robert, so welcome. So Robert, for those who don't know, please look him up. Connect with him on LinkedIn, connect with him at his company progressive Computers. Let's start from the beginning. I mean, you have a phenomenal [00:02:00] story. It's really heartfelt and it gets past all of the.

[00:02:06] Kind of the standard media that we hear about ransomware, right? We always hear about, you know, oh, the code and things were exfiltrated and like, you know, I cybersecurity people and IT people in general. We always tend to. Hide behind acronyms and, and hide behind the mirrored rays weren't doing. I'm like, that's fascinating for the minutia, but the reason element to these, 

[00:02:32] MARK MOSHER: when this happens, you, yeah, you see it when we come in post post event sometimes, but know there's a huge sad that, that there's an.

[00:02:41] Content behind when events like this happened. And I think that's really Robert. Richard, your story 

[00:02:47] ROBERT CIOFFI: speaks. Yeah, I mean, it totally is. If I can just pick up on a few of the little cues there. I was attending a conference over the summer where there was a speaker who, by the way, I admire greatly.

[00:02:58] I think he's brilliant. You know, somebody in this space that has, is tremendously cred. 

[00:03:03] DAVID MAURO: You don't have to embarrass me like that. Robert. You 

[00:03:06] ROBERT CIOFFI: don't gonna light. 

[00:03:09] DAVID MAURO: I'm in the room. You don't have to. David . It wasn't me, folks. 

[00:03:14] ROBERT CIOFFI: So who, who was it? Do you mind sharing? No, it wasn't, it wasn't. But but I asked him this question because we were talking about this very topic of, you know, what makes the news in events like this and whether it's, you know, typically we hear about a large enterprise, you know, how.

[00:03:28] CTO at Uber do this or how did the, you know target CISO allow this to happen and mm-hmm. it, we, we san oversize in the media or when you hear stories going around and not understanding that there are human beings behind these stories and there are a lot more facts and evidence behind the scenes that we don't account for.

[00:03:50] We, we've lost our ability, I think especially, Social media and technology being the way it is. And you know, here this is coming from, you know, an [00:04:00] Uber geek technophile. That we've lost the ability to empathize or we forget to do so. Maybe we haven't lost the ability, but we forget to empathize, to understand there are victims here.

[00:04:11] I was a victim. My customers were victims. We didn't do anything wrong. A crime was committed. Can we start there, 

[00:04:17] DAVID MAURO: please? Yeah, exactly. Yeah. Let, let, let's back up a little because understanding the context in your back. Really Sets, sets the tone because I'm, I'm first, second generation Italian American.

[00:04:31] Also, you born and raised in the New York area. You came outta school, you started this IT managed service provider at M S P IT company. Actually, you guys were coders in the beginning, 

[00:04:43] ROBERT CIOFFI: right? Yeah. I mean, it was 30 years ago. There was no MSP back then, right? I was building, I was building applications in something called clip.

[00:04:51] Which is a debates variant using a, I remember a clipper. 

[00:04:55] DAVID MAURO: That's how old I am. I, yeah, 

[00:04:56] ROBERT CIOFFI: yeah. I mean, I wrote tons of software from scratch. Some of it is still stored away on, in some file structure here. I gotta go dig that Outback code. Oh yeah. Live my past and remember that I was 20 once.

[00:05:09] But yeah, that's how we built this business, is basically building applications. And then it, you know, went into Noel and, you know, windows NT and. You know, for many listeners, you know the rest of the story. They don't have to bore you with the, the metamorphosis that happened slowly over those 30 years and the way the world changed.

[00:05:27] DAVID MAURO: Yep. Absolutely. So then you guys developed this msp, what's, what's the name of it and 

[00:05:32] ROBERT CIOFFI: how many, yeah, few years ago. Company is Progressive Computing Inc. We're an MSP based out of Yonkers, New York, which is just north of New York City. So, you know, our, our primary coverage is the county of Westchester, Westchester County.

