Request Information

Request Information

or Call 1.877.459.4347

Ransomware is Dead – 15 Minute Podcast

In this webinar we’ll discuss the following:

  • Update on the Ransomware Epidemic
  • Security Challenges
  • Where Cloud Solutions fit for Best Practices
  • Ransomeware Case Studies

Listen to the podcast:


Hi, this is Bob Healey executive vice president with Evolve IP and thank you for joining our webinar series ransomware is dead why recovery is the best prevention. In the presentation we’re going to discuss an update on the ransomware epidemic, we’re going to talk about security challenges, we’re going to discuss where cloud solutions fit for best practices, and then we’ll also review some use cases.

For the bad guys unfortunately ransomware is A an easy business to get into, B provides immediate payout, and C offers an ongoing revenue stream. For the purpose of today’s discussion we’re going to assume there’s familiarity with the Deep Web and maybe even with the dark web. Right so you have the visible surface web where most activity happens on the World Wide Web, but then you also have the Deep Web right, the Deep Web is estimated to be about times larger than the visible surface web. Within the Deep Web though is the dark web, which is the portion of the Deep Web where a lot of criminal activity happens anonymously and the dark web in May of was added to the dictionary in some ways providing some validity to its reality.

Some quick facts about ransomware rates are Gartner estimates about two and a half million successful ransomware attacks last year. They also estimate that the frequency will double over the next few years. Trend Micro surveys that 53 percent of companies have been a victim. It’s even higher in the healthcare industry and 60 percent of those surveyed say that employees are their biggest risk. That’s a theme that we’re going to reiterate and hear more about as this presentation moves on and last year there was over a billion dollars of payments made.

We conducted a very comprehensive study in the healthcare industry with a firm called ID agent and what they do is they monitor the deep dark web for email vulnerabilities and credentials available for sale by the bad guys. What we found was of all the vulnerabilities and credentials for sale 76 percent of them had passwords associated with them. In a separate study ID agent also found that 75 percent of people will either recycle or use a variation of the same password across multiple systems and multiple websites. So with all the credentials for sale on the deep dark web very often passwords are associated with them and people use the same or similar passwords across multiple systems.

Another study was conducted by an organization digital citizen’s alliance and it was focused on the .edu domains and what they found was there was over 14 million credentials available on the dark web. Right and they published the domains and how many compromised or vulnerabilities that were there. So the key point here is this information is not secret it is out there and available by the bad guys.

If you remember back to LinkedIn announced a data breach 6 and a half million encrypted passwords were posted and then four years later there was an announcement of an additional 117 million vulnerabilities that were posted. Now though those passwords may have been encrypted there’s publicly available websites that allow you to de encrypt passwords and often these encryption keys become available years after the original vulnerability and coming from their blog when all this happened you know they stated you see that last bullet point there. They began to invalidate that had not been updated or changed since that breach. So what you see here is a pattern people are the biggest area of susceptibility, passwords are available for sale, and people use similar passwords across multiple sites.

If you go back to the last slide just for a moment right so there was a breach on a social site, people use very similar passwords or recycle their passwords, and then with the very guys do is ages run algorithms at the speed of light in order to try and gain access to different systems with different networks. So no wonder that compromised credentials was the number one area of data breach in 2015. So how do you stop someone with valid, but stolen credentials from getting into your network? All right, so the overarching question is really can you can you prevent ransomware?

We’ve talked a lot about people being the biggest area susceptibility right and human error comes into play as well right. Phishing scams they play on people’s inherent flaws right so everyone’s familiar with the with a Google email that the Google Docs scam most recently right. The dark web was being discussed on broadcast news right and you know during the election season last year you know there’s a lot of news reporting that the DNC hack was not a very sophisticated measure rather it was simply a phishing scam right. So employees and people are your largest area of susceptibility and scams unfortunately are everywhere in life.

We’ve talked a lot about the theme of people being susceptible in this presentation right and some of the quotes that you see here reiterate that right. So half of all breaches are the result of insecure employee behavior, even trained staff close to a third of them will open a fished email within an hour right and the bad guys are targeting smaller, and smaller companies because they’re less sophisticated. According to the former FBI Director Robert Mueller everyone will be hacked at some point.

We talked about on an earlier slide in the presentation how the number of ransomware attacks are expected to double over the next few years’ right and if you think about the high volume of vulnerabilities and credentials that are available. If you think about the high percent of people that use similar passwords across multiple sites, no wonder ransomware is going to double and it’s exponentially increased over the last few years’ right. It’s very difficult to keep ransomware out of your network when bad guys have what looks to be valid credentials.

