All Featured News Rundown

Ransomware Rampage: Cyber Threats and Costly Consequences | Gestalt IT Rundown: May 24, 2023

Ransomware attacks continue to pose a significant threat across various sectors, with recent incidents targeting critical industries and causing substantial financial and operational damages. Federal authorities have issued warnings about a surge in cyberattacks exploiting a high-severity vulnerability in Veeam software that enables unauthorized access and raises the risk of data heft and ransomware deployment. With healthcare organizations heavily reliant on Veeam software for data protection, the implications of these attacks are particularly concerning. But the impact of ransomware attacks extends beyond healthcare, as demonstrated by recent incidents faced by companies like Dole, which incurred $10.5 million in direct costs following a ransomware attack, and the ongoing attack on the Dallas Municipal Court Building, disrupting legal proceedings and potentially exposing sensitive personal and case-related information. Since we have an expert in data protection joining us today, let’s take a closer look at the face of ransomware. This and more on the Rundown.


1:06 – Micron is Kicked Out of China (Again)

The recent ruling by the Cyberspace Administration of China (CAC) to prevent Micron Technology products from being used in critical information systems marks a significant development in the ongoing trade war between China and the United States. This move, stemming from allegations of cybersecurity crimes, not only impacts Micron but also highlights the broader complexities surrounding global semiconductor supply chains and the pursuit of self-sufficiency in key technologies. What are the implications of Micron’s exclusion from Chinese markets, and what does this mean for the ongoing financial struggle between China and the west?

Read More: Micron Closed Out of Some China Markets


5:07 – Cohesity Partners with Google Cloud for Data Insights and Security

Cohesity recently announced a significant expansion of its partnership with Google Cloud. The collaboration aims to leverage large language models (LLMs) and advanced AI technologies to enhance data insights and strengthen data security. The joint effort was unveiled during Cohesity’s Catalyst virtual conference, where the companies highlighted their focus on generative AI, data analytics, and the expansion of the Data Security Alliance. Will this have real impact or is it just more AI noise?

Read More: Cohesity RAGs large language models coming through Google Cloud


8:17 – Cloud, AI, and Business Messenger Unit Spun out from Alibaba

Alibaba, the Chinese e-commerce giant, has announced plans to spin off its intelligence group, which includes its cloud, AI, and business messenger units, as an independent publicly listed company. Alibaba saus this will unlock value from its businesses and attract external investors, but it is surprising that Alibaba Cloud, which dominates the Chinese market, would be spun out. What’s happening here?

Read More: Alibaba to spin off its cloud, AI and business messenger unit


10:36 – Microsoft Builds In the AI

Microsoft Build 2023 was all about AI integration. Windows 11 will feature an AI Copilot for text-related tasks, while Microsoft 365 Copilot now supports plug-ins, including Teams messages extensions and Power Platform connectors. Additionally, Edge browser will integrate 365 Copilot, Windows Terminal will incorporate an AI-powered chatbot, and of course there’s Bing, which becomes the default search engine for ChatGPT, with expanded plug-in support. Microsoft is certainly leaning into AI!

Read More: The 5 biggest announcements from Microsoft Build 2023


13:10 – BlueCat Acquires Men&Mice DDI Platform

BlueCat Networks has acquired Men&Mice, a recent Tech Field Day presenter with an industry-leading DDI platform. The acquisition strengthens BlueCat’s position in the market and allows them to offer advanced network tools to organizations of all sizes. This move comes in response to the increasing demand for DDI management, and fits well with BlueCat’s portfolio for mid-market and enterprise organizations. What’s your take?

Read More: BlueCat acquires Men&Mice to boost its industry-leading DDI platform

Tech Field Day 27 Presentation: Men&Mice Presents at Tech Field Day 27


15:37 – Supreme Court Sides with Tech Platforms on Section 230

The recent rulings by the US Supreme Court in cases involving Google and Twitter have reaffirmed the legal protections for major tech platforms. The court found that these platforms cannot be held liable for the content posted by users, specifically in relation to terrorism-related content. Let’s consider the importance of Section 230, a telecommunications law that shields tech companies from liability and the implications of these rulings, the ongoing debate around Section 230, and the potential impact on the future of social media moderation. What does this mean for the future of social platforms?