[00:05:45] Mm-hmm. Which is, you know, that sleepy bedroom community of a million people outside of New York. And but you know, our, our reach is far beyond that. We have customers coast to coast across all 48 states which is part of the story. It's an important part of the story [00:06:00] about where our customers were and our ability to be able to get to them.

[00:06:03] But yeah, I mean it's, you know, it's probably no different than than many of the IT companies out there. Two guys, two college buddies, you know, got together. My business partner and I are, are still running the business today. We're about to hit our 30th anniversary in February. That's fantastic.

[00:06:17] Congratulations. So we accept gifts. I'm a big red No, no, that's 

[00:06:20] MARK MOSHER: wonderful man. I love that. All gifts 

[00:06:23] ROBERT CIOFFI: are welcome. Love it. Are welcome. . So I mean, yeah, I mean, that's a very quick background about mm-hmm. , you know, what, what we are today and what our roots are. You know, we are traditional computer science students from, you know, college, you know, with code lines of code running around in our head and, you know, aspirations to build a company.

[00:06:43] DAVID MAURO: How, how many employees did you guys have and what type of clientele were you guys? 

[00:06:47] ROBERT CIOFFI: I mean, there's no specific vertical that we serve. I mean, there are pockets nonprofit, a lot of professional services. Real estate has come up quite a bit for us as well. Construction, things like that.

[00:06:59] DAVID MAURO: And are you mostly in the s and b space or Yeah. Do 

[00:07:03] ROBERT CIOFFI: you have In mainly the SMB space. I mean, we generally try to start at a size of about 10 users and then go up from there into the hundred hundred 50 space. I mean, that's our sweet spot is in, you know, that 20 to 50, 60 range. Yeah. And as far as employees were about, I kind of lost count cause it's fluctuated a bit, especially post.

[00:07:24] But we're about 25 ish. Again, I think we're planning on a couple of hires for the upcoming year, which just, just still finalizing some 

[00:07:31] DAVID MAURO: budgets. Great. Excellent. So you're a healthy M S P continuing on for, I mean, and for small businesses to survive for 10 years is defining all the odds, right. And then in a very burgeoning grow.

[00:07:47] IT space in a competitive market, right? Very competitive. This isn't, this isn't Wichita, right? We're we're in New York. Yeah. And so let's start at the, [00:08:00] like, obviously your M S P was target. Through a ransomware attack, which is, which was very unique. Is that a fair state? It, it was, it was unique in the sense that, I mean, ransomware's not new, but usually they hadn't gone after the support providers in the past.

[00:08:20] Historically. Right. Historically. 

[00:08:22] ROBERT CIOFFI: Historically. Right. Histor. Right. But it's, it's been theorized and the theory has been proven and it's, and we're not the first, by the way, the incident that happened with us was not the first of its kind, but it certainly. Provided another major data point in the not only the sus the, the, the suspect or the suspicion of a trend, but the actual trend now developing is that hackers know that MSPs have the keys to the castle for not just one company, but for all of the companies that they support.

[00:08:51] Right? So if I, right, if I am able to successfully. And M S P I can potentially have hundreds of companies now right at my fingertips. And obviously this is all through RMM tools, right? Right. So we were, you know, just for clarity purposes here we were one of the CAA VSA victims on July 2nd, 2021. There were about 60 customers and everything I'm about to tell you or will tell just really kind of two points about it.

[00:09:19] Everything I'm gonna speak about is mostly public information. Mm-hmm. , and I'll cite where it's not if I go there. And second, this is not a, a disparagement against cassa. I choose to come public with our story, not to beat anybody up because I felt like we were a victim. Ca say was a victim too, right?

[00:09:39] Mm-hmm. . And like I said before, a crime took place a criminal. You know, did some really bad stuff to a lot of very good companies and a lot of very good people. So I wanna just almost kind of start and end right there. Right, right. You know, I, you know a zero day exploit was taken ad advantage of in the ca say VSA product.

