Ransomware Found Lurking in Skype Ads

Ransomware, ,
18
Jul 2017

skype-crossed-640x360Skype is a great tool for businesses to communicate with customers and partners, but now it appears that it’s being used as a delivery route for ransomware.

PC users who are using the Microsoft Skype App have reported that fake adverts have been appearing which contain a malicious payload in the form of ransomware. As per usual, this strain of ransomware locks the user’s computer, encrypts files and demands a ransom for unlocking the PC.

Ransomware is becoming increasingly more common and, as Skype is such an important communication tool, there’s a good chance that your business could find itself confronted with it. Therefore, I’m going to delve a little deeper into what’s behind this latest attack.

Skype Ransomware

ransomware-illustrationThe malicious adverts that have been appearing claim that a critical Flash update is required and offers a link to this ‘critical’ update. However, this advert – which appears on the Skype home screen – is actually a link to a HTML application that, although looking genuine, downloads a nasty dose of ransomware to your PC.

And it’s a particularly sneaky piece of ransomware as this malicious payload also runs a piece of code which deletes the downloaded application and then downloads a piece of JavaScript from a website which no longer exists. The domains being used are setup and then shut down almost instantly to prevent any form of registration fee being taken. It’s these seemingly odd processes which help to disguise the hacker’s activities and protect them from being detected by standard antivirus operations.

It’s believed that this new piece of ransomware is related to the Locky ransomware attack – which caused so much trouble in 2016 – as it shares a number of similarities such as utilizing JavaScript to shutdown computers and encrypt files without an additional app being used to execute this.

How to Tackle the Skype Ransomware

At present there is no solution to the Skype ransomware attack and Microsoft have only been able to offer the advice that users should refrain from clicking on unsolicited links. And, unfortunately, due to ransomware being so difficult to treat, prevention tends to be the best cure for ransomware.

There are, however, a few steps you can take to minimize the damage:

  • Ensure that your staff is educated to recognize what constitutes a piece of ransomware. This knowledge, though, can quickly expire if your staff isn’t regularly exposed to such attacks, so refresher courses are recommended to keep this knowledge fresh and provide updates on any changes in ransomware techniques.
  • If you fall victim to a ransomware attack then the first step you should take is to shut your network down as soon as possible. Going offline is the only way you can prevent the hacker from burrowing deep into your system and encrypting files.
  • Always back up your files so that, in the case of encryption, you still have access to your files and do not need to pay a ransom fee or invest valuable man power into tackling the attack. It’s recommended that these are backed up to physical media which has no connection to the internet.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Hackers Change Tactics with the Kirk Ransomware

Ransomware
11
Jul 2017

ransom-noteRansomware is regularly in the news, so we’re beginning to understand it more. However, a new form of ransomware is now changing the landscape.

Bitcoin has always been the preferred payment method for releasing encrypted files following an attack, but the newly detected Kirk ransomware is not interested in Bitcoin payments. Instead, it’s demanding its ransom through the relatively new cryptocurrency known as Monero.

Now, ransomware is a troublesome piece of malware at the best of times, so if the hackers behind these attacks are changing tactics then it’s important to be aware of what’s happening. And that’s why I’ve decided to take a closer look at the Kirk ransomware to help eliminate any confusion.

Understanding Kirk

18kwxnye6wxtljpg

Kirk ransomware is a piece of malicious code which appears to be going about its business in the normal manner. Researchers believe that its preferred method of attack is to impersonate the network stress tool Low Orbital Ion Cannon (LOIC). Once the ransomware has been activated, Kirk gets to work by encrypting the user’s files – it’s currently believed that it targets a total of 625 different file types.

The target is unaware of what’s happening as all that happens is that a message box pops up which mimics the LOIC company slogan of “Low Orbital Ion Cannon | When harpoons, air strikes and nukes fail | v1.0.1.0”. Meanwhile, the files are being encrypted as the victim carries on with their daily activities. However, a ransom note is soon deposited into the same folder as the ransomware; this note is then displayed in a window for the victim to learn that a number of their files have been encrypted with the .kirk filename.

The only way to decrypt the files is by paying the ransom payment to the hackers. This, it is hoped, will facilitate the purchase of the Spock decryptor – note the Star Trek reference – but researchers are yet to get their hands on this decryptor to evaluate its validity as a solution. Now, the interesting thing about Kirk is that it demands its payment in Monero which is causing a whole host of new problems.