Read More: Supreme Court sides with Twitter, Google over tech platform liability


18:33 – Pliops Plus Redis Equals for In-Memory Performance

Pliops introduced an efficient Redis cluster powered by XDP-Rocks, delivering in-memory performance and SSD-like cost economics. The collaboration optimizes Redis on flash performance using hardware acceleration, allowing economical scaling of application data footprints. Pliops is also expanding its partnership with phoenixNAP, offering Pliops-powered Bare Metal Cloud instances for Redis on Flash clusters, enabling faster data processing, sub-millisecond latency, and significant cost savings. When you saw Pliops at Cloud Field Day a few years ago, would you have predicted this?

Read More: New Redis Cluster from Pliops Accelerates Redis Services, Delivers In-Memory Type Performance and SSD-like Cost Economics


21:28 – Ransomware Rampage

Ransomware attacks continue to pose a significant threat across various sectors, with recent incidents targeting critical industries and causing substantial financial and operational damages. Federal authorities have issued warnings about a surge in cyberattacks exploiting a high-severity vulnerability in Veeam software that enables unauthorized access and raises the risk of data heft and ransomware deployment. With healthcare organizations heavily reliant on Veeam software for data protection, the implications of these attacks are particularly concerning. But the impact of ransomware attacks extends beyond healthcare, as demonstrated by recent incidents faced by companies like Dole, which incurred $10.5 million in direct costs following a ransomware attack, and the ongoing attack on the Dallas Municipal Court Building, disrupting legal proceedings and potentially exposing sensitive personal and case-related information. Since we have an expert in data protection joining us today, let’s take a closer look at the face of ransomware.

Read More: Dallas Municipal Court Building Closed This Week Due to Ongoing Ransomware Attack

Read More: Dole incurs $10.5M in direct costs from February ransomware attack

Read More: Feds Warn of Rise in Attacks Involving Veeam Software Flaw


36:49 – The Weeks Ahead

Cloud Field Day 17 May 31 – June 1, 2023

Cisco Live US June 6-7, 2023

Security Field Day June 28-29, 2023


The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.

Episode Transcript

Stephen Foskett: Welcome to the Gestalt IT Rundown! Each time we meet, we run down the IT news of the week with a variable degree of snarkiness. I’m your host, Stephen Foskett, and joining me today is Tom Hollingsworth. Wait, that’s not Tom! Who is that? Hey hey, it’s W Curtis Preston. Welcome to the show, Mr. Curtis!

W. Curtis Preston: Very much not Tom, but I’m glad to be here.

Stephen Foskett: It’s nice to have you here, my friend. You and I have been friends for a long, long time. I’ve always wanted to get you on the show, and I’m thrilled to have you join us. Today is National Brothers Day, and you’re like a brother to me.

W. Curtis Preston: You know, it’s also National Scavenger Hunt Day. I love a good scavenger hunt. How about you? And what about Yucatán Shrimp Day? What do you think?

Stephen Foskett: Yucatán shrimp sounds kind of yucky to me, but I don’t know. Maybe they’re delicious. I’m gonna take my brother on a scavenger hunt for Yucatán shrimp. But in the meantime, let’s turn to some of the news of the week.


W. Curtis Preston: The recent ruling by the Cyberspace Administration of China to prevent Micron technology products from being used in critical information systems marks a significant development in the ongoing trade war between China and the United States. This move, stemming from allegations of cybersecurity crimes, not only impacts Micron but also highlights the broader complexity surrounding global semiconductor supply chains and the pursuit of self-sufficiency in key technologies. What are the implications of Micron’s exclusion from the Chinese market, and what does this mean for the ongoing financial struggle between China and the West? What do you think, Stephen?

Stephen Foskett: Yeah, it’s an interesting story. When I first heard wind of this, I was really scratching my head because I’m saying, you know, what is Micron again? So Micron is one of the leading producers of DRAM and flash memory, in competition with two Korean companies, SK Hynix and Samsung. What does Micron have to do with cybersecurity, and what kind of possible cybersecurity threat could there be from Micron DRAM and flash memory products? I mean, we’re not even talking necessarily assembled components here; we’re talking literally memory chips. And then it occurred to me that this has nothing to do with Micron’s products whatsoever. In fact, as my good friend Jim Handy points out, this is really more about the trade war between China and the US than it is about anything else. Previously, China did block Micron products very verbally and vocally, and then didn’t really block them at all once it became obvious what that would do to production. Now, I don’t know what this is going to mean for Micron overall, but I will say that maybe this is more bluster than it is reality.