[00:09:58] DAVID MAURO: And explain to [00:10:00] the listeners what, what the VSA products and, and for those that might not even, that might be listening to this as a podcast later, right. While they're driving. They're working out MSPs or managed service providers, they provide. Different models of variable capacity, unlimited support for businesses, organizations, government entities, et cetera.

[00:10:21] And MSP is the acronym for managed service provider? Correct. The, the tools that they use to remote control, to monitor, manage. To fix, we call it remediate. The, the organizations, the reason we're able to scale, the reason it's affordable is we're able to create incredible efficiencies by working remotely.

[00:10:41] By remotely these tools and the toolmaker itself. Ca say it just to simplify it, right. Toolmaker itself was compromised, meaning a criminal adversary got in and Some element that would allow them than when those tools were launched legitimately through all of all of Cass's clients, which were you, right?

[00:11:12] Correct. To your customers. To your customers, yes. Then, then it reached the end point, which was the actual business government entity organization. Small business, et cetera, and then they launched 

[00:11:30] ROBERT CIOFFI: their ransom. Yep. These tools are just, if I can add a little bit to that please. Yeah. These tools are live tools, right?

[00:11:37] They are. There's a piece of software that we install on every one of the customers that we support. It's called an agent software. That agent sits on that Windows or Mac computer. And allows us to do all of the things that you articulated already, right? The mm-hmm. monitoring, the maintenance. And there's some automated processes that we can do that greatly make our lives and our customers' lives so much better and allows [00:12:00] us to deliver the service, as you described at an affordable rate.

[00:12:03] That makes sense. Right. So we are the outsourced it for our customers. So they trust us and there's the important word. They trust us that we've are, you know, in care of their systems. And as a customer myself of a, of a tool like caa, we trust that their tools are sound not only functionally and you know, do everything that's advertised, but are there, are secure.

[00:12:25] The one term that hasn't been used yet, but a lot of people are familiar with is supply chain attack. And that's exactly what this was. So the threat actor, the adversary, discovered a flaw in this software and then set out to find who is using this software. And we were one of those. 60 some odd ca say customer victims that that attacker was able to use in a malicious way to deploy ransomware to all of the endpoints, all of the people that we manage.

[00:12:54] Right? Two th over two, 2,500 endpoints for us. Over 2000 users of a, you know, that we support, were affected by this. There's a supermarket chain in. Called co-op. They are in the news, like, so I'm not telling you anything proprietary and Yep. It's, it's very public information. They had 800 stores across Europe.

[00:13:12] About 500 of those stores were shut down because all their cash registers run windows and all those cash registers were managed by a company like us who had CAA VSA installed on it. So they shut. You know, about 500 stores for about a week because they were unable to process transactions. So let's, that's the magnitude of something like this right now that puts in 

[00:13:36] DAVID MAURO: perspective.

[00:13:37] No, it's, it's hugely impactful. I mean, it's just, it's really the, it, it really is truly the supply chain, right? Because they're getting it at the core and it's just affecting thousands. Yep. All over. So let's turn to the, the day you found out about this, this. Yes. There was no, it was zero dis characters and malware [00:14:00] is bad code.

[00:14:01] It's code that harms or spies or does something that somebody doesn't authorize and doesn't know that it's gonna do. And those things have lists of all of the known bad codes and they block. From them. Right. And then here, this was a zero day, which means it hadn't been known. Nobody knew that that code was bad and it got through to caea.

[00:14:26] Is that a fair statement? 

[00:14:27] ROBERT CIOFFI: Very simplistic terms. Well, I, I mean, if you read online, and again, it's. I don't mean to disparage CAE by saying this, but the Zero day exploit was actually discovered a few months prior to the attack. And the reason I'm bringing this up is because I want the audience to understand that there are plenty of zero day exploits out there.