Bitcoin is a notoriously difficult currency to lay your hands on, you can’t just go down to the bank and expect the teller to exchange your dollars for Bitcoins. Instead, you need special merchants to trade your dollars and this isn’t particularly cheap or easy. However, where Kirk differs is that it’s requesting payment from an even more obscure monetary source, so this has the potential to leave victims completely baffled.

Combatting Kirk

whatisransom

At present, the Kirk ransomware hasn’t been cracked and there is no known rescue for encrypted files aside from making the payment. Therefore, it’s crucial that you take the following steps to avoid falling victim to the Kirk ransomware:

  • Don’t activate untrusted macros that are embedded in Microsoft Office documents as this is how ransomware is usually activated.
  • The only way to truly know if an Office document is genuine is by opening it but, to minimize the risk, try installing a Microsoft Office viewer as this will allow you to view it without macros.
  • Provide annual training to your employees on malware and the many forms it can take. It’s a lack of knowledge which leads to people activating ransomware.
  • Maintain regular backups of your files as this gives you some breathing space (and saves you the cost of a ransom) if your files do become encrypted.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

6 Tips to Protect Yourself From Ransomware

Security,
30
Aug 2016

ransomware-expert-tips-featured Ransomware is a fairly new security risk, but one which is on the rise and it’s vital that you know how to protect your data from ransomware attacks.

I’ve covered ransomware attacks on this blog on a number of occasions and detailed the damage it can do to businesses. It’s a particularly nasty evolution for hacking and one which often leaves you no option but to pay the ransom to decrypt your data.

Obviously, no business wants to find itself in the position where it has to give in to the hackers’ demands, so prevention is the key. And to help you get your defenses more secure, I’m going to share 6 tips to protect yourself from ransomware.

Backup Your Data

backup_banner_resized

If your data becomes the victim of a ransomware attack then it may seem as though you have no option but to pay the attackers to release your data. However, the simplest way to reduce the damage in this instance is to ensure that your most crucial data is backed up offline. This can be as simple as backing up data to portable storage devices.

Create Strong Passwords

To cut hackers off early on in their ransomware attacks, it’s crucial that you ensure your systems are protected by strong passwords. Whilst you might think that no one is going to predict that you’ve used your mother’s maiden name, it’s relatively easy to hack this through brute force. To make this harder, you should add numbers and symbols to prevent the password being cracked.

Identify Suspicious Email Attachments

Shackleton-Phishing

The most common route for ransomware to infiltrate your systems is through seemingly harmless email attachments. And it’s important that your staff know what makes for a suspicious attachment.

In particular, emails which contain attachments from senders you don’t recognize should always be double checked. However, you need to be aware that people in your contacts list could be hacked and then used to distribute the ransomware, so vigilance is always important.

Disable Macros

Many ransomware attacks involve Microsoft Office documents which are loaded with malicious macros which allow backdoor access into networks. Thankfully, Office documents will always give you the option to enable or disable macros; if you suspect that anything about the Office document doesn’t seem right then disable the macros or, more simply, just close the document.

Install Patches ASAP!

Ransomware loves finding vulnerabilities in software and this underlines the importance of installing updates released by software publishers. It may seem a little time consuming – particularly when you need to shut down your system – but it’s essential that you install all patches immediately to provide you with maximum protection.

Shut Down Your Network

Once a piece of ransomware has breached part of your network it can spread very quickly. Therefore, the best course of action may be to simply disconnect your network. This may cause a huge disturbance to your businesses activities, but it may be less painful than compromising your data. With the spread halted, you can then investigate your options for decrypting any affected data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ransomware Locky Holds Your Data Hostage

Security,
05
Apr 2016

Computer virus.

Reports of a rise in ransomware trojans have seen further evidence in the form of ‘Locky’ which encrypts user data and demands payment to decrypt it.

Gathering data content, be it blog articles or customer databases, is a time consuming affair, so there’s a real sense of relief when it’s finally collated and finished. However, can you imagine how frustrating it would be to have this data suddenly encrypted by a third party? And how annoyed would you be if this third party then started demanding payment to release it?

You’d be VERY frustrated and VERY annoyed!

Locky – which is being distributed by infected MS Word files – is causing all manner of trouble to businesses at present, so it’s time you learned a little more about it to avoid getting a ransom note demanding $10,000!

What is Locky?

Ransomware does exactly what is says on the tin, it’s software which demands a ransom. Locky is a relatively new form of ransomware which, when activated, converts a long list of file extensions to a seemingly locked extension type named .locky e.g. a .jpeg extension will be converted to a .locky extension.

