Ransomware still going strong

Ransomware still going strong

Research from Google suggests that cyber thieves have made in the region of £19m over the past two years.

‘It has become a very, very profitable market and is here to stay,’ said Elie Bursztein from Google who, along with colleagues Kylie McRoberts and Luca Invernizzi carried out the research.

Ransomware is a malicious software that infects a machine and then encrypts or scrambles files so they no longer can be used or read. The files are only decrypted when a ransom is paid.

The data gathered showed that there were 34 variants of ransomware, the most popular being Locky and Cerber.

Mr Bursztein said that the gangs behind the ransomware explosion were not likely to stop soon, even though there is competition from newer variants such as SamSam and SPora.

www.bbc.co.uk/technews (27the July 2017)

Google fined a record £2.1bn over Shopping service

Google fined a record £2.1bn over Shopping service

Google has been fined 2.42bn euros (£2.1bn) by the European Commission after it ruled the company had abused its power by promoting its own shopping comparison service at the top of search results. The ruling also orders Google to end its anti-competitive practices within 90 days or face a further penalty of payments of 5% of its parent company Alphabet’s average daily worldwide earnings. Based on the company’s most recent financial report, this amounts to about $14m a day.

The European Union’s Competition Commissioner, Margrethe Vestager, said ‘Google has denied other companies the chance to compete on their merits and to innovate, and most importantly it has denied European consumers the benefits of competition, genuine choice and innovation.’

A spokesperson for Google said, ‘We respectfully disagree with the conclusions. We will review the Commissioner’s decision in detail as we consider an appeal, and we look forward to continuing to make our case.’

Google shopping displays relevant products’ images and prices alongside the names of shops they are available from and review scores, if available.

www.bbc.co.uk/technews (27th June 2017)

Apple Mac computers targeted by Ransomware and Spyware

Apple Mac computers targeted by Ransomware and Spyware

Apple Mac users are being warned about new variants of malware that have been created specifically to target Apple computers.  One is ransomware that encrypts data and demands payment before files are released. The other is spyware that watches what users do and scoops up valuable information. Experts have said that the threat is real due to the creators letting anyone use the two programs for free.

The two programs were uncovered by the security firms Fotinet and AlienVault which found a portal on the Tor ‘dark web’ network that acted as a shopfront for both. The creators behind the malware are thought to have extensive experience of creating working code.

Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware’s creators had said that payments made by ransomware victims would be split between themselves and their customers.

Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. They also said that any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data.

Aamir Lakhani from Fortinet said Mac users should make sure their machines were kept up to date with the latest software patches and be wary of messages they receive via email.

www.bbc.co.uk/technews (13th June 2017)


Windows 7 hardest hit by WannaCry worm

Windows 7 hardest hit by WannaCry worm

Security firms have suggested that the majority of the machines hit by the WannaCry ransomware worm earlier this month were running Windows 7. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software. WannaCry has so far infected more than 200,000 computers around the world.

Many have suggested that the reason UK hospitals suffered was because many of them still relied on programmes that required Windows XP – a version of Microsoft’s OS that came out in 2001. However, figures from Kaspersky Lab showed that infections of XP by WannaCry were  insignificant. Windows 7 was released in 2009 and the most widely infected version was the x64 edition, which is widely used in large organisations.

Many organisations seem to have been caught out because they failed to apply a patch, issued by Microsoft in March that blocked vulnerability which WannaCry exploited.

Security experts also found that the worm spread largely by seeking out vulnerable machines on the net by itself. Adam McNeil, a senior malware analyst at Malwarebytes, said the worm was primed to look for machines vulnerable to a bug in a Microsoft technology known as the Server Message Block . Mr McNeil said he suspected that whoever was behind the worm first identified a ‘few thousand’ vulnerable machines which were used as the launch platform for the much larger waves of infection.

www.bbc.co.uk (22nd May 2017) 

ADECS Alert – How to protect against Global Ransomware Attacks

ADECS Alert – How to protect against Global Ransomware Attacks

As you may be aware a massive ransomware attack spread across the globe over the weekend locking up thousands of hospital, telecommunications, and utilities systems. Whilst the ransomware was first detected wreaking havoc across the NHS network, the infection quickly spread worldwide with researchers observing 75,000 infections across 100 countries.

What is Ransomware?

Ransomware – a malicious program that locks a computer’s files until a ransom is paid – is not new but the size of this attack by the WannaCry malware is unprecedented. According to specialists the attack used data stolen from the NSA to exploit vulnerabilities in old versions of Microsoft Windows and deliver the WanaCrypt0r ransomware.

So what has happened and how can you protect your organisation from such an attack.

Take care when opening emails and clicking on links

  • This is the most important and often neglected aspect of protection. Although the WannaCry infection spread across vulnerable machines via a worm that took advantage of old unpatched machines the infection started from someone opening an infected file in an email. Organisations should have a strong policy for educating staff on what to look out for in emails, web-links and other unsolicited correspondence on their computers, phones and tablets. The number one method for initial infection is via this method and it is easy to stop through good user guidance and practice. IF YOU DON’T RECOGNISE THE SENDER OR THERE IS ANYTHING REMOTELY SUSPICIOUS THEN DO NOT OPEN THE EMAIL – report it to your IT team or delete instead.


Update Windows software and all antivirus

  • Ensure that your Microsoft Windows Software is being patched regularly, Microsoft released a patch for this vulnerability in March but many business’s haven’t updated leaving computers open to this attack.
  • Ensure that your ant-virus software is up to date and licensed and that any security devices are being used appropriately.


Ensure you back up regularly

  • The importance of this cannot be over emphasised as the simplest resolution to an encryption attack is to delete the affected data and restore it from a backup. Backing up to a local device or another  resource on the same network is NOT an effective solution as these devices could also be encrypted in the event of an infection. Backing up your data to an external source such as our remote backup service and conducting regular recovery exercises should enable you to recover quickly and not have to pay a ransom limiting the negative effects of such an attack.


Should you require any further information or advice on how to keep safe, do not hesitate to give one of our team a call for a chat. Make sure you are taking the right precautions to keep your business safe and running. Call us on 024 7699 5930 or 024 7669 4489 for any concerns you may have or if you would like a full security review.

Maxine Bridgeman & Jonathan Howells