Ransomware Is Evolving

Do you remember the WannaCry ransomware?

It ran rife about 18 months ago locking down an estimated 200,000 computers owned by giants such as Boeing, Renault, FedEx, and Telefónica.

The disaster could have been averted if the companies in question had applied patches. The interesting thing about WannaCry and the reason for its rapid spread is that it contained a worm component.

Despite news about it abating, WannaCry is still very much with us. In fact, according to a recent blog on BullGuard, 17% of ransomware attacks in Q3 of 2017 were due to WannaCry, and in Q3 of 2018, that number rose to 29%.

There’s a new malware in town

Many types of ransomware are opportunistic. Their modus operandi is a simple automation, like infected email attachments, sent to a vast number of potential victims.

However, a new kid on the block, SamSam, does things a bit differently.

This ransomware has been around for a while. However, according to BullGuard, a group of cyber fraudsters have used it to successfully extort $6 million over the past two and a half years.

Unlike other attacks, they’ve adopted a manual approach making it hard to detect and difficult to stop.

It’s unlikely to affect home users because the crooks are targeting large corporations in search of massive ransoms.

However, it does show that you can never be complacent when it comes to cyber protection. New ideas are always emerging along with new methods of attack. That’s why it’s essential you make sure a trusted cybersecurity product protects you and your data.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.

Source: BullGuard

Malware – There’s A New One In Town

A powerful malware is spreading through phishing campaigns using a Microsoft Word attachment.

It’s called Smoke Loader, and, according to Bullguard, has several components:

  • It can download browser plug-ins for Firefox, Internet Explorer, Chrome, Opera, QQ Browser browsers and Thunderbird and Outlook email clients
  • These plug-ins steal stored credentials, such as passwords, and also sensitive information transferred over a browser
  • The malware is injected into applications like TeamViewer, an application that allows users to remotely view others desktops

Although it’s been around for some years, it has become increasingly sophisticated.

Its creators have recently added anti-analysis techniques to make forensics difficult. As a result, it’s harder to trace the source of the servers. Plus new runtime AV scanners, tracing, and debugging features to confound researchers who try and find out more about it.

Keep your eyes peeled

The best way to guard against phishing campaigns, other than using good security software, is to be on your guard.

Phishing emails contain some form of bait message, such as an invoice, a parcel for collection or a PDF requiring downloading.

You can protect yourself by:

  • Casting a healthily suspicious eye on an unexpected email promising something
  • Questioning emails from apparently legitimate organisations with which you have had no dealing. Cybercrooks are good at mocking up emails that appear to be legitimate
  • Looking out for spelling or syntax errors; these are often clues that the email is not what it claims to be
  • Never revealing your personal information such as passwords, bank account numbers and card information even if the mail appears to be from your bank. If in doubt call your bank and speak to someone in the fraud department

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.

Source: Bullguard

Microsoft Adds Ransomware Protection To OneDrive

OneDrive ransomware protection

 

OneDrive Ransomware Protection

Here’s a scenario for you.

You know all about ransomware and how it can affect your computer. But did you realise it can also spread to your files stored in the cloud?

Microsoft does, which is why it’s creating some new OneDrive protections.

As a result, you can now ‘roll back’ the files stored in OneDrive to versions stored up to a month ago. This helps you get back to a point before the malware infection occurred.

Better still, it will use its automated threat-detection system. This figures out when the ransomware began infecting those files. You then get an alert, via your phone, so let you know that an infection has taken place.

What’s the catch?

You have to subscribe to Office 365, although the Outlook protections aren’t yet available to the Office 365 version of Outlook.

How does it work?

According to a recent article in PCWorld.com:

“What’s new is that Microsoft has adapted its Files Restore capability—previously only for OneDrive for Business—and brought it into Office 365 subscriptions for home users. Not only will Microsoft detect an attack, but you’ll be notified by any channels that Microsoft would normally use to send you messages: email, a popup notification, and more.

“Then, you’ll be able to enter OneDrive and essentially “roll back” to an earlier day. You’ll want to pick a day before Microsoft alerted you about the attack, naturally.

“Microsoft has also taken security within Outlook a step further: Now you can password-protect links to folders or files. That’s handy: Previously, there was really no real way to protect links to files or folders from being shared to anyone. Both the ransomware detection and link protections are available starting Thursday, Microsoft said.

“If you are concerned about those links being forwarded, Microsoft has begun to address that, too. In Outlook.com, you now have the option of encrypting a file or preventing it from being forwarded, or both simultaneously.”

 

 

 

Cross-platform Malware for Windows/Mac/Linux is Spreading via Facebook Messenger

 

Facebook messenger

Yes, something else for you to keep your eyes open for.

Watch out if you get a Facebook message that includes:

  • The recipient’s name
  • The word ‘video’
  • A shocked emoji followed by a shortened URL

Because the message comes from one of your friends, you could be fooled into clicking the link. If you do, the malicious link opens a Google document containing a blurry picture taken from your Facebook page that looks like a playable movie.