[00:14:45] Mm-hmm. in the wild right now on a variety of things that you may be using. But what's meant by zero day is that only very few limited people know a research. Perhaps an engineer who discovered this fatal flaw. And you gotta remember that software systems are very, very complex. You can't just write a new line of code, republish the software and push it out to everybody because No, that would, that's not how development works, right?

[00:15:11] It's almost like making a structural change to a skyscraper. Right. And not really going through all the right testing to ensure that when I go put this fix in, that the whole building doesn't fall down. Mm-hmm. They knew about it and they were working feverishly to get a patch out for it.

[00:15:26] Interestingly enough, we were a 100% patched on caea up to the day of the attack. And really, you know, a patch was imminent. It was coming out from them. But this threat actor somehow, you know, sometimes when researchers put. Or publish information out there quietly to a vendor somehow that data gets leaked or orgs just discovered independently by you know, by malicious people who are just looking for holes.

[00:15:55] Yeah, and again it's, it's not to paint, say, in a bad light because [00:16:00] Microsoft right now, and Apple right now, Google right now, as well as everybody else on this, Knows about flaws in their software that the public know about. That's why we get updates. That's why we get patch. It's right. It's why. It's why updates happen.

[00:16:14] So this just happened to be one of those perfect storms where there's this major security hole and the bad guys found it before the software company could patch it. 

[00:16:25] DAVID MAURO: Yep. Yep. So, Turning to the day, what was the day that you first learned about it? Oh 

[00:16:32] ROBERT CIOFFI: my goodness. So if I know, you know, the day it's 

[00:16:35] DAVID MAURO: like burned in in Yeah.

[00:16:37] MARK MOSHER: Just into 

[00:16:37] ROBERT CIOFFI: your memory. The day that we live in, in infamy here. So if you live in the northeast or the Midwest, from what I understand, I actually haven't experienced winters in the Midwest or the, like the North mis Midwest. I have friends in Minnesota, Iowa, places like that, and they tell me it can be brutal there even in, oh yeah, like Kansas, right?

[00:16:55] Mm-hmm. . So you know that, you know, for half the year, the weather is kind of cold. Either damp or cold or just not great. And we, we relish the summer, right? The spring and the summer is, is really our time to kind of bloom and, you know, kind of shake off the winter blues. It was one of those. As we as the weatherman here in New York will say, and I'm sure in other parts of the country, one of the 10 best days of the year, the sky was cloudless.

[00:17:22] The temperature was like in the mid eighties. The air was not humid at all. Cause it can get really hot and sticky here, right? And uncomfortable. So, so much so the weather was so great. It was one of those rare days where we actually had the windows in the office open, right? It's either the heat on or the AC zone.

[00:17:39] very few times. We actually allow the breeze to come into the office and the forecast for the next few days, including the July 4th independence day. July 4th being that Sunday. This was Friday, July 2nd, was the same exact weather. Personally, I had a lot of plans. Actually my wife [00:18:00] had plans for us along with some friends.

[00:18:02] We had three barbecues scheduled. None at my house, thank goodness. There you go. . And a friend of ours has a boat and he was gonna take us our two families out onto the Hudson River. And we were just gonna, you know, have a great time. You know, we, I was, this is where my head was, right? It was on the weekend, on the three day weekend and just really enjoying the glorious weather.

[00:18:22] And it was about I don't know about noon. I'm not, I usually much to sh counter to my health. I should be eating lunch every day. A lot of times I end up skipping lunch, but I was determined that day I'm gonna have lunch. I'm gonna go to the kitchen and sit. You know, I was kind of in that more relaxed, jovial mood and I was sitting in the kitchen eating my lunch window open behind me sunshine coming in, joking with a colleague in the kitchen.

