Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

This episode examines a sophisticated ArcGIS hack that remained undetected for 12 months. The threat group Flax Typhoon compromised an ArcGIS server by exploiting weak credentials and deploying a malicious Java extension that functioned as a web shell. The attack highlights critical failures in traditional security approaches: the malware was backed up along with legitimate data, signature-based detection tools completely missed the custom code, and the lack of multi-factor authentication made the initial breach possible. Curtis and Prasanna discuss why behavioral detection is now mandatory, how password length trumps complexity, and the importance of cyber hygiene practices like regular system audits and extension management. They also cover ReliaQuest's recommendations for preventing similar attacks, including automated response playbooks and monitoring for anomalous behavior. If you're running public-facing applications or managing any IT infrastructure, this episode provides actionable lessons you can't afford to ignore.

https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise

Deepfake attacks are exploding, and your company is probably not ready. In this episode of The Backup Wrap-up, we dive into how cybercriminals are using AI to clone voices and create fake videos to authorize fraudulent wire transfers and reset credentials. With nearly 50% of businesses already experiencing deepfake attacks, this isn't a future problem – it's happening right now. We break down the two main attack vectors: authorization fraud (where fake CEOs trick employees into wiring money) and credential theft (where attackers reset passwords and MFA tokens). More importantly, we give you actionable defense strategies: multi-channel verification protocols, callback procedures for sensitive transactions, employee training programs, and break-glass scenarios. You'll learn what not to rely on (spoiler: caller ID is worthless) and why policy and procedure matter more than technology alone. This is a must-listen for anyone responsible for security or financial controls.

When cyber attack notification goes wrong, companies face a disaster worse than the original breach. This episode dives deep into the critical mistakes organizations make when communicating about security incidents - and why transparency beats secrecy every time.

We examine real-world failures like LastPass and Rackspace, where poor communication strategies amplified the damage from their cyber attacks. From legal requirements in California and GDPR to the new one-hour notification rules in China, we cover what regulations demand and why going beyond compliance makes business sense.

Learn how to create effective status pages, manage customer expectations during recovery, and avoid the death-by-a-thousand-cuts approach that destroys trust. We share practical strategies for early and frequent communication that can actually strengthen customer relationships during crisis situations.

Insider threats represent one of the most dangerous cybersecurity risks facing organizations today - and they're way more common than you think. In this episode of The Backup Wrap-up, we explore the three main types of insider threats: compromised employees who get extorted or have their credentials stolen, disgruntled workers who want revenge after getting fired, and outside attackers who infiltrate your company to become malicious insiders. We break down real-world scenarios and discuss how to protect against them using least privilege principles, monitoring systems, and immutable backups. You'll learn why 31% of insider threat incidents could have been prevented if someone had spoken up, and why immutable backups are your last line of defense when an insider goes rogue. This is a must-listen for anyone responsible for data protection and cybersecurity.

Advanced persistent threats represent one of the most dangerous cyber security challenges facing organizations today. These long-term, stealthy attacks allow hackers to maintain undetected access to networks for extended periods. In this episode, we analyze multiple APT scenarios from Mr. Robot, including the Evil Corp hack, Ollie's compromised laptop, and the Dark Army's infiltration of Allsafe. We explore how threat actors establish footholds, maintain persistence, and operate across different network segments. From raspberry pi devices hidden in executive washrooms to compromised thermostats communicating with other facilities, we examine the various ways APTs can manifest. Our discussion covers detection methods, the importance of monitoring new devices, and why proper incident response goes far beyond simple malware scans. Learn the red flags to watch for and why machine learning tools are becoming critical for identifying suspicious network behavior.

This episode of The Backup Wrap-up examines cybersecurity situational awareness through the lens of Mr. Robot's prison break episode. Curtis and Prasanna analyze the technical accuracy of USB stick attacks, Bluetooth car hacking, and social engineering tactics. The hosts discuss real-world defenses including USB port management, network segmentation, and employee training. They explore WPA2 encryption vulnerabilities and why upgrading to WPA3 matters for wireless security. The conversation covers practical cybersecurity situational awareness lessons, from recognizing physical security threats to monitoring network traffic patterns. Curtis shares war stories about malware-infected conference USB sticks, and both hosts examine how poor cybersecurity situational awareness enabled the fictional attacks. This episode provides actionable insights for IT professionals looking to strengthen their organization's security posture against USB-based threats, Bluetooth exploits, and social engineering campaigns.

Learn the ins and outs of honeypot server deployment and management in this episode of The Backup Wrap-up. We break down the cybersecurity concept using examples from Mr. Robot episodes 1.6 and 1.7, showing how these deceptive systems can catch both external attackers and insider threats.

A honeypot server works by creating an enticing target that looks valuable but contains no real business data. The key is making it accessible through common exploits and monitoring every access attempt. Curtis and Prasanna discuss real-world implementation strategies, from naming conventions to network placement, and explain why the honeypot only works if attackers don't know it exists. They also cover the critical importance of remote log storage for forensic analysis and how these systems can reveal attack patterns and entry points during incident response.

Privilege escalation attacks represent one of the most dangerous cybersecurity threats facing organizations today. In this episode of The Backup Wrap-Up, we analyze how threat actors use initial access to gain higher privileges and compromise entire networks. Through examples from Mr. Robot, we explore both vertical privilege escalation (exploiting vulnerabilities for admin access) and horizontal attacks (spreading through shared systems). Learn why backup administrators often become prime targets for privilege escalation and how proper security controls can prevent these attacks. We discuss real-world cases including the Target breach via HVAC systems and recent ransomware campaigns using social engineering for privilege escalation. Discover how IoT devices create attack vectors, why physical security remains crucial, and how immutable backups protect against privilege escalation attempts. Perfect for IT professionals seeking to understand and defend against these sophisticated attack methods.

Mentioned in the episode:

https://www.backupwrapup.com/tape-drive-designer-schools-mr-backup-on-tape/

https://www.backupwrapup.com/red-team-cyber-security-strategies/

Pre-order Learning Ransomware Response & Recovery: https://www.amazon.com/Learning-Ransomware-Response-Recovery-Stopping/dp/1098169581

This episode examines cybersecurity in the workplace through the lens of Mr. Robot's "Exploits" episode, where social engineering takes center stage. Curtis Preston and Prasanna break down how Elliot infiltrates Steel Mountain data center using badge cloning, psychological manipulation, and fake identities.

The hosts analyze real-world implications of these attacks, from coffee shop badge theft to exploiting lonely employees. They discuss critical gaps in physical security protocols and explain why cybersecurity in the workplace fails when organizations rely on single points of security. Key topics include visitor badge systems, tailgating prevention, security camera monitoring, and building a culture where employees feel empowered to challenge unauthorized access. The episode reveals how most workplace breaches happen through human exploitation rather than technical hacking, making employee training and robust security protocols critical for protecting sensitive data and systems.