Apple Mac computers targeted by Ransomware and Spyware

Apple Mac computers targeted by Ransomware and Spyware

Apple Mac users are being warned about new variants of malware that have been created specifically to target Apple computers.  One is ransomware that encrypts data and demands payment before files are released. The other is spyware that watches what users do and scoops up valuable information. Experts have said that the threat is real due to the creators letting anyone use the two programs for free.

The two programs were uncovered by the security firms Fotinet and AlienVault which found a portal on the Tor ‘dark web’ network that acted as a shopfront for both. The creators behind the malware are thought to have extensive experience of creating working code.

Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware’s creators had said that payments made by ransomware victims would be split between themselves and their customers.

Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. They also said that any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data.

Aamir Lakhani from Fortinet said Mac users should make sure their machines were kept up to date with the latest software patches and be wary of messages they receive via email. (13th June 2017)


Windows 7 hardest hit by WannaCry worm

Windows 7 hardest hit by WannaCry worm

Security firms have suggested that the majority of the machines hit by the WannaCry ransomware worm earlier this month were running Windows 7. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software. WannaCry has so far infected more than 200,000 computers around the world.

Many have suggested that the reason UK hospitals suffered was because many of them still relied on programmes that required Windows XP – a version of Microsoft’s OS that came out in 2001. However, figures from Kaspersky Lab showed that infections of XP by WannaCry were  insignificant. Windows 7 was released in 2009 and the most widely infected version was the x64 edition, which is widely used in large organisations.

Many organisations seem to have been caught out because they failed to apply a patch, issued by Microsoft in March that blocked vulnerability which WannaCry exploited.

Security experts also found that the worm spread largely by seeking out vulnerable machines on the net by itself. Adam McNeil, a senior malware analyst at Malwarebytes, said the worm was primed to look for machines vulnerable to a bug in a Microsoft technology known as the Server Message Block . Mr McNeil said he suspected that whoever was behind the worm first identified a ‘few thousand’ vulnerable machines which were used as the launch platform for the much larger waves of infection. (22nd May 2017) 

ADECS Alert – How to protect against Global Ransomware Attacks

ADECS Alert – How to protect against Global Ransomware Attacks

As you may be aware a massive ransomware attack spread across the globe over the weekend locking up thousands of hospital, telecommunications, and utilities systems. Whilst the ransomware was first detected wreaking havoc across the NHS network, the infection quickly spread worldwide with researchers observing 75,000 infections across 100 countries.

What is Ransomware?

Ransomware – a malicious program that locks a computer’s files until a ransom is paid – is not new but the size of this attack by the WannaCry malware is unprecedented. According to specialists the attack used data stolen from the NSA to exploit vulnerabilities in old versions of Microsoft Windows and deliver the WanaCrypt0r ransomware.

So what has happened and how can you protect your organisation from such an attack.

Take care when opening emails and clicking on links

  • This is the most important and often neglected aspect of protection. Although the WannaCry infection spread across vulnerable machines via a worm that took advantage of old unpatched machines the infection started from someone opening an infected file in an email. Organisations should have a strong policy for educating staff on what to look out for in emails, web-links and other unsolicited correspondence on their computers, phones and tablets. The number one method for initial infection is via this method and it is easy to stop through good user guidance and practice. IF YOU DON’T RECOGNISE THE SENDER OR THERE IS ANYTHING REMOTELY SUSPICIOUS THEN DO NOT OPEN THE EMAIL – report it to your IT team or delete instead.


Update Windows software and all antivirus

  • Ensure that your Microsoft Windows Software is being patched regularly, Microsoft released a patch for this vulnerability in March but many business’s haven’t updated leaving computers open to this attack.
  • Ensure that your ant-virus software is up to date and licensed and that any security devices are being used appropriately.


Ensure you back up regularly

  • The importance of this cannot be over emphasised as the simplest resolution to an encryption attack is to delete the affected data and restore it from a backup. Backing up to a local device or another  resource on the same network is NOT an effective solution as these devices could also be encrypted in the event of an infection. Backing up your data to an external source such as our remote backup service and conducting regular recovery exercises should enable you to recover quickly and not have to pay a ransom limiting the negative effects of such an attack.


Should you require any further information or advice on how to keep safe, do not hesitate to give one of our team a call for a chat. Make sure you are taking the right precautions to keep your business safe and running. Call us on 024 7699 5930 or 024 7669 4489 for any concerns you may have or if you would like a full security review.

Maxine Bridgeman & Jonathan Howells

Project Loon gets underway

Project Loon gets underway

Peruvians have been getting online using Project Loon, the ambitious connectivity project from Google’s parent company, Alphabet.

Project Loon uses tennis court-sized balloons (about 20km above the ground) which contain a small box of equipment to beam internet access to a wide area below. Only small-scale tests of the technology have taken place so far.

Project Loon is in competition with other attempts to provide internet from the skies, including Facebook’s Aquila project which is being worked on in the UK. Project Loon have recently figured out how to use artificial intelligence to ‘steer’ the balloons by raising or lowering them to ride weather streams. This led to balloons being used to connect people in Lima, Chimbote, and Piura. The balloons were launched from the US territory of Puerto Rico before being guided south.

Over the course of three months the balloons were still providing access with users sending over 160GB worth of data (the equivalent of 2 million emails).

The connectivity (roughly covering an area of 40,000 square kilometres) was enabled with the help of Spanish telecoms giant Telefonica, which operates in Peru, and several other organisations who aided in setting up ground stations that enabled the balloons to connect to the internet.

The technology is still in its early stages, the concept still faces a number of challenges, most related to keeping the equipment in the air.

Some have questioned the motive of companies expanding into the developing world with such vigour – particularly over how both Facebook and Project Loon may be bale to collect data that could later be used to sell targeted advertising. (17th May 2017)

Microsoft makes emergency security fix

Microsoft makes emergency security fix

Microsoft has released an urgent update to stop hackers taking control of computers with a single email. The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message. Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link. Researchers working for Google’s Project Zero cyber-security unit discovered the flaw at the weekend.

The fix has been specially pushed out hours before the software giant’s monthly Tuesday security update.

Windows 8, 8.1, 10 and Windows Server operating systems were affected by the bug. Anti-virus software such as Windows Defender would simply have to scan the malicious content for the exploit to be triggered.

Cyber-security expert Graham Cluley said that Microsoft had acted brilliantly to release the patch so quickly. (9th May 2017)