[00:18:47] And I see my director of ops ascend the staircase to the second floor where I'm sitting turns the corner, starts walking down a long hall that I can see out the kitchen door. I've got a, you know, perfect line of sight down this. Hallway and I can just tell something was wrong. His gate, the way he was walking.

[00:19:07] His complexion. Listen, I'm from New York, so you know, we throw around racial terms in a positive way all the time. He's Filipino, so he's dark-skinned, right? But he's like pale as a ghost, right? And, 

[00:19:18] DAVID MAURO: and so there was something about the body language. 

[00:19:20] ROBERT CIOFFI: There's something really wrong. And, and this, that moment, it was that proverbial moment in the movie.

[00:19:27] I mean, to hate, to make it sound so cliche, we're sort of the sky darkens. While it was still bright and sunny outside, there was a, a mood that started to set in. My reaction was somebody just died and Jay is coming upstairs to tell us. Hmm. It could be my partner, could be a client, maybe a family member just called the office and you know, he grabbed the phone cuz he heard, you know, who it was.

[00:19:53] I was a little scared and I said to my colleague in the kitchen, I think [00:20:00] somebody just. It was literally the words that I said, and I was serious. I didn't mean that in a in a funny or in 

[00:20:07] DAVID MAURO: no, the, the tone had turned somber. You 

[00:20:09] ROBERT CIOFFI: could tell something. Yeah. So I, I, I sort of met Jay right at the threshold of the kitchen door, and he is like slightly shaking, like I said, pe I mean, he lost his complex.

[00:20:24] and he wouldn't look me in the eye. Now the thing you need to understand is Jay and I have such a great relationship. Mm-hmm. , you know, we are very straightforward with each other. We're very friendly with each other. We know about each other's families like, like something was definitely wrong. And it started to confirm in my head that.

[00:20:41] You know, something really terrible did happen, and this is where my head went, right? Like, in retrospect, what happened to us while being really awful. So I don't wanna under undermine that part of the story, but it certainly wasn't the death of somebody, 

[00:20:55] DAVID MAURO: right. It was business, right? It was a 

[00:20:58] ROBERT CIOFFI: business catastrophe.

[00:20:59] Yeah. Listen, we, you know, we lost, we lost money. We lost clients in the aftermath of this. That's, that's gonna be an obvious part of the story. And it was terrible. Blah, blah, blah. But nobody died. But, so I grabbed Jay by the shoulders and I kind of like, you know, I, I needed to get the truth outta him.

[00:21:16] And I said, Jay, what's wrong? And he kind of fixed his gaze on me and said, Robert, all of our customers are ransomware. Oh. And I couldn't process that. Right? How do you even put that in context to process? It was a little too surreal. Like, what do you, and I even said to him, I'm like, okay, Jay. What do you mean all of them?

[00:21:39] DAVID MAURO: Which one? You've gotta think. Yeah, you've gotta think he was exaggerating, right? Like 

[00:21:44] ROBERT CIOFFI: it 

[00:21:45] DAVID MAURO: felt that way. Yeah. It had like two or three at once. It seems like a big deal. 

[00:21:49] ROBERT CIOFFI: Right? Or, or, or maybe Holy cow. Or, or maybe my self-preservation mode kicked in and said, I reject your reality and I [00:22:00] reconstruct this in my mind.

[00:22:02] So it was in that moment that I think he realized he needed to hit me with a sledgehammer and he started to list our clients. And I think subconsciously I've asked him about this and that I can't get a good straight answer out of him. Cause I don't think he really knows. I think he thinks, the way I was thinking was that he purposely started to list off the large customers.

[00:22:23] Right. The ones that would really drive the point. Not the, not that little ones aren't important. I don't mean it that way, but No, of course. But impact of revenue meant for the business, right? Yeah. And he started to list them, and as he's listing them now my senses change. Now it goes to, I'm moving my head.

[00:22:43] In the open office, and I can see through different offices and glass walls and cubicles, I can hear and see people on the phone and they're having conversations that are going something like this. I don't know what's going on. Hold on. Let me find out. Yeah, I think something big is happening.