The problem is that the only way you can decrypt these .locky files is by purchasing a ‘decryption key’ online from the perpetrators. Now, you may be thinking that an online payment surely leaves a trail to the cyber criminals behind the ransom. Unfortunately, these hackers only accept payment through bitcoin – an untraceable online currency.

Ransoms as high as $17,000 are reported to have been paid to restore access to data, so it’s crucial you know what the warning signs of Locky are.

How Do You Get Infected By Locky?

virus-infected-word-file

Hackers are taking advantage of the ubiquity of Microsoft Office in our working lives to target victims with Locky. Emails are sent containing an MS Word attachment titled “Troj/DocDL-BCF” and the chaos it releases unfolds thusly:

  • Users open the file to discover it’s full of nonsensical text and symbols
  • A prompt encourages users to enable macros if “data encoding is incorrect” which, when presented with garbled text and symbols, would seem the right thing to do
  • If macros are enabled then this runs software which saves a file to the hard drive and then executes it
  • This file then downloads a final piece of software – Locky
  • Once Locky is downloaded to the system it starts scrambling files to the .locky extension
  • Locky then changes your desktop wallpaper to one of a ransom note detailing how to pay the decryption ransom

How to Protect Yourself From Locky

 virus-protection-services-melbourne-transit-data-about-us

Naturally, the best way to avoid getting infected with ransomware like Locky is to avoid all dubious email attachments.  However, there are a couple of other tips to help protect yourself:

  • Try installing Microsoft Office viewers which allow users to view documents without actually opening them in Office applications and prevents viruses from executing
  • Always install the latest updates for Microsoft Office to ensure any back doors are patched to keep your system protected

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Are Apple Computers Immune to Viruses?

Security, ,
29
Mar 2016

fva-630-skull-and-crossbones-computer-virus-hacking-credit-shutterstock-630w Compared to Windows PCs, Apple’s Mac computers have always been relatively virus free. However, a recent security attack has proved this is no longer true.

March 2016 saw a significant attack on Mac users which involved hijacking the Transmission BitTorrent app in order to deliver ransomware to its victims. It sounds like your stereotypical Windows attack, but why is it now happening to Macs? After all, the general consensus has been that they’re immune from viruses.

Seeing as Macs are very important to a huge number of businesses, I’m going to investigate this latest attack to analyze how it occurred and what it means for Mac users.

The Nature of the Mac Ransomware

computer-viruses

The unknown attackers used ransomware in their attack against Apple users and it’s a type of cyber-attack which is becoming increasingly popular. In this instance, the hackers were able to gain access to users’ systems through the Transmission BitTorrent app. This allowed the hackers to download malicious software onto the Macs. This software literally held the Mac users to ransom by encrypting their files and demanding $400 to release them.

How Did Apple’s Guard Drop?

For a very long time, Apple users were confident that Macs were safe from cyber-attacks. And for a long time this was generally true. This, however, wasn’t down to cutting edge security technology.

The truth is that hackers didn’t have much interest in targeting an Apple Mac. The reason for this is that Apple has a much smaller share of the market than Windows PCs. Why would a hacker want to spend their time writing software which could only target a small number of users?

This fact perhaps led to a sense of complacency on Apple’s part, so they weren’t expecting vulnerabilities in their operating system to be exploited so easily. Unfortunately, Apple’s Gatekeeper security software has, itself, been shown to contain numerous back doors through which hackers can cause chaos.

One of the main routes into Apple’s system is by tricking it to accept pre-approved developer certificates which have been faked. This allows users to download software which isn’t produced by who it says it is and, therefore, can’t be trusted. And this is exactly what happened with the Transmission BitTorrent app.

The Future for Apple Security

mac-shield

This recent attack is not the first security scandal to hit Apple. In 2014, there were around  10,000  – 70,000 attacks on Mac computers per month, but this rose dramatically in 2015 and is set to multiply significantly in 2016.

These figures are very startling for Apple, so it’s crucial that they take a look at Microsoft’s approach to internet security. Due to their dominance of the computer market, Microsoft has had to ensure their PCs are resistant to attacks. Steps taken have included:

  • Working with hackers to understand how they have attacked Windows
  • Offering cash rewards to anyone who finds new security flaws in Windows

It’s essential that Apple take a long hard look at their Gatekeeper software and evaluate how it can be improved. If they don’t they stand to alienate their customers if ransomware attacks continue.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 6 7 8 9