If you try to play the video, the malware will send you to one of a number of different websites, depending on your Web browser, operating system, location, and other factors. This site will then prompt you to install malicious software.

For example, you use Google Chrome; you’d be redirected to a fake YouTube channel, complete with the official logo and branding. You would then see a fake error message designed to trick you into downloading a malicious Chrome extension. Firefox users, however, are sent to a website displaying a

If you use Firefox, you will be sent to a website displaying a fake Flash update notice, which, once run, attempts to run a Windows executable to install adware. Finally, Safari users are taken to a similar site, customised for macOS, encouraging them to

If you use Safari, you will be taken to a similar site, customised for macOS, encouraging you to download a malicious .dmg file.

This type of malware is designed to track your browsing activity using cookies and display targeted adverts. But it can also use social engineering to trick you into clicking on them.

This malicious code is highly sophisticated and complex, and researchers suggest that the malicious links are being sent from real Messenger accounts compromised as a result of stolen passwords, hijacked browsers or clickjacking techniques.

What do they get out of it? Well, each click on the ads generates revenue for the malware authors.

How to protect yourself 

The simple answer is to use caution with any link received from a Facebook friend. For greater security, experts recommend having a trusted,

Of course, making sure you’re protected by trusted and up-to-date antivirus is a must.

As with all internet threats, stay vigilant; stay safe.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 

Source: Panda Security

Watch Out There’s a New Mac OS Ransomeware About

Mac OS ransomeware

 

Ransomware and the such like is not something Mac users have had to worry about too much. Seen as a ‘safer’ option than Windows machines, the Mac user has been happily using their devices, relatively trouble free, for quite some time.

But that’s changing.

According to Computerworld:

“A new file-encrypting ransomware program for Mac OS is being distributed through bit torrent websites, and users who fall victim to it won’t be able to recover their files – even if they pay. Crypto ransomware programs for Mac OS are rare. This is the second such threat found in the wild so far, and it’s a poorly designed one.”

The offending ransomware, dubbed OSX/Filecoder.E, was spotted by security firm ESET and was developed in Apple’s Swift programming language.

It works by pretending to be a cracking tool for commercial software such as Adobe Premiere Pro CC and Mircosoft Office for Mac. However, because of programming errors, and the lack of a developer certificate from Apple, it is often blocked by newer versions of Mac OS.

The biggest problem with this malware, according to Computerworld, is:

“It generates a single encryption key for all files and then stores the files in encrypted ZIP archives. However, the malware doesn’t appear to have any ability to communicate with an external server, so the encryption key is never sent to the attacker before being destroyed.”

Sadly, malware is never going to go away, and more and more cunning scams will be developed. The best advice we can offer is to remain vigilant and never click on or download anything that you’re unsure about.

We’re grateful to Computerworld and Spiceworks for this update so we can pass it on to you to help you and your data stay safe.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

New Scam – Beware of the Emailed Parking Ticket

Fake parking ticket

 

No one likes getting a parking ticket. They are one of life’s annoying things that tend to crop up when you least expect them.

What happens if you get one you weren’t expecting? Do you just pay up because it must have happened?

No.

The latest scam from internet fraudsters could see you paying a fine that doesn’t exist.

This phishing scam involves random emails with parking tickets. The email looks as though it comes from the UKPC, or UK Parking Control. You can’t miss them because they generally come with the headline: ‘Notice to Ticket Keeper’ or ‘Reminder to Ticket Keeper’.

This is followed by a bit of official looking text that claims a parking attendant has reason to believe that you parked on a client’s private land. It then gives you a bill complete with fake date, a fake reference number and a fake parking charge amount of £90.

Unlike other scams, this one looks very official and isn’t dotted with the usual tell-tale spelling mistakes. You can see what it looks like above.

If you click on the link that says ‘payment options and photos’ at the bottom you’ll either unleash a tonne of malware, or you could end up losing £90 to a non-existent fine. Or worse you could end up with both.

The beauty of this scheme (from the scammers’ point of view) is that it relies on the victim to provide the urgency. Most people follow up straight away and pay without asking any questions. However, before acting it’s worth doing a bit of simple checking.
It’s easy to check whether your fine is genuine. According to the UKPC’s official website, they do not send Parking Charges by email; so if you get one, send it straight to junk.

If you’re reading this too late and you’ve already had one of these emails, run a malware scan on your computer immediately.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Transcedit

Panda Security Warns of More Advanced Cyber Attacks in 2017

Cyber Ransomware

 

Cyber security continues to be a hot topic, and 2017 is unlikely to be any different.

Panda Security has done an interesting piece of work. They have looked at the most popular cyber attacks of last year and analysed their evolution to see what could be in store in 2017.

Here’s what they found.

Cybercrime

Cyber criminals are interested in one thing – finding the attacks that rake in the most profit and exploiting them to the max. Their increasingly effective tactics and professionalisation of their operations is what is allowing them to make quick and easy money in an efficient manner.

