Ransomware Locky Holds Your Data Hostage

Security,
05
Apr 2016

Computer virus.

Reports of a rise in ransomware trojans have seen further evidence in the form of ‘Locky’ which encrypts user data and demands payment to decrypt it.

Gathering data content, be it blog articles or customer databases, is a time consuming affair, so there’s a real sense of relief when it’s finally collated and finished. However, can you imagine how frustrating it would be to have this data suddenly encrypted by a third party? And how annoyed would you be if this third party then started demanding payment to release it?

You’d be VERY frustrated and VERY annoyed!

Locky – which is being distributed by infected MS Word files – is causing all manner of trouble to businesses at present, so it’s time you learned a little more about it to avoid getting a ransom note demanding $10,000!

What is Locky?

Ransomware does exactly what is says on the tin, it’s software which demands a ransom. Locky is a relatively new form of ransomware which, when activated, converts a long list of file extensions to a seemingly locked extension type named .locky e.g. a .jpeg extension will be converted to a .locky extension.

The problem is that the only way you can decrypt these .locky files is by purchasing a ‘decryption key’ online from the perpetrators. Now, you may be thinking that an online payment surely leaves a trail to the cyber criminals behind the ransom. Unfortunately, these hackers only accept payment through bitcoin – an untraceable online currency.

Ransoms as high as $17,000 are reported to have been paid to restore access to data, so it’s crucial you know what the warning signs of Locky are.

How Do You Get Infected By Locky?

virus-infected-word-file

Hackers are taking advantage of the ubiquity of Microsoft Office in our working lives to target victims with Locky. Emails are sent containing an MS Word attachment titled “Troj/DocDL-BCF” and the chaos it releases unfolds thusly:

  • Users open the file to discover it’s full of nonsensical text and symbols
  • A prompt encourages users to enable macros if “data encoding is incorrect” which, when presented with garbled text and symbols, would seem the right thing to do
  • If macros are enabled then this runs software which saves a file to the hard drive and then executes it
  • This file then downloads a final piece of software – Locky
  • Once Locky is downloaded to the system it starts scrambling files to the .locky extension
  • Locky then changes your desktop wallpaper to one of a ransom note detailing how to pay the decryption ransom

How to Protect Yourself From Locky

 virus-protection-services-melbourne-transit-data-about-us

Naturally, the best way to avoid getting infected with ransomware like Locky is to avoid all dubious email attachments.  However, there are a couple of other tips to help protect yourself:

  • Try installing Microsoft Office viewers which allow users to view documents without actually opening them in Office applications and prevents viruses from executing
  • Always install the latest updates for Microsoft Office to ensure any back doors are patched to keep your system protected

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Are Apple Computers Immune to Viruses?

Security, ,
29
Mar 2016

fva-630-skull-and-crossbones-computer-virus-hacking-credit-shutterstock-630w Compared to Windows PCs, Apple’s Mac computers have always been relatively virus free. However, a recent security attack has proved this is no longer true.

March 2016 saw a significant attack on Mac users which involved hijacking the Transmission BitTorrent app in order to deliver ransomware to its victims. It sounds like your stereotypical Windows attack, but why is it now happening to Macs? After all, the general consensus has been that they’re immune from viruses.

Seeing as Macs are very important to a huge number of businesses, I’m going to investigate this latest attack to analyze how it occurred and what it means for Mac users.

The Nature of the Mac Ransomware

computer-viruses

The unknown attackers used ransomware in their attack against Apple users and it’s a type of cyber-attack which is becoming increasingly popular. In this instance, the hackers were able to gain access to users’ systems through the Transmission BitTorrent app. This allowed the hackers to download malicious software onto the Macs. This software literally held the Mac users to ransom by encrypting their files and demanding $400 to release them.

How Did Apple’s Guard Drop?

For a very long time, Apple users were confident that Macs were safe from cyber-attacks. And for a long time this was generally true. This, however, wasn’t down to cutting edge security technology.

The truth is that hackers didn’t have much interest in targeting an Apple Mac. The reason for this is that Apple has a much smaller share of the market than Windows PCs. Why would a hacker want to spend their time writing software which could only target a small number of users?

This fact perhaps led to a sense of complacency on Apple’s part, so they weren’t expecting vulnerabilities in their operating system to be exploited so easily. Unfortunately, Apple’s Gatekeeper security software has, itself, been shown to contain numerous back doors through which hackers can cause chaos.