Stephen Foskett: So, a couple of things to know. Number one, this only blocks the use of Micron products in what the CAC is calling “critical sensitive systems.” This doesn’t block China from importing or using Micron memory or SSDs in products for export or even just general products, at least that’s my read on this for use in China. It really is focused on blocking, basically striking a blow against a US company that’s supplying a critical component to Chinese intelligence and systems. Frankly, it strikes me that Micron was picked mainly because the other choice would have been Intel. And maybe China didn’t want to block Intel products, even though many of those are restricted now from the China market. I should also mention, as I said, this is not the first time that Micron has been blocked, and the other time didn’t have much impact overall. Micron themselves stated that the most impact it would have would be about a 25% reduction in the company’s product consumption, and probably a lot less than that. And also, I should mention that the other companies that I mentioned, Samsung and SK Hynix, well, they don’t seem all that optimistic and positive about one of their big key competitors being blocked in this market. And that’s because the memory RAM and flash market, although it is competitive, I think that there’s an understanding that there needs to be competition, there needs to be multiple suppliers in this market, and no one wants to see their market hit by basically a political game. So frankly, I really don’t see this being more than another round of bluster in the international relations game and not too much impact on Micron.


Stephen Foskett: Cohesity recently announced a significant expansion of its partnership with Google Cloud. The collaboration aims to leverage large language models and advanced AI technologies to enhance data insights and strengthen data security. The joint effort was unveiled during Cohesity’s Catalyst virtual conference, where the companies emphasized their focus on generative AI, data analytics, and the expansion of the data security alliance. We’ve been hearing a lot about large language models in cybersecurity, but you know this market better than me. What does this mean? Is this really impactful, or is it just more AI noise?

W. Curtis Preston: Well, when I saw the story, my first reaction was, “Oh, more AI news.” But I do think it’s a big deal, especially since it’s encroaching on my area of expertise. Machine learning has been used in backup and recovery technology for a while, but crossing over into the AI world is significant. The difference lies in using data to train the model. AI goes beyond just finding patterns, and Cohesity is talking about ransomware anomaly detection, which is a major concern. Detecting threats in the backup system is crucial, although it’s preferable to address them before they reach that stage. Cohesity is also exploring threat intelligence, data classification, and predictive capacity planning, which are all important aspects.

W. Curtis Preston: There’s also mention of a retrieval augmented generation model, and I’m curious to see what that entails. It could potentially assist in data retrieval and restores, but I’ll reserve judgment until I have more information. It’s commendable that Cohesity is openly using AI, unlike some other vendors who claim AI but mainly refer to AI/ML.


W. Curtis Preston: Let’s take a look at the next thing here. Alibaba, the Chinese e-commerce giant, has announced plans to spin off its intelligence group, which includes its cloud, AI, and business messenger units, as an independent publicly listed company. Alibaba believes this move will unlock value from its businesses and attract external investors. However, it’s surprising that Alibaba Cloud, which dominates the Chinese market, would be spun out. What do you think is happening here, Stephen?

Stephen Foskett: On the surface, it may appear as though a new competitor for Google and Amazon is emerging, potentially making a big impact in China. But upon further reading, it seems that this decision says more about Alibaba and its recent success or lack thereof in the Chinese consumer market. You may be familiar with Alibaba as a website where you can get anything delivered from China, but it’s also essentially the Amazon of China, including AWS. Alibaba Cloud is a powerful and versatile cloud computing environment extensively used by various applications in the Chinese market.

Stephen Foskett: The spin-off may seem peculiar because why would a company separate such a valuable component? Well, imagine Amazon separating out AWS. Actually, yeah, they might do it for similar reasons. Essentially, what Alibaba is doing here is a financial maneuver. They are spinning off the cloud business as a separate company while retaining partial ownership. This allows them to generate additional revenue from the most valuable part of their business, which is the cloud, and protect it from the potential impacts of slowing consumer spending, shifts in consumer demand, and changes in cloud usage in the Chinese market.