Ransomware

As mentioned, profit is the driving force behind cyber crime, which is why ransomware is a firm favourite. It is the simplest and most efficient way to achieve this. Victims of this hijacking malware face a decision; should they pay or not, to recover their data. Of course, it’s important to bear in mind that paying the ransom does not guarantee the total recovery of stolen data.

Companies

Attacks on large corporations are set to increase. The information stored by businesses is far more valuable to cyber criminals than that of private users, so it’s vital that companies remain vigilant.

Internet of Things (IoT)

Greater connectivity is a Godsend for cyber criminals. This technological revolution has led to the complete integration of smaller devices into the grid, which are converted into entryways into corporate networks.

DDoS Attacks

At the end of 2016, we saw the most powerful DDoS (Distributed Denial of Service) attacks in history. Carried out by bot networks, they relied on thousands of affected IoT devices (IP cameras, routers, etc.). This type of attack is likely to increase in 2017, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation about international relations can have enormous consequences in the field of cyber security. Governments will want access to more information (at a time when encryption is becoming more popular), and intelligence agencies will become more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

If you think this paints a bleak future, you could be right, but only if you fail to take precautions to protect your data. To put your mind at ease, get in touch, and we’ll talk you through your options to make sure you have a trouble free future.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

 

Protect Your PC Against Ransomware for Free

Ransomware

 

Ransomware is a nasty type of malware that encrypts your business or personal files on your hard drive and then demands money. Once the user pays the ransom, the malware usually assists with the decryption process.

The effects can be devastating both for you personally and your business, which is why we wanted to draw your attention to a free piece of software that could bring the protection against ransomware you’ve been looking for.

Cybereason’s RansomFree is a free desktop program for Windows 7 and up. It uses behavioural analysis instead of regularly updates malware definitions to protect your machine. By analysing all the ransomware it could find, Cybereason identified common characteristics for which its program monitors your system.

If it spots any, that program is flagged for review and the program suspends any activity it thinks is suspicious.

The program is easy to download (from Cybereason’s website – follow the link above) and will alert you that the program has placed some specially constructed files on your system that help RansomFree do its job. It then sits quietly in the background until it is needed.

How to protect yourself from ransomware

Other than using software such as RansomFree, you should also:

  • Regularly back up your files and make sure they can be restored
  • Keep your operating system and programs up-to-date
  • Disable Java and Flash when possible
  • Avoid downloading programs or files from dodgy websites
  • Never open an attachment from suspicious emails

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

What do You Know About BlackShades Malware?

A recent report by the BBC announced that 16 men have been arrested in the UK as part of a worldwide crackdown on a malicious computer program.

The BlackShades malware remotely controls computers and webcams and is though to have infected more than 500,000 computers since 2010.

The operation, coordinated by the FBI, discovered that about 200,000 usernames and passwords of victims across the world may have been taken by UK users of BlackShades.

What does BlackShades do?

The software infects computers when people click on external links on social networking sites and in emails that pretend to lead to pictures, videos or other items of interest.

Once installed, criminals can use the software to capture personal information, or take photographs of computer users, which may be used to blackmail them.

It also allows users to take control of a computer secretly and encrypt its data, which is only released on payment of a ransom.

In a press release from Preet Bharara, US Attorney for the Southern District of New York, BlackShades was described as:

…A frightening form of cybercrime…with capabilities that are sophisticated and its invasiveness breathtaking…[It] has enables anyone anywhere in the world to instantly become a dangerous cyber-criminal able to steel your property and invade your privacy.

For more information about this, you can read the full story here.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Beware the Bogus Flash Player Download

Installing software should be a simple and risk-free activity, but you know that’s not the case. If it were, you wouldn’t be reading this.

A lot of software installers include various options making it confusing as to what you need and don’t need. My best advice is to always go for the custom installation option so you can deselect anything that’s not familiar to you. Of course, hopefully it goes without saying that you should never install software you don’t fully trust.

Anyway, getting back to the point – have you seen a prompt recently that tells you to “Please install Flash Player Update (Recommended)”? They look like this:

Bogus Flash Player

 

It doesn’t matter which web browser you use, these little suckers will still pop up if you land on a website that’s either malicious, or legitimate but compromised. If you do see one, there’s a chance your computer may be infected with adware or other potentially unwanted programmes.

What does it do?

Well, their sole purpose it to make money. They generate web traffic and collect sales leads for other dodgy sites by displaying advertisements and sponsored links in your web browser.

If you click on the download link or install button, rather than installing an update you’re agreeing to download an adware or malicious programme into your computer. This could leave you with unwanted things like toolbars (e.g. Sweet-Page, AwesomeHP), adware (e.g. EnhanceTronic, Feven 1.8, CouponBuddy) or other forms of malware.

So remember,

  • Only download software you trust
  • Always go for the custom installation
  • If in doubt don’t click!
MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.