...or else. No, I haven't been hacked. Yes, I'm in my right mind. I know this makes no logical sense. That is until you realize that hackers and bad actors don't work logically...they work orthogonally; coming at you sideways from your blindspots.

Hi. I'm Jon Fedor and this is InCyber Regular, edition 13. (I'm probably the only one who cares about this "edition counter", right? I guess a guy's gotta have one vanity metric.)

At InCyber I talk about cyber-related issues and security-awareness for smaller enterprises, the cyber-curious, and the security-conscious. That's a lot of hyphens. I'm trying to write Matrix code so you can stop security bullets like Neo.

Today: what the heck is up with Russian keyboards and the Colonial Oil pipeline?!

Ransomware

I don't know who said it first but the advice is sound: if you're not asking what cyber security event can end our business within days, you need to be.

Strange twist to this conventional wisdom: ransomware as a service (RWaaS).

Along comes a spider and sits down beside ya and says, "hand me a buttload of money." The difference between this fairytale and DarkSide (the RWaaS organization that hacked Colonial Oil) is that they want you to stay in business. Because let's face it: you could be a target again in the future. You paid them once - you'd pay them again, right?

Security journalist extraordinaire, Brian Krebs wrote a deep dive (I can't believe I just said that) on DarkSide here. It's really good so click over and read if you're curious.

But there's something else from Brian that we all need to know about.

And he TWEETED it.

Yes, once again, I love Twitter.

Russian keyboards

Turns out that ransomware as a service (RWaaS) programs don't tend to infect computers with Cyrillic-language keyboards installed on the machine.

You read that right. One great way to camouflage your machine from attacks is to install a stupid Russian keyboard on your OS.

More from Brian in his tweets:

If you're asking yourself why this hack works, you're not alone. Interesting theories on this here:

Classic: 'feel free to lay waste as long as you don't hurt me or my family or community.'

Thing is, if it works, it works. Like I said above, it makes no logical sense. That's because hackers and bad actors don't work logically. They wouldn't be good at what they do if they worked in alignment with innocent-bystander logic.

Bad actors work orthogonally; coming at you sideways from your blindspots.

Seriously, though, this has to be one of most bass aackwards hacks EVER.

That said, brb, I'm going to install that keyboard.

What a weird day...

I didn't think I was going to be writing about installing Russian keyboards today. But it turns out there are tons of ways to secure yourself against digital threats. Like way more than the millions of molecules of pollen filling your nose and lungs.

And really, that's what I'm trying to do here at InCyber: sling you some Claritin so you can Zyrtec your way to minimal security allergy symptoms.

If you ever have other questions or topics I need to cover or that you'd like to learn about just let me know. Hit reply. <3

Thanks!

I love writing this thing for y'all and I want to keep doing it. And I want it to get better weekly. So let's make it happen already.

Have a good'un, Good Lookin'.

~Jon Allergy-Analogies Fedor