Stephen Foskett: In conclusion, I wouldn’t read too much into this other than it being a strategic move to safeguard their cloud business and generate more income. It likely indicates that the economic slowdown experienced in the US is also affecting China, including Chinese cloud companies.


Stephen Foskett: Microsoft Build 2023 was all about AI integration. Windows 11 will feature an AI copilot for text-related tasks. Microsoft 365 copilot now supports plug-ins, including Teams, Messages, Extensions, and Power Platform Connectors. Moreover, the Edge browser will integrate a 365 copilot, and even Windows Terminal will incorporate an AI-powered chatbot. Additionally, Bing becomes the default search engine for ChatGPT with expanded plug-in support. Microsoft is clearly embracing AI and labeling everything as “copilot.” So what’s going on here?

W. Curtis Preston: It’s intriguing that Bing is mentioned as the default search engine for ChatGPT. This caught my attention because just recently, Bill Gates mentioned that AI would eventually replace search engines in the near future. This interesting phrase stood out to me. Microsoft is certainly leaning into AI, but the question remains: how significant is this development? Moreover, when using interactive AI like ChatGPT, users need to actively engage with it to fully benefit from its functionalities. Even if they make the functionality of ChatGPT or something similar available to the average user, the benefits will be minimal unless users specifically interact with it as they would with ChatGPT. The success of this integration will depend on how well users embrace and utilize it. It’s uncertain if the average user is ready to engage with an AI chatbot. Personally, I have interacted quite a bit with ChatGPT and find it fascinating, but I’m unsure if the average user is prepared for that level of interaction. Only time will tell.


Stephen Foskett: So let’s talk about BlueCat Networks acquiring Men&Mice, a recent tech field presenter with an industry-leading DDI platform. The acquisition strengthens BlueCat’s position in the market and allows them to offer advanced network tools to organizations of all sizes. This move comes in response to the increasing demand for DDI management and fits well with BlueCat’s portfolio for mid-market and enterprise organizations. What’s your take, Stephen?

Stephen Foskett: I was not really surprised that this happened. I could’ve predicted exactly when it would happen, and maybe even exactly who the acquiring company would be. But Men&Mice has built a really nice product, as we saw actually on my birthday at the Tech Field Day. The product is great and it addresses a big hole in the market. We actually even did a field roundtable discussion talking about the challenges of DDI, basically managing IP addresses, managing DHCP, managing DNS. If just hearing those phrases makes you shutter, then you must be an IT person because they’re terrible.

Stephen Foskett: And BlueCat has been working in the space for a long time, or at least adjacent spaces. Men&Mice was basically founded to attack this problem, and they’ve created a solution that was pretty appealing. I have to say the Tech Field Day delegates were pretty impressed by it, and frankly, it’s no wonder that one of the major companies in the space said, “We need to have that as part of our portfolio.” The whole thing makes a lot of sense.

Stephen Foskett: I would say that overall, having it be BlueCat is probably better than having it be some big multi-product company where this would get lost. And I think this will be a big and important feature, an important highlight for BlueCat. I think BlueCat’s customers are gonna benefit, and I think the exposure to greater customer environments from Men&Mice products, I think that’s going to help them as well. So overall, I’d say this is a pretty nice acquisition. I’m pretty happy with it. And also, I will say that if you’re wondering exactly what I’m talking about, just use your favorite search engine, search for Men&Mice in Tech Field, and you’ll see their recent presentation which goes over all about the product and its features and what it’s all about.


Stephen Foskett: The recent rulings by the US Supreme Court in cases involving Google and Twitter have reaffirmed the legal protections for major tech platforms. The courts found that these platforms cannot be held liable for content posted by users, specifically in relation to terrorism-related content. But I think that this goes a little bit broader than that. The decisions emphasize the importance of Section 230 of the Telecommunications Act, which shields tech companies from liability, and that has become a bit of a political football lately. This discussion explores the implications of these rulings and what it means for the future of social media platforms.

