ALERT:  Voice Mail CyberScam

CyberCriminals have found a new way to trick people into infecting their PC with ransomware.  

This time, it looks like a Microsoft email that tells you about a voice mail that was left for you, and asks you to click to play the voice mail.

The email looks similar to the one below:

The email has a .zip attachment that supposedly has the voice mail message in a .wav file.  However, if you unzip the file, the ransomware will encrypt all the files on your computer, and possibly all files on the network if you have access.  The only way to get your files back….is to pay approximately $500 US.

Do not click on links in “voice mail” emails from someone you do not know, and do not open any attachments!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  FTC Scam Rings True

 

There is a new CyberScam out this week, that has lazy CyberCriminals raking in cash!

 

I say lazy, because the CyberCriminals are taken an actual past scam that the U.S. Federal Trade Commission has resolved & is now refunding money on.  CyberCriminals take these real FTC cases, and create a phishing scam out of them.

CyberCriminals are sending out phishing emails from an official-sounding organization that promises you a refund for a specific amount.  

Be very careful!

Never click on any links, or open any attachments you did not ask for.  DELETE the email immediately.  

If you really are expecting an FTC refund, go to the FTC.gov website yourself, using your own shortcut, or by typing the address in your browser.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Ransomware Releases

The ransomware market is rapidly expanding, and new and upgraded strains are released quickly.  The FBI recently projected that the losses caused by ransomware infections could reach a billion dollars…in 2016 alone.  

 

Here is a list of the most recent releases and/or upgrades:

CryptXXX

In late July, thousands of legitimate WordPress business sites were hijacked to deliver ransomware to anyone that visits their website.  The hijacked websites were redirecting visitors to a compromised site, where the payload was the very latest CryptXXX.  If you are running WordPress as your website and/or blog, make sure you upgrade to the latest version.  You should also minimize the number of plugins you use, to make the attack surface as small as possible.  

Cerber

The leading Cybermafias are furiously innovating to stay ahead of the copycats.  Cerber has updated several times, like adding a DDoS, and the use of double-zipped Windows Script Files (WSFs) to evade detection.  In July, the release of Cerber’s latest version put Office 365 users in the crosshairs.  Victims were phished, and once they opened the attachment, Cerber encrypted their files.  

Stampado

A new ransomware type to surface in mid-July had some similarities to Cryptolocker and Jigsaw in terms of how it works.  Stampado was marketed to CyberCriminals at a fraction of the cost of the usual ransomware ($39), and even included training videos to make sure that the CyberCriminals did it right.  Stampado ecrypts files, then deletes chunks of the hostaged files after a lapsed time period, if ransom has not been paid.  Stampado typically gives a 96-hour deadline before all files are deleted.

CrypMIC

While CrypMIC is a copycat of CryptXXX (trying to rake in Bitcoin with a ransom note.  Even it’s payment user interface is similar.).  One twist is that CrypMIC does not append any extension names to files that have already  been encrypted, which makes it hard to spot (which makes it hard to tell which files have been affected).

cuteRansomware

Uses Google Docs and other cloud apps to transmit encryption keys and gather user information to evade detection

Alfa Ranscam

This looks like a distant relative of Cerber.  The malware scans its infected system’s local drives and encrypts over 142 file types, appending a “.bin” extention name to the locked file.

CTB Faker

This is a copycat to CTB Locker.  This is spread through fake profiles on adult sites.  The fake profiles trick users with the promise of access to a password-protected striptease video.  The victims click on the link provided, which leads to a download of the ransomware.

Ranscam

Discovered in July, this ransomware threatens to delete files unless a 0.2 bitcoin ransom is paid.  Insult is added to injury when the files are deleted, whether ransom is paid or not.

Hitler Ransomware

Also new in July, this ransomware doesn’t encrypt files, it just deletes them.

PokemonGo Ransomware

This ransomware emerged shortly after the app was released.  This ransomware installs a backdoor account, and allows the spreads to other drives.  This strain has added bonuses, such as adding an admin account, and the ability to spread to all removable drives.  

As you can see by the lengthy list above, ransomware is spreading fast & furious, with new versions and strains popping up all over the place.  

The common factor?  All of these ransomware strains rely on social engineering to capture their victims.  

Now, more than ever, CyberSecurity is extremely important for businesses.  You cannot simply