One of the main routes into Apple’s system is by tricking it to accept pre-approved developer certificates which have been faked. This allows users to download software which isn’t produced by who it says it is and, therefore, can’t be trusted. And this is exactly what happened with the Transmission BitTorrent app.

The Future for Apple Security

mac-shield

This recent attack is not the first security scandal to hit Apple. In 2014, there were around  10,000  – 70,000 attacks on Mac computers per month, but this rose dramatically in 2015 and is set to multiply significantly in 2016.

These figures are very startling for Apple, so it’s crucial that they take a look at Microsoft’s approach to internet security. Due to their dominance of the computer market, Microsoft has had to ensure their PCs are resistant to attacks. Steps taken have included:

  • Working with hackers to understand how they have attacked Windows
  • Offering cash rewards to anyone who finds new security flaws in Windows

It’s essential that Apple take a long hard look at their Gatekeeper software and evaluate how it can be improved. If they don’t they stand to alienate their customers if ransomware attacks continue.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Can Intel’s New Processor Increase PC Sales?

hardware,
22
Mar 2016

intel-logo

In response to a decline in PC sales, Intel has unveiled their new processor – 6th gen Core vPro – which promises to transform business computing.

PC sales fell by 10.6% during Q4 2015, so growth in the market appears to be slowing down. Naturally, this is the last thing that PC manufacturers want to hear, so will Intel’s new chip give the market a shot in the arm?

It’s an intriguing question and, to fully understand it, we need to take a look at why the market has slowed down and what Intel’s new processor can bring to the table.

Decrease in Sales

The number of new PCs sold in 2015 fell below 300 million and, whilst this sounds a huge amount, it’s actually the lowest number of yearly sales since 2008. Consumers, then, appear to be holding off on that glittering upgrade, but why is this?

Well, back in the early 00s, you could expect the cost of PC processors to fall every 18 months whilst the number of transistors would double – this was known as Moore’s law. The result was a cheaper, but more powerful processor. And businesses, keen to stay at the cutting edge of technology, were happy to upgrade to maintain an advantage over competitors.

However, as we’ll discover, Moore’s law has not remained constant and the speed increases are not what they once were.

Introducing the 6th Gen Core vPro

JL5l9pJ2g4zc.878x0.Z-Z96KYq

Intel’s latest processor hopes to offer businesses that little bit extra to convince them that an upgrade is necessary.

The question on most consumers’ lips – as ever – is “will this processor speed up our business operations?” and the answer is a resounding YES! However, although, the increase in speed is estimated to be around 2.5x faster, this is only when compared to a 2011 PC.

The increase in speed is relatively small compared to previous advancements in speed. Couple that with an increase in the cost of transistors and you can see why progress has slowed.

Speed has increased, though, and Intel’s new chip has plenty more to tempt businesses into parting with their cash.

Intel has also improved the efficiency of their conference connectivity software Intel Unite to provide smoother connections between the myriad of different adapters and connections. This will sound like an absolute dream for anyone who’s ever tried to set up video conferencing!

Also at the forefront of Intel’s sale pitch is their strong focus on security. We live in a world where the potential for cyber-attacks seems to increase by the day, so Intel is moving into hardware based security. Utilizing multi factor authentication, Intel Authenticate will aim to reduce current data security threats by around 25%.

And this will involve much more sophisticated methods than SMS authentication or old fashioned passwords. Intel is moving into the 21st century with fingerprint scanning and smartphone/PC proximity checks.

Will PC Sales Increase?

it_photo_151033

Intel is certainly putting all it’s got into making sure the 6th gen Core vPro succeeds and I think they’ve got a good chance of achieving this. The increase in speed – although smaller than is historically expected – will be a real boon for businesses as will the enhanced security in an unsecure landscape.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

T9000 Trojan Can Compromise Skype and PC Security

Security, ,
15
Mar 2016

skype-lockAside from when video connections drop out, is a useful piece of software for businesses. However, the T9000 trojan is compromising Skype’s security.

Skype is an amazingly innovative app which has helped make the world that little bit smaller and cost effective. The days of having to pay extortionate rates to call people on the other side of the globe are over. And you can even throw in video conferencing as an added bonus!

Unfortunately, hackers are also innovative and if they discover there’s even a minuscule opportunity to breach a piece of software they’ll pounce upon it. Researchers at Palo Alto Networks have discovered that this is exactly what is happening with Skype and the T9000 trojan.