W. Curtis Preston: Well, I think that this is definitely the most political of any of the things that we’re discussing today. I think this is pretty straightforward, and basically, they ruled that it didn’t violate Section 230 and that it protects these platforms. We can argue all day long that there were a lot of people who were upset about there not being any accountability for things that some of these tech platforms have allowed to happen. And there has been a lot of noise about going after the tech platforms for things that they have allowed to happen. The problem is, for those people that are saying that, is that Section 230 backs these platforms. The idea was that since they’re just aggregating other people’s content, they’re not liable for the content. The people that did it are liable. I think that this allows those companies to breathe a little bit for the moment. But I also think that they should look forward to, and when I said ‘look forward,’ are we meeting in a positive way, they should look forward to something that isn’t Section 230.

W. Curtis Preston: I think that at some point, whether or not it comes out of this current Congress or any of our Congresses, is a different discussion point. But basically, what this really said was you can’t count on Section 230 if you want to go after these companies. Or I can put that in a different order: you can’t go after these companies as long as Section 230 is the rule of the land. So if you want to do that, you need to change the laws. I think it’s a huge ruling, and I think that the social media platforms can probably breathe a sigh of relief for the moment.


W. Curtis Preston: So let’s talk about Pliops, introducing an efficient Redis cluster powered by XDP rocks, delivering in-memory performance and SSD-like cost economics. The collaboration optimizes Redis on flash performance using hardware acceleration, allowing for an economic scaling of application data footprints. Pliops is also expanding its partnership with PhoenixNAP, offering Pliops power to bare metal cloud instances for Redis on flash clusters, enabling faster data processing, sub-millisecond latency, and significant cost savings.

Stephen Foskett: I’m actually really excited to see Pliops doing this. They presented a couple of times at Tech Field Day, and I have to say that it always seems like the product was undersold as basically a RAID card or a storage controller. What Pliops is doing with their card isn’t what you would expect a RAID card to do. It really is fundamentally taking the data and creating a new storage platform for it. Now, wisely, the company decided to offer storage on the thing because that’s what applications want. But really, what’s going on under the hood is a key-value store and something that is essentially a hardware-accelerated database that’s optimized for flash. Yeah, you can put regular data on that, but that’s sort of a waste of the platform.

Stephen Foskett: I was really excited to hear about this because, frankly, it seems to me that Redis is an ideal front-end candidate for the Pliops XDP platform, and this really showcases what this product is capable of. I would love to see more and more of this. I’d love to see Pliops not be thought of as just doing RAID, data protection, and storage, but as offering in-memory performance of databases using flash as the backend, which is a lot cheaper and more accessible to more people in the market. So overall, good move, Pliops. I’m glad to see this happening. I’m also glad to see that they’ve managed to roll this out with a cloud partner. Now, you may not know too much about PhoenixNAP, and I certainly don’t, but it’s nice to see that people can explore this product, try it out, and see if it really delivers the goods without having to go out and build a whole infrastructure of their own. So overall, nice move, Pliops, and I’m glad to hear that things are moving in the right direction.


Stephen Foskett: Curtis, we’ve got you on the rundown this weekend. Everybody knows you as Mr. Backup, Mr. Data Protection, Mr. Ransomware. Frankly, that’s why I wanted to take a closer look at some ransomware stories this week because I believe your expertise in this matter surpasses mine and many others. Ransomware attacks continue to pose a significant threat across various sectors, targeting critical industries and causing substantial financial and operational damages. Federal authorities have issued warnings about the surge in cyber attacks exploiting high severity vulnerabilities, particularly in Veeam software, which enables unauthorized access and increases the risk of ransomware deployment. Healthcare organizations heavily rely on this software for data protection, which raises huge concerns regarding these attacks. Additionally, there have been other incidents, such as the ransomware attack on Dole, resulting in a direct cost impact of $10.5 million, and the ongoing attack on the Dallas municipal court building, disrupting legal proceedings and potentially exposing sensitive information. As an expert in this field, please help us understand what is happening with ransomware.

W. Curtis Preston: Well, you know, this is one of those situations where I feel like Henny Penny saying the sky is falling, but the reality is that it is getting really bad. These are some great stories, and the first one frustrates me the most. The vulnerability in Veeam software was announced back in March, and Veeam announced a fix for it shortly afterward. It bothers me that, even two months later, we are still talking about this vulnerability being actively exploited. I mean, how is it possible that anyone who values their data hasn’t addressed this vulnerability in their backup servers? I just don’t understand it.