[00:23:00] Let me get a technician to call you back. I, I'm really sorry. Like, and, and people, you know, people were stuttering people. Very serious. You could tell that they were dealing, you know, when you triage somebody off, triage, having a conver a bad conversation with somebody on the phone and you can only hear the other half of it, right?

[00:23:17] Right. The other half that's taking all the heat. That's the way it felt. And I definitely knew right then and there at that moment, our RMM tool, that CAA tool that we use to manage all of our customers must have been. Right. And it was in that moment that I started to feel a lot of different emotions, dread.

[00:23:40] Guilt was also another one. I don't know if it's the Catholic upbringing, but guilt came in because I immediately just assumed that we had done something wrong, that we had somehow allowed a threat actor. To break into our systems. Right. Like in, in my community. You didn't know the details at that point?

[00:23:58] I didn't. I, I knew nothing at that moment. This is [00:24:00] just my primal instincts. Right, right. We have a, a Facebook group, like many people probably have in their communities and people will post all the time like, oh, my car was broken into, and people are always saying like, look, the local police department keeps telling you, lock your car.

[00:24:14] Lock your doors. There are people who come around and try to open doors cause they're stealing laptops, they're stealing electronics, they're stealing money, they're stealing whatever they can out of cars. And my head is like, Hey idiots, how many times do you have to hear this? Lock your freaking door.

[00:24:29] Right, right, right. And you know, it's like, why don't they still get it? It's like, this has been going on, this conversation's been going on for years. And I felt like that idiot at that moment because, It's where my head naturally went. I never imagined that it would be a crime of an international scope and affect so many businesses worldwide, and that it would be something that I had done absolutely nothing wrong.

[00:24:58] I just felt as the steward, as the person or a company entrust. To care for all of my customer systems and for me to somehow allow this to happen on my watch. That's why I felt so much guilt right now. That guilt went away with time, and that time was only a matter of hours before the full story began to unfold.

[00:25:20] But those were my initial reactions. I was scared. You know, quite frankly, I was terrifi. You know, I watched my business valuation kind of just evaporate on me, like within a split second, and I really didn't know what to do. I was frozen. Now you, and this was you 

[00:25:35] DAVID MAURO: and your college buddy, you guys had been in business 

[00:25:37] ROBERT CIOFFI: for Well, my, my partner wasn't there.

[00:25:39] This was my director of ops that I was with at the moment. Right. My partner was actually out of the office at that moment. I think he was actually on a sales call of all places to be at that moment. You know, I, I was really just feeling the sense that you know, I, you won't find in any business book the term I'm about to use.

[00:25:56] I consider myself a fixer. Right. If there's a [00:26:00] problem, I can fix it. It, it's a car, it's something in your house. I just had a major leak in my bathroom. I ripped up half the bathroom and put it all back together again. It like, you know, people like, oh, so you know, you know plumbing? And I'm like, no, I figured it out.

[00:26:13] Right. You know, the engineering mind. I'm just my head. Yeah. Yeah. I mean, as a kid, my father used to make me, you know, come in the garage and help him out all the time. So it's, I'm used to this, right? And even in business just being a computer scientist, like everything to me in life is a problem to work out, even personal problems, I just, yeah, I, I always feel there's an answer here, right?

[00:26:36] There's a, I don't have clarity, but there's an answer here, and I work through it. It's the way my mind works. But in that moment in. I was so frozen, I had no clear path in front of me. I had no idea what to do. 

[00:26:51] MARK MOSHER: Wow. 

[00:26:52] DAVID MAURO: Man. Man, 

[00:26:54] MARK MOSHER: oh man. So that 

[00:26:54] ROBERT CIOFFI: people understand, so the listeners understand. So the threat actor 

[00:26:59] MARK MOSHER: was able to exploit this zero day, 

[00:27:02] ROBERT CIOFFI: Vulnerability they got into your system.