So we used a phrase no broken glass found right so it’s very easy to detect when someone breaks your window on your door and tries to come into your house right, but when someone seems like they have valid credentials that’s very difficult to prevent right. Stolen credentials are the easiest path in, people are your biggest risk, and attacks are doubling and they’re targeting smaller firms right. So can you truly prevent ransomware or an attack that is the question? Can you?

Earlier we showed a quote from the FBI, which in essence said everybody will be hacked at some point right. The other things that the FBI says you know as a best practice for protection are you need to back your data up regularly. You need to frequently verify the integrity of those backups, you need to secure those backups, but most importantly you need to isolate those backups from the computers and the networks in which they protect. That’s the key, you need to have isolation so you can recover when ransomware or other attacks happen.

So following through a net theme from the FBI right in addition to what they say you obviously need to have proactive threat intelligence. Active security management is critical right, but most important you need to have a very strong reactive posture, you need to be able to recover right. So you need to have the secure off-site backup and replicated data, you need to have the ability to recover that data from multiple points in time, and you need to have a plan that guarantees you continuity right. That’s because nobody can 100% prevent ransomware 100 percent of the time. We need to be able to recover from it.

As part of that strong reactive posture right we have this continuum that you see on the slide here right so as you work left to right what you end up with is the more you are moving your data both backup and replication off-site into a cloud with recoverable servers the more you are increasing your survivability and the more recover ability that you have. If you think about that prior so I write the more you move from left to right the more recover ability and survivability that you had right. At the end of the day that’s what’s most important. Can I recover and can my users access to data right. So the more you need to have that window be less than four hours like that recovery time objective is less than four hours the more you need to have the right side of that continuum with services that are backed up and replicated in a cloud off of your premises with recoverable servers that are easily accessible by your users.

So again let’s talk about best practices right. So you need to have in production data center backups, a copy of those backups off-site at an ultimate data center cloud or not, replication of your data in an off-site location, and have multiple points of recovery because you may need to go back two to three days to find the right point in time that you have to recover from right a clean copy of your data. You also need to have recoverable servers available to you in that off-site data center and if complying to the consideration you need to ensure that that data center whether it’s cloud or premises based has compliance consideration and most important your users need to have the ability to access those servers right. So when you do all of this, you truly do make recovering from ransomware or other attacks human error or infrastructure failures a very manageable event and in essence make ransomware dead.

This slide here is a pictorial view of what we talked about in the last slide as far as that best practices right. So top right hand corner would be your primary data center and in the bottom that you see there is office users and remote access. Now that primary data center might be in your headquarters, but for pictorial purposes its off-site there right. So you have your production servers on you’re your primary data center, you have the storage obviously, and then in data center backup for quick file restores. What you then need to do is make sure you have a copy of those backups in an off-site location, potentially a cloud environment, along with replication that data and again most important is recoverable servers in that environment, along with the ability to access those servers right. That work needs to be done before an incident happens.

Okay, so let’s talk about a few use cases here right. So a ransom or attack where ransomware is alive right. So you know very ancillary attack happens in environment with a combination tape and low-end cloud backup, but no cloud or off-site server infrastructure to recover to right. In that scenario you know the customer was able to restore their files on their premises five, six files at a time and it took them about seven days to be partially operational and 14 days before they were fully operational. All right so now the real question is, is that acceptable? Is that an appropriate means of recovery seven days for partial in two weeks for full?

This next situation looks at a scenario where half of the data was just as we described earlier in a presentation right and the other half was very similar to what was on the last slide there right. So when there was a corruption of the sand, which caused him to lose access to her data it within two hours the data that was replicated and available on recoverable servers in the cloud was accessible to the end users, the remainder of the data was only 75 percent restored after two weeks. So again, if you think about the last two scenarios the data that was replicated and backed up in the cloud with servers available to recover – is almost instantly available to the end users.

This third scenario here was a compromised via an email account, which we’ve talked about several times – about people being the biggest area of vulnerability right and all of the data was as we discussed replicated in the cloud with available service to recover – right. In that scenario though the customer is able to restore all other data within ninety minutes and they were able to find the most appropriate point in time to recover – right. So there’s maximum data recovery with minimal business interruption and end-users were able to access the data within an hour and a half.