W. Curtis Preston: Regarding the Dole story, it was interesting to see that their data protection system worked as designed, but the restore process cost them around $6 million. That’s a significant amount, not to mention the additional costs associated with continuing operations while they were down. In the case of the Dallas municipal court building, they are still down this whole week, and the impact on legal proceedings is substantial. There’s another story that wasn’t on this list, but it’s worth mentioning. In Chile, a ransomware group took out almost all of the country’s federal infrastructure, including their equivalent of the FBI, CIA, and Supreme Court. They even attacked their backup system, and to this day, a year later, they are still rebuilding their federal infrastructure from scratch. This is something people need to think about. It’s not just about paying the ransom; your entire existence as a company could be at risk.

W. Curtis Preston: If you’re not absolutely terrified about ransomware, I don’t know what to tell you. Your company could cease to exist tomorrow. It’s crucial to secure your backup infrastructure. As Mr. Backup, I emphasize that it’s your last line of defense. You need to make sure it’s secure. Implement measures to prevent and detect ransomware, but also focus on securing your infrastructure. For example, don’t allow direct access to your backup system from your active directories. The data stored for backups should be as immutable as possible. Storing at least one copy in the cloud using write-protected immutable storage is recommended. Consult your backup vendor to enhance the security of your backups; they will have answers to your questions.

W. Curtis Preston: To go back to the Veeam customers who haven’t applied the patch, it’s disheartening. I urge you to contact your backup vendor immediately and inquire about necessary security measures. I’m sure they will provide guidance. That’s my thoughts on the matter.

Stephen Foskett: But of course, those of us who have been in IT for a long time understand that the breadth of unpatched, out-of-date systems is large. The number of systems that are exposed, either through misconfiguration or, in some cases, intentional misconfiguration just to make life easier on a day-to-day basis, is large. I think it’s remarkable to consider that when it comes to ransomware, imagine if this was a physical attack instead of a cyber attack. Imagine if the government of Chile was physically invaded by a gang of criminals who blocked and destroyed all government services. What would the response be? Would it be, ‘Oh well, we better buy some new buildings and set up some new government services over there’? Imagine if Joel Corporation had a group of criminals burst into the lobby and burn the building down. Would their response be, ‘Oh well, we better build a new one’? There would be a different response. The fact that this is a cyber, virtual attack really changes the way people approach these things, and not in a positive way. I mean, think about it. If the Dallas municipal court was shut down by people with guns or bombs, there would be not just a federal, but an international response. It wouldn’t be down for 234 weeks. It would be a massive government response. Honestly, my expectation is that eventually people in governments around the world are going to say, ‘You know what? We need to treat these things like real physical attacks,’ and that is not necessarily going to be a great day because having the government, military, and intelligence agencies suddenly getting involved in these things escalates the whole situation. I don’t know what to say about it except that our audience of IT practitioners and IT pros should listen to Curtis on this one. Update your systems, apply the patches, ask your providers what you can do to mitigate this stuff because it’s going to happen, and you can’t rely on the NSA or the army to protect you from ransomware. It’s gonna happen, and you’ve got to protect yourself from it.

Stephen Foskett: The other thing that occurs to me about this stuff is that it’s important to realize that as you’re putting out the fire, the ransomware gangs are always after the ransom. And in some cases, they may not even have the ability to decrypt the data. I’ve heard that as well. I mean, there’s wiper ransomware that is actually not encryption at all. And of course, there are now disclosures happening as a result. And data protection doesn’t protect you from that. I wonder what you think about that angle, Curtis?

W. Curtis Preston: For example, in the Dallas case, if these guys exfiltrated all sorts of sensitive case files and things like that, they could theoretically be in a much different ransom position than just basically saying, ‘Add the stuff, delete it, good luck restoring that.’ This so-called double extortion has now become the most common method. They stay exfiltration some data, and then they say, ‘Well, we have the data, and we will release it if you don’t pay the ransom.’