As Skype is an essential business tool, it was crucial to look through what the T9000 is capable of and how to protect yourself.

The Hard Facts about the T9000

Virus Detected

The T9000 trojan is actually an upgrade of the T5000 trojan which was first spotted in 2013/14. The delivery route of the T9000 trojan appears to be through spear phishing emails in the form of infected Rich Text Format (RTF) files which contain exploits for Microsoft Office controls.

Once the malware contained within these RTF files is activated, the following processes take place:

  • The first step the malware takes is to check for the presence of the 24 most common security products e.g. Kaspersky, AVG and McAfee
  • The malware is then installed onto the system’s hard drive and performs a number of checks which allow the T9000 trojan to relay information about the user’s system to the control and command centre supporting the attack
  • Three plugins (tyeu.dat, vnkd.dat and qhnj.dat) are then decompressed and executed on the infected system
  • The tyeu.dat plugin is the one which will hijack Skype through a user prompt next time Skype is started

If this user prompt is authorized then the T9000 can begin spying on the user’s Skype sessions.  This allows the T9000 the perfect opportunity to steal screenshots, audio and video data from the infected system.

The vnkd.dat plugin also works away in the background with its main intent being to steal files from the hard drive or any removable devices. Finally, the qhnj.dat plugin gives the control and command center the opportunity to send commands to the infected computers and spy on any user activity.

Protecting yourself from the T9000

virus_protection

The T9000 trojan is a very sophisticated piece of malware which threatens the security of your system on a number of different levels. The key to avoiding infection, as ever, is to practice good security methods.

Training staff on the dangers of unknown and unusual attachments is paramount, but your staff are only human and mistakes will no doubt be made. The T9000, however, is not infallible, so if your business has professional network security in place the threat will be limited or stopped in its tracks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Malicious Emails Caused Power Outages

Security, ,
08
Mar 2016

email-threatsMalware causes many security concerns, but, just recently, hackers have been targeting the Ukraine’s electric distributors to bring havoc to power supplies.

Instead of merely targeting secure data such as financial and classified information, the authors behind the malware – known as Black Energy – are infiltrating the systems at leading energy suppliers to cause widespread disruption.

To better understand the serious risk that this can bring to a business, we decided to investigate exactly how the hackers are executing this attack.

What’s a Spear Phishing Email?

The malware attacks in the Ukraine have been carried out with the help of a spear phishing email, but what exactly is this?

Well, it’s pretty similar to your standard phishing email, but a little more sophisticated.

A spear phishing email attempts to deceive you by demonstrating a level of familiarity. For example, instead of starting with Dear Sir/Madam, it’s likely to use your actual name e.g. Dear Ben. And it’s also likely to make a reference, in some way, to an event in your life e.g. marriage, online purchase etc.

And where do they pull this information from? It’s pretty simple, social media sites and pretty much anywhere online where you may upload personal information.

By demonstrating some familiarity with yourself, the hacker is able to lower your defenses and increase their chances of extracting information and potential access to your system.

How Did Black Energy Gain Access?

Powerlines_2

The Black Energy malware attack involves a spear phishing email which contains a seemingly innocent Excel document. Once this document is opened, the recipient is advised to enable macros, but this is a big mistake!

Once the macros are enabled, the Trojan downloader loads up malware which is capable of executing files, keylogging secure data and taking screenshots. This backdoor into the infected system is operated through a Gmail account and contributes to the difficulty in tracing the hackers.

 

The Effect on Power Companies

Ukrainian power companies such as Prykarpattyaoblenergo and Kyivoblenergo have been attacked by Black Energy and suffered widespread disruption to their operations. The biggest impact of this has been the resulting outages in power for local regions.

Although it’s not been confirmed or denied, it’s unlikely that the Black Energy creators were actively involved in flicking the power switch off. It’s more likely that infected systems struggled to operate and are unable to boot correctly or freeze.

The cumulative effect of these symptoms is that the energy companies are unable to run their system as intended and things start to go wrong. In several cases, this has resulted in the reported power outages.

Obviously, energy is essential everyone in the surrounding community, so this threat is being taken very seriously.

Combating Spear Phishing Emails

fake-email

Spear phishing emails appear very genuine, but their deceptive power should not be underestimated as the Ukraine has learned. Business staff need to remain vigilant of all emails coming into their business in order to maintain security.

The authors behind Black Energy are yet to be identified, so the threat of them (and others like them) striking again remains a very real risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 6 7 8 9 10