In summary let’s just talk about a few of the themes that we discussed here in the presentation right. So people are our biggest area of susceptibility, credentials are available, and we cannot 100 percent of the time prevent ransomware right. So we need to have a proactive threat intelligence we need to actively manage that security, but we need to have a very strong reactive posture, we need to be able to recover. No broken glass found right. How do you stop someone with what looks like valid credentials from entering your network? Ransomware is dead, it is a very manageable event when your data is easily recoverable from multiple points in time and your users can access it in very short order. Thank you for joining our webinar today this is Bobby Healey with Evolve IP.

Recommended For You
The Evolve IP Compliance CloudTM

Compliance is a way to do business … not an afterthought when clients need it.

At Evolve IP we have a dedicated compliance and security practice and work with two of the world’s top 3rd-party compliance auditors, Grant Thornton and Ernst & Young, to enable customers to extend their compliance to our fully audited cloud. This focus allows us to deliver the documentation and assurances that other’s simply cannot including HIPAA / HITRUST, PCI-DSS (all 12 sections), SOC 2/3 and more. The Compliance CloudTM includes true client isolation, encryption in transit and at rest, private VLANs, firewalls and dozens of other security measures.

What Our Clients Say
  • "Yesterday was, perhaps, my busiest day of client interaction either by phone or email since I have been a PM, and I don’t think any of my clients knew I was working from home unless I told them. I was also able to do trades behind the scene and interact with my team. So, for me, the technology has been working great. As an old guy, I am constantly dazzled by technology in general, but being able to do this stuff from home is amazing!"

    James C. Hunter, CFA, CFP, AIF, Senior Portfolio Manager, Principal

  • "Hey, IT people, As I’m working away in my home office, I just wanted to say thanks to you for all you’re doing, and have done in the past, to make it possible for us to run our company virtually. Not many of us JICers have jobs that everyone in the firm sees and could stop us from doing business. But you have this job, and do it well. Thank you for having the foresight and wisdom to get us in a position to succeed in a pandemic! You’re awesome."

    Michael D. Barnes, Esq., CTFA President, Principal

  • “That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!”

    - Ken Schultz, CIO Ogletree Deakins

    Watch Testimonial

  • "The people that Evolve IP are more personable; you don't feel like there's necessarily a script when you're talking with them, they’re easy to understand, quick to get a hold of, and they follow through on what they say they're going to do."

    Watch Testimonial

  • "Evolve IP has been a vendor partner that has grown with us, that has helped us, and that you know stands by us and stands by their word."

    Watch Testimonial

What the Experts Think

Our analyst-acclaimed solutions are built on a world-class, compliant architecture that leverages the blue-chip technologies organizations already know and trust.


We deploy best-of-breed solutions including: Disaster Recovery, Contact Center, Unified Communications, DaaS, IaaS. Our services are analyst-acclaimed, vendor-validated, client recommended and award-winning.


Evolve IP is proud to have achieved the honor of being HITRUST CSF certified! Certification to the HITRUST Common Security Framework (CSF) affirms that all of Evolve IP’s cloud computing and cloud communications services adhere to the strictest security standards for electronic protected health information (PHI). The HITRUST security standard was developed by and for the healthcare industry as a means of going above and beyond the compliance requirements of HIPAA.

The HITRUST Common Security Framework (CSF) was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. The HITRUST CSF was developed by healthcare and IT professionals to provide an efficient and prescriptive framework for managing the security requirements inherent in HIPAA. HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. An important part of the “What is HITRUST” answer is understanding that the CSF is risk-based and compliance-based so that organizations can tailor the security control baselines and vendor management programs that they follow based on their specific organization type, size, systems, and regulatory requirements.


The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.

The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls.

SSAW 16 Service Organization Control II (SOC 2)

Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.


While Forbes regularly features coverage and recognition about Evolve IP, they've most recently recognized Evolve IP as being the "Best Cloud Computing Companies And CEOs To Work For In 2017".  They've ranked Evolve IP in the Top 3 just behind Google and Microsoft in the Cloud Infrastructure classification.  (Feb 2017). Forbes  also recently recognizes Evolve IP for bringing Singer Equipment Corporation, a mainstream business based in PA, into the cloud by means of unified communication. (Sept  2017). Last year, Forbes recognized Evolve IP's survey of 1,080 executives citing that the number one reason to go to the cloud is the same reason that it is avoided. (Mar 2016).