W. Curtis Preston: I’ll just say I’m not a fan of paying the ransom because paying the ransom just encourages more ransoms, and it also encourages even more specifically the group that targets you. It will make other ransomware groups say, ‘Oh, here’s a group that paid the ransom. Maybe they’ll pay one from us.’ Not a fan. The difficulty is with the extortion or ransomware where they say they have information. In the case of the Dallas situation, they’re saying they have some data that they’re going to publish. What Dallas is saying is that there is no evidence that they actually have it. They’re just saying that there are ways for the groups to prove it privately. They’ll say, ‘This is why we have, buddy, go look,’ and then you look, and you see, and you’re like, ‘Okay, well, we need to do something.’ And it’s much harder to deal with than simply having a good backup system. The only way to fix that one is to have a time machine, right? It is to go back to when the attack happened in the first place. So that’s why you talked with, you know, we talked earlier about DDI (Data Domain Integrity). It is one of the ways that you can have a good DDI system that can actually help on the front end of looking for and hunting down and stopping data exfiltration. I think that’s what companies and organizations need to do: to add this to the things they need to look for.

W. Curtis Preston: But, you know, I know that so many companies already aren’t doing the basics. There was an attack yesterday that I forget who it was, but in the story, it said that if they had enabled MFA (Multi-Factor Authentication), it would’ve stopped the attack. I just want to say, I get very frustrated. We’re talking about complicated things that we want people to go out and do, use DDI and other systems to look for data exfiltration, and they’re not even turning on MFA. You know, I don’t know, dude, do the simple things first. Do the simple things. Have a good password management system, have MFA. These things, you know, make sure you’re using a different password everywhere. All of those things. Do the basic things. Owen and patch management are crucial. Those are the top three. You do those three, and you’re gonna stop about 80% to 90% of the attacks. And then, if you’re serious, do these other things.

Stephen Foskett: Do the simple things. Control what you can control and try to prepare for the inevitable, which is that eventually these things are going to start or already are going to appear in your environment as well.


Stephen Foskett: Thanks so much for joining us for the Rundown this week. Curtis, it’s been great to have you on here. Before we go, where can people find more of your work and continue this conversation with you?

W. Curtis Preston: Well, if they want to hear me talk more, they can go to the Backup Central Restore It All podcast. We do a weekly podcast over there where Persona and I talk about things such as these. We talk about ransomware quite a bit. You may hear the term ‘321 rule’ come up once or twice. And also, if you want to follow me on Twitter, it’s @WCPreston. If you want to contact me, it’s W Curtis Preston at Gmail.

Stephen Foskett: Let’s take a look at some of the events that are going on this week and the week ahead. Next week, I will be in Boston for Cloud Field Day. I’m pretty excited about that one. Wednesday and Thursday, you’ll hear from Couchbase, HYCU, JetStream Software, Morpheus Data, RackN, and Zerto. So please do tune in on LinkedIn or the Tech Field Day website for those, or check out the recordings on YouTube after the event. We’re also headed to Cisco Live on June 6th and 7th. We have Cisco presenting, and of course, we’ve got a lot of Cisco content coming there as well as our friends from BackBox and OpenGear. And of course, we have a Security Field Event and Edge Field Event coming up as well. So stay tuned, and we’ll tell you more about those.

Stephen Foskett: Also, I would mention that this is a pretty busy week in the event schedule. Of course, you may have heard of Dell Tech World happening right now, or the Red Hat Summit, also ISC High Performance, and KubeCon. All of those things are happening this week, so check out your favorite sources for live updates from that, and we’ll bring the highlights from those events to the Rundown next week.

Stephen Foskett: Thanks for watching the Gestalt IT Rundown. You can catch new episodes every Wednesday as a YouTube video or in your favorite podcast application. We’ll be back next Wednesday to talk about all of the IT news from those events and more. But until then, for myself, for Curtis, for Tom Hollingsworth, and all of us here at the Gestalt IT family, have a great week, and we’ll see you next Wednesday.”

About the author

Stephen Foskett

Stephen Foskett is an active participant in the world of enterprise information technology, currently focusing on enterprise storage, server virtualization, networking, and cloud computing. He organizes the popular Tech Field Day event series for Gestalt IT and runs Foskett Services. A long-time voice in the storage industry, Stephen has authored numerous articles for industry publications, and is a popular presenter at industry events. He can be found online at TechFieldDay.com, blog.FoskettS.net, and on Twitter at @SFoskett.