[00:27:07] MARK MOSHER: From there, they were able to move to all of your clients somewhere. Them, 

[00:27:11] ROBERT CIOFFI: yeah, because remember that that tool is something that we use to manage all of our customers, right? So if they're logged in now as an administrator, which is essentially what they were, right? Mm-hmm. , they logged in. And had full a hundred percent control over all systems.

[00:27:26] Just like my own engineering for tur teen, sorry, my own technicians and engineers, they have full access to that system or had, cause we don't use it any longer. But you know, that's what they use to do their jobs on a day-to-day basis. Right, right. From an end user standpoint, so 

[00:27:43] MARK MOSHER: Mark works at a real estate office and he goes in to sit down in his cube and he's gonna log on the.

[00:27:50] What does he see? How did they know? What would, what would That's 

[00:27:54] ROBERT CIOFFI: great. What would trigger them to call you? So let me, let me, let me just maybe wrap up that part of the initial part of [00:28:00] the story. So I grabbed Jay cause I didn't know what to do, right? I grabbed him and we went into my office where I'm sitting right now and literally right where I'm sitting at this moment, looking at this very screen and two screens to the side for me.

[00:28:12] I have three monitors. I sat down and frantically. I needed to try something. I need to figure out information. I started to log into these systems and as within a few minutes as I'm starting to my own crude investigation here, in trying to just piece together what the heck is going on, it's almost like war is upon you and there's fog and smoke and explosions and bullets flying, and sounds that you thought you'd never hear, smells that you'd never smell.

[00:28:43] You could tell. And here I am trying to like bring some sanity and clarity into this mess. And as I was sitting at my desktop now everybody on their desktop probably has icons, like that trash bin and a word icon, an Excel icon, and an icon for some software that you use, right? Little blue circle thing that you always click on and that starts your right, your software, your CRM system, all those different icons started to turn into white boxes.

[00:29:11] Now, the technical piece is 

[00:29:13] DAVID MAURO: yours, 

[00:29:14] ROBERT CIOFFI: on yours as well, on my computer. What the technical person will tell, will know immediately without me explaining is that's the telltale sign of the ransomware attack. Because what happens in a ransomware attack, what that software does is it starts to encrypt.

[00:29:28] DAVID MAURO: Every single file on computer, it spread like a weed, right? 

[00:29:33] ROBERT CIOFFI: It kind of, it scrambles all those files and now Windows looks at that file and go, I don't know what that is anymore. Right? It's not a dot pdf, it's not whatever. It's not a dot d CX or an Xlsx or a P ptx, right? A PowerPoint and Excel Word document.

[00:29:48] And so it just says, I don't know what that is, so I'm gonna paint the white box and it. So those icons, as I said, started to pop white, right one by one. I watched them. White, white, white, white. They all just started to turn. [00:30:00] So you 

[00:30:00] DAVID MAURO: saw the ransomware as it was encrypting 

[00:30:03] ROBERT CIOFFI: your own correct systems? Correct.

[00:30:05] And then the second telltale sign is that now there is a read me dot txt file, a text file, a plain text notepad file on my desktop that when I opened it, I mean there's no I know. I already know forensically. You knew at that point. In opening the text file, but that's the instructions for paying the ransom.

[00:30:28] DAVID MAURO: Hi, cybercrime Junkies. Thanks for listening and watching. Got a question you want us to address on an episode, reach out to us@cybercrimejunkies.com. If you enjoy our content, then please consider subscribing to our YouTube channel at Cybercrime Junkies. 

[00:30:43] MARK MOSHER: Connect with us on all social media like LinkedIn, Facebook, and Instagram, and check out our website.

[00:30:49] It's cybercrime junkies.com. That's cybercrime junkies.com, 

[00:30:54] DAVID MAURO: and thanks for being a cybercrime.