Plaintext with Rich
Cybersecurity is an everyone problem. So why does it always sound like it’s only for IT people?
Each week, Rich takes one topic, from phishing to ransomware to how your phone actually tracks you, and explains it in plain language in under ten minutes or less. No buzzwords. No condescension. Just the stuff you need to know to stay safer online, explained like you’re a smart person who never had anyone break it down properly. Because you are!
Plaintext with Rich
Ransomware Starts With Access And Ends With Leverage
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Your screens don’t go dark first they go quiet. We walk through how modern ransomware begins with access, not chaos, and why double extortion flipped the incentives: attackers steal sensitive data, then encrypt to amplify pressure. That shift turns incidents into business crises that touch legal, communications, customer trust, and sometimes survival.
We unpack the boring but true entry points phishing, password reuse, exposed remote access, lagging patches, and over-privileged vendors and show how patient operators stage data theft before any ransom note appears. You’ll hear how today’s crews operate like a supply chain, from initial access brokers to negotiators, and why understanding that structure helps you break the attack at practical seams. Then we lay out a plain text defense starter kit: immutable, tested backups; multi-factor authentication on what matters; urgent patching for internet-facing systems; reduced administrative sprawl; and network segmentation to limit blast radius.
When the worst happens, acting deliberately beats reacting emotionally. We share a concise incident playbook: isolate systems, preserve evidence, involve experienced responders and legal early, confirm what was accessed and exfiltrated, and communicate with verified facts. We also tackle the hard question should you pay? with honest trade-offs and a focus on building options before you ever face that decision. Finally, we clear away myths: small targets are still targets, antivirus isn’t a strategy, and backups don’t fix data leaks.
If this breakdown helps, subscribe, share it with someone who would benefit, and tell us what security topic you want next we read and respond to every message.
Is there a topic/term you want me to discuss next? Text me!!
You don't get locked out first. You get watched. Someone maps your systems quietly, copies your data quietly, waits until they're sure you can't avoid the conversation. And only then do the screens go dark. Not to get your attention, but to force a decision. Welcome to Plain Text with Rich. Today we're breaking down ransomware and something that changed the stakes completely, double extortion. Let's start by grounding the word itself. Ransomware in plain text is when attackers break into a system, lock the data so you can't use it, and demand something to unlock it. Money, Bitcoin, something, right? That's the original model. Access held hostage. But that description is now incomplete because modern ransomware rarely starts with encryption. It starts with access. And it rarely ends with files being locked. It ends with leverage. That shift is what makes this topic actually matter. Early ransomware was blunt. Encrypt fast, demand payment, hope the victim didn't have backups. Today's ransomware operations behave differently. They move slowly at first. They steal credentials, they explore systems, they figure out what matters most. Then they copy the data. Only after that do they trigger some type of encryption. But why? Because encryption can be undone with backups. Stolen data can't. And that's where double extortion comes into play. Now, double extortion means the attacker applies pressure in two directions at once. They first come at you, hey, pay us, or you don't get your systems back. And then secondly, pay us or we publish what we already took. Or even worse, in now cases, they report you to regulatory bodies. And this is things like customer data, contracts, emails, HR files, source code. Sometimes they add more pressure. Again, contacting customers directly, notifying partners, posting samples publicly to prove they're serious. At that point, ransomware stops being a technical problem and it becomes an operational crisis. It can be a potential legal problem, a communications problem, and sometimes a business survival problem. So how does an organization end up here? Well, not through one magical exploit, I can tell you that. Ransomware succeeds because access paths pile up. The most common entry points as most things are boring. Phishing that steals credentials, passwords reused from old breaches, remote access exposed to the internet without strong authentication, VPNs and appliances that weren't patched quickly, third-party vendors that had broader access than they needed. Notice the pattern. Ransomware isn't about brilliance, it's about patience. Attackers try doors until one opens. And once they're in, they don't rush. They escalate privileges, they disable defenses, they look for backups because the leading backups before encryption increases their leverage. That's why modern ransomware crews operate like actual businesses. Different groups specialize in different steps. Some focus on the initial access, some build the malware, some negotiate, some handle payments. It's not chaos. It's honestly a supply chain crime. Which brings us to the most important question: what actually helps us here? Not fear, not perfection, you bet it's design. Here's our plaintext ransomware starter kit, right? I'd say ordered by impact. Again, I would focus on these. First, backups that attackers can't touch. Three copies of critical data, two different storage types, one copy offline, or immutable. Immutable simply means it cannot be altered or edited. And test restorers. Untested backups are a story that you tell yourself. You don't want those. You never want to rely on hope. Second, as always, multi-factor authentication on everything that actually matters. Again, email, remote access, admin accounts. Stolen passwords should not be enough to simply walk into your network. Third, patch internet-facing systems fast, your VPNs, remote access tools, firewalls, email gateways. These are your front doors. They don't get eventually, they get right now. Fourth, reduce administrative sprawl. Not everyone needs admin rights. Most people need them never. One compromised admin account should not equal total control. Fifth, segment our networks. Ransomware spreads laterally. If one machine can see everything, well then one infection can hit everything. Segmentation limits our blast radius. Those five steps alone eliminate a massive percentage of real-world ransomware cases. As always, if you can go further, I would throw these on you. Endpoint detection to spot abnormal behavior early, credential hygiene with password managers, and separate admin accounts, monitoring for unusual logins and privilege changes, and a simple incident response plan. Not a binder, page or two. Who decides? Who calls legal? Who talks to customers? Who shuts systems down? You don't want to invent this during an attack. Now let's talk about the moment nobody wants. What do you do during a ransomware incident? Hey, plain text, act deliberately, not emotionally. Isolate affected systems quickly to stop spread. Preserve evidence so you can understand what happened. Bring in experienced responders early. Determine what was accessed and what was taken. Communicate with one voice and verified facts. And yes, involve legal early. Data theft changes obligations. The question everyone asks comes next. Should we pay? And there is no universal answer here. Paying does not guarantee decryption. It does not guarantee silence. It can increase future targeting. But some organizations pay when they believe it's the least harmful option to protect people or keep essential services running. That's why preparation matters more than judgment calls. If your backups work, your access controls are strong, and your network is segmented, you're far less likely to face a payer collapse decision. The best ransomware negotiation is the one you never need. Let's try to clear up a few myths, shall we? Myth number one, we're too small to be targeted. The reality, small organizations are targeted constantly because defenses are lighter. Myth number two, antivirus will stop ransomware. Hey, the reality behind this, ransomware is a campaign, not a file. Myth number three, backups solve everything. The reality there is backups handle encryption, not data leaks. Double extortion changed the rules here. All right, so that's not always the case. Now, tested backups do provide you a far greater defense. All right. So let's put this all in plain text for us. Ransomware today is about leverage, not locks. Double extortion adds reputational and potential legal pressure to technical disruption. Our good security design assumes attackers get in sometimes. The goal is to limit how far they go and how much damage they can cause. If you take one thing away from this episode, please take this away. Backups buy you recovery, access controls by prevention, segmentation buys containment, preparation buys options. That's how you reduce both the odds and the impact. Now, if there's a security topic that you want broken down in plain text, please send it my way. Email, DMs, comments, however you choose to reach out to me, I will read, I will respond to. If this episode helped, I would ask you to please share it with someone who'd actually benefit. This has been Plain Text with Rich. 10 minutes or less, one topic, no panic. I'll see you next time.