Unified Communications Product of the Year

TMC and Internet Telephony Magazine have named Evolve IP’s unified communications platform as a 2017 Unified Communications Product of the Year Award winner. This marks the 6th time Evolve IP has been honored with this prestigious award and follows a series of product innovations that have allowed the company to rapidly expand its international coverage.

Evolve IP’s business collaboration tools and IP phone system dramatically improve employee productivity in the office and on the road with a Unified Communications as a Service (UCaaS) platform that fully integrates voice, video, instant messaging & presence (IM&P), desktop sharing, audio/web conferencing and more. The company also provides a sophisticated Web-based management portal, OSSmosis®, that allows administrators to easily configure system functions and quickly modify users without the need to reach out to a third party for changes.


Inc. magazine has recognized Evolve IP in the 34th annual Inc. 500|5000, an exclusive listing of the nation's fastest-growing private companies. The list will be unveiled in the September issue of Inc.

The story of this year's Inc. 5000 is the story of great leadership. In an incredibly competitive business landscape, it takes something extraordinary to take your company to the top," says Inc. President and Editor-In-Chief Eric Schurenberg. "You have to remember that the average company on the Inc. 5000 grew nearly six-fold since 2012. Business owners don't achieve that kind of success by accident.

Payment Card Industry Data Security Standard (PCI DSS)

Evolve IP has achieved Payment Card Industry (PCI) Data Security Standard (DSS) compliance covering all 12 sections of the PCI DSS. The PCI data security standard is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.


Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.

Deloitte’s Technology Fast 500TM

Evolve IP has been ranked for the second consecutive year on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America – both public and private. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2012 to 2015. The list is a veritable Who’s Who of technology that has included tech companies like Google, VMware and Facebook.

Technology Fast 500 provides a ranking of the fastest growing technology, life sciences, and energy the companies – both public and private – in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth during the period from 2012 – 2016.

Red Herring

Red Herring has named Evolve IP as one of the Top 100 Companies in North America.  Red Herring’s Top 100 recognizes the leading and most promising private companies from around the world. Among the over 20 criteria used to analyze companies for the award, Evolve IP was noted for its financial performance, technological innovation, customer footprint, the DNA of its founders and addressable market.

Red Herring selects the award winners for North America from approximately 1,200 privately financed companies each year in the US and Canada. Since 1996, Red Herring has kept tabs on these organizations and its editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype,, YouTube, Palo Alto Networks and eBay would change the way we live and work.


Evolve IP has been recognized as one of the “Best Entrepreneurial Companies in America” in Entrepreneur magazine’s Entrepreneur360™ Performance Index, a study involving a comprehensive analysis of private companies in America. Based on this study forged by Entrepreneur, Evolve IP is recognized as a company that exemplifies growth, not just in top and bottom line, but in sustainability and the ability to achieve lasting success.

According to Entrepreneur, after evaluating approximately 10,000 U.S. based firms, the team of editors and researchers behind the E360 Performance Index collected more than 250 pieces of data from the finalists, focusing on growth drivers and challenges, goal setting, resource allocations, and reward systems. The analysis uncovered a class of leading companies, including Evolve IP, whose continued success is largely based on superior value creation for their customers, building an adaptive learning culture, and aggressive geographic expansion—placing them amongst the most dynamic firms in America today.

Latest Press Releases

Evolve IP Named To The Gartner Magic Quadrant for Contact Center as a Service
November 16, 2020 / Evolve IP
Evolve IP today announced that Gartner has named it to the Magic Quadrant for Contact Center as a Service*. Evolve IP’s omnichannel offering, which runs 30-40% less than comparable...
Evolve IP Appoints Pete Stevenson as CEO and Randal Thompson as CRO to Drive Next Phase of Growth
October 16, 2020 / Evolve IP
Evolve IP, a leading global provider of Work Anywhere™ solutions, today announced that the Company’s Board of Directors has unanimously appointed board member Pete Stevenson as Chief Executive Officer....
Evolve IP Enhances Its Microsoft Teams and Cisco Voice Direct Routing Platform
September 22, 2020 / Evolve IP
Evolve IP announced that it has integrated SMS business messaging and voice recording with AI speech analytics into its Microsoft Teams direct routing platform.
Evolve IP Integrates Business Messaging Into Microsoft Teams; Enhances Microsoft’s Direct Routing Solution
September 17, 2020 / Evolve IP
Evolve IP® announced that it has launched a fully-integrated SMS / business messaging platform for its Microsoft Teams Direct Routing solution.
View More

Contact Us

or Call 1.877.459.4347