News

How To Protect Against WannaCry & Other Ransomware

The WannaCry global ransomware outbreak is still a potential threat to Australian businesses – as are other active ransomware threats.

Thankfully, there are simple, common-sense steps you can take to help avoid ransomware:

  1. Don’t open email attachments from senders you don’t recognise, even if they look very convincing
  2. If you receive a document from an unknown source, don’t open it and definitely don’t enable editing in Word as this will allow macros to run, which can be also used to download the ransomware
  3. Avoid clicking links on dubious-looking websites
  4. Make sure that all your software, including installed plugins, is up to date, because as we have seen with WannaCry, hackers use these vulnerabilities to attack your PC
  5. Install security software that can prevent an infection from encrypting files on your PC.
  6. Make sure you regularly back up.

The first two issues can be mitigated to some extent by using an email security service such as MailGuard.

However, the first three measures also rely on the user’s behaviour, so if you’re the owner or IT/security manager of a business, regularly educating staff on these three points should be a key part of your defence plan.

Updating Software

WannaCry was rapidly propagated on networks via a Windows server message block vulnerability. That vulnerability was patched by Microsoft in March, yet clearly many organisations had yet to update their systems two months later.

It’s yet another example of why timely patching applications and operating systems are important.  Especially organisations need to have a strategy of patching their systems in a timely manner.

Individual users and small businesses can be protected by turning on automatic updates in Windows and their applications – or accepting updates when prompted to do so – and only using software that’s supported by the vendor.

Backups

Most importantly, it’s vital that you back up all your documents and other important files to the cloud and/or another drive that is not connected to your PC or the network permanently.

That means syncing to a cloud service like Dropbox, OneDrive or Google Drive – on its own is not good enough. It is vital to back up to a location that is otherwise not connected to the network or a computer, because ransomware and other malware can “encrypt, corrupt or delete backups that are easily accessible”.

The best advice is to follow the 3-2-1 rule – have at least three copies of your files stored in two different formats, with one copy stored off-site (so, not on your PC or hard drive).

Install Anti-Ransomware Software

There are several tools from major software security companies that can protect your device from common types of ransomware.

Here are just a few:

Note that this list is by no means comprehensive, and we have not tested the above software. Bear in mind that some need to be run manually (they don’t safeguard your system in real time) and most only protect against certain types of ransomware.

We strongly advise looking on anti-ransomware tools as only part of a multi-layered approach to ransomware defence.

I would also highly recommend reading this article Why Businesses Should Care About Ransomware by Mohseen Lala at Cloudwards

 

Origin Energy scam email targets Australian’s with fake bill

Thousands of Australians have been targeted by a fake Origin Energy email containing dangerous malware designed to infect the user’s system.

The bogus emails started hitting inboxes at 8.30am on 10 May, according to enterprise email security provider, MailGuard.

The email, which MailGuard describes as “well-cratfed”, features Origin Energy branding, and employs the subject heading, “You Origin Electricity bill”, and is dated 16 May.

The amount due figure varies between individual scam emails, a tactic used to help it evade traditional antivirus software.

Another tactic employed by the cybercriminals behind the scam to further trick recipients into thinking the email is the real deal, is the inclusion of a line addressing privacy concerns that links to the real Origin Energy site.

If email recipients click on the “View bill” button, they are directed to a replica Origin Energy website, which links to a malware payload, which comes in the form of a JavaScript dropper, according to MailGuard.

The malware, which is hosted on a compromised Microsoft SharePoint account, is designed to install malicious files, such as keyloggers and other spyware, on the recipients’ systems.

Here is an example of what the fake bill looks like.

The amount due has been reported to vary between emails.

The scam email originates from a fake domain — originenergysolar.net — registered in China just days ago. It was sent from servers located in France.

Need a Printer? Brother Cashback Upto $200

For a limited time purchase selected Brother products and receive up to $200 Cash Back*.
Offer available from 1st May 2017 to 31st July 2017 on selected MFCs & Printers.

ELIGIBLE PRODUCTS & CASH BACK AMOUNTS

 Model Cash Back Amount
Colour Laser  MFC-L9550CDW ** $150
 MFC-L8600CDW $100
 HL-L9200CDW ** $50
 HL-L8350CDW $50
 HL-L8250CDN $50
 MFC-9340CDW $50
 
Mono Laser  MFC-L6700DW $200
 HL-L6200DW $100
 MFC-L5755DW $100
 HL-L5100DN $50
Inkjet  MFC-J6930DW $100
 MFC-J5730DW $50
 DCP-J4120DW + $20
 MFC-J4620DW $20
 MFC-J880DW ^ $10
 MFC-J680DW + $10

Visit the Brother Cashback website for more information or to claim.

NBN Website Update Allows You To Find Out When The NBN Network Is Available In Your Area

Have you wondered when you will have access to the NBN?

For the first time, you will be able to find out. The company has updated the website’s address tracker to show a timeframe for when people in an area can connect to the National Broadband Network (NBN).

Previously, the NBN website told people when construction would begin in an area — not when the service would actually be available.

“The number one question we get asked by people is ‘when will it actually be available?’ so this new update gives people an answer to that very question,” NBN spokesperson Dan Chamberlain told the ABC.

The online tool will show an estimated timeframe of the when the NBN will be available in an area, what technology will be used to roll the network out, and a list of retailers that will offer the service once it is available.

Information on internet speeds and bandwidth was not included in the update.

 

Dharma Ransomware Is The Most Dangerous Threat Released To Date!

What is the Dharma Ransomware?

There is a new ransomware threat doing the rounds called Dharma and it is probably the most dangerous variant of ransomware that has been released to date!

The main concern with Dharma ransomware is it not only encrypts your user files, it also encrypts all critical data files on your computer including accounting packages, emails & backups files if your external hard drive is connected.

Currently there is no decryption tool available for Dharma.

This ransomware virus is thought to be an original creation of ransomware developers or just a newer version of some larger family of Crypto ransomware.  Also, could it be as dangerous as Locky virus?  Since the appearance of Dharma ransomware, experts pointed out it’s resemblance to the CrySiS ransomware and the fact that the initial version of the virus can be decrypted.

However, it can’t be done with the latest version of this ransomware known to use amagnus@india.com for informing people about their encrypted files and ask them to pay a ransom. This information is also provided in info.hta ransom note. I should add that, according to the latest reports, the current version of Dharma uses these extensions that it appends to the target files: .dharma, .wallet, .zzzzz. 

When infected with the virus, you might be required to an email address similar to these bitcoin143@india.com, worm01@india.com, etc.  I strongly suggest not to do that as you have absolutely no way of knowing what to expect from this bunch of extortionists and how contacting them might end. It is more reasonable to simply remove Dharma and use your computer normally again.

If you continue using it with a ransomware running, every time you reboot the system will result in new encrypted files.

How can I get infected with ransomware?

While trying to infect systems with this malware, the developers of Dharma ransomware have been actively relying on phishing.  The scammers also use malicious spam campaigns to spread fraudulent emails with attached malware around and, sadly, the users often fall for their tricks.

If you, yourself, receive an email from some unknown sender, company or institution, carefully investigate it. Think about whether you expected such an email in the first place, if you have no idea why it has reached your email — it might be that you are being targeted by extortionists. In such a case, you should stay away from any attachments that might be added to the email and delete it immediately. Otherwise, Dharma can sneak in its malicious payload with some fake plane ticket, speeding ticket, parcel pickup or any other documents that might look convincing enough to be taken for granted.

How to remove Dharma from your PC?

All computer security unanimously agree that the best way to remove Dharma virus or any ransomware virus from the infected device is by scanning it with a professional anti-malware tool.  Nevertheless, you probably remember that this virus is specifically good at hiding on the computer and may not even be detected by the security tools.

 

Acronis True Image 2017 New Generation Helps Protect Against Ransomware

True Image 2017 backup software. Dubbed New Generation, the new solution is the first backup software to offer protection against ransomware attacks with what Acronis calls Active Protection technology.

The technology in question was actually developed at the Acronis R&D facility in Singapore, and is able to detect and prevent ransomware attacks in real-time, automatically recover all data, and protect data backups and the application itself.

Ransomware is a growing threat that can end up being extremely costly. According to the FBI, ransomware attacks resulted in damages exceeding US$1 billion in 2016, a figure that is only set to go up.

Acronis says that its Active Protection technology can identify unusual activity on computers and prevent malicious applications from compromising user data, backups, or the software itself. It relies on advanced behavioral heuristics to sniff out both new and known attacks, reducing the chance that you’ll be put in a situation where you need to recover data from a backup.

On top of that, the company is rolling out a bunch of tweaks and new features like a touch-friendly interface, AES-256 encryption for mobile backups, and the ability to restore Facebook account data to an existing or new account.

Malwarebytes 3.0 Anti-malware New Features

Malwarebytes has been an excellent protection shield for Windows users, who are concerned about their online security. For them, here is good news – Malwarebytes got a massive update. It now combines three tools into one. Earlier, there were Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit, and Malwarebytes Anti-Ransomware.

However, Malwarebytes 3.0 has consolidated them into one and made an all-in-one security tool for Windows. Here is everything you need to know about Malwarebytes 3.0 that is available for existing as well as new users.

Here are some of the features you may like in Malwarebytes Anti-Malware 3.0 and where to find them:

  • Faster scanning for threats.
  • Schedule scan: By default, it scans every 24 hours. However, you can change and set a particular time according to your wish.
  • All-in-one security shield: That means you no longer need any standalone anti-ransomware, antivirus and anti-rootkits. For your information, this tool doesn’t scan for rootkits by default. You need to enable this function right from Settings > Protection > Scan Options.
  • Real-Time Protection: To be on the safe side, you must have real-time protection. Malwarebytes 3.0 provides such option to help you in real-time. It can also be stopped from Settings > Protection > Real-time Protection.
  • Exclusion: At any point, if you wish to exclude a file or program from being under the Malwarebytes’ radar, you can rule out that program or file/folder from Settings > Exclusions. [Detailed guide is written below]
  • Scan from right-click context menu: Like Windows Defender, you can get an option to scan any file or folder from right-click context menu. Just right-click on any file, select Scan with Malwarebytes.

I highly recommend upgrading from your old version to the new version which you can download a 14 day trial from the Malwarebytes Anti-Malware website

 

Merry Christmas and Happy Holidays

Happy Christmas and Happy Holidays

I would like to take the chance to thank you for your continued support in 2016 and I look forward to giving you even better support in 2017

Holiday Hours Availability

I will be on holiday this December and January which will mean I will not be available for onsite work and urgent remote support between the following dates:

Thursday 22nd December 2016 until Monday 9th January 2017

    The best ways to contact me during this time are:

  • Email
  • Phone office number 03 9005 5705 and leave a message
  • Send a message via my website

During this period, I will respond to all emails within 24 hours but I will not be available on my mobile.

Ransomware Mamba Encrypts Entire Hard Drive

Ransomware is indeed a growing threat for anything that is connected to the Internet but what Brazil-based security firm Morphus Labs has discovered has surpassed all previous discoveries in this domain. Yes, the IT security researchers at Morphus Labs have discovered a ransomware malware that’s not only locking up victims’ files but also encrypting their hard drives.

Mamba ransomware is attacking computer around the globe; it is a Windows-based ransomware that was discovered to be infecting computers in Brazil, India and the United States.

So when Mamba has encrypted the whole disk’s partitions, you cannot even think about booting into the Windows again otherwise be ready to receive a password prompt. Needless to mention, you will have to pay a ransom in Bitcoin in order to get the password, decrypt the hard drive and use your computer again. The asked ransom is rough $600 or 1 Bitcoin. The ransom note is immediately presented to the victim upon rebooting the computer and it also contains the email address where the victim is supposed to ask for the key.

“You are Hacked ! H.D.D Encrypted, Contact Us For Decryption Key (w889901665@yandex.com) YOURID: 123152”

ransomware-mamba-encrypts-entire-hard-drive

This is probably the reason why Morphus Labs has named the ransomware after the poisonous snake. Previously, Petya ransomware was considered the nastiest as it also caused disk level damage by encrypting the machine’s Master File Table. On the other hand, Mamba uses open source disk encryption tool dubbed as DiskCryptor for compromising the drive.

The best way to protect against Mamba Ransomware is an backup of your entire system with software that backs up every file including your system files to a portable hard drive that is not permanently attached.

Australian Police Warning of Ransomware USB Drives in Mailbox

This should almost go without saying, but if you find a mysterious USB drive in your mailbox, don’t plug it in. There are more dangerous things a criminal element could drop in your mailbox, but a malware infected USB drive isn’t good. Police in Australia are investigating a series of thumb drives that showed up in mailboxes carrying some nasty ransomware.

ransomware-on-usb-sticks-1

According to police in the Australian city of Pakenham, 60km from Melbourne, multiple residents have reported strange USB drives appearing in their mailboxes. There are no stamps or addresses — they’re just envelopes someone dropped off by hand. The USB drives themselves are unmarked, but the software present on it is cleverly disguised.

Upon plugging in the drive, users see what appears at first to be a promotional offer from Netflix or another streaming service. And of course, who doesn’t like free stuff? Some more trusting members of the public went ahead with the installation, which didn’t provide any free entertainment at all. Instead, the computers were infected with ransomware. The police say that two or three people are known to have been infected in this way. Although, it’s possible that some people simply didn’t report their gullibility to the authorities.

ransomware-on-usb-sticks-2

Ransomware has become a persistent threat in the last few years. Viruses used to just steal data and use your machine for nefarious purposes, but ransomware can give criminals an immediate payday when someone is successfully infected. Ransomware encrypts files stored on the machine, then demands a Bitcoin payment to unlock them. Since Bitcoin is unregulated and effectively untraceable, the perpetrators can be extremely hard to catch. These attacks have been used against average internet users frequently, but criminals have started targeting specific companies and organizations as well. A person might pay a few hundred dollars to get their files back, but a corporation or hospital might pay a lot more to regain access to its data.

Most ransomware attacks involve social engineering on the internet to trick people into installing the software, but the mailbox approach is new. Still, it could be effective. People are naturally curious, and a mysterious USB drive can be tempting. They’re more likely to plug in a USB drive that shows up in real life than open a suspicious file they come across on the internet.

In this case, police are advising anyone who finds a USB drive in their mailbox not to plug it in and immediately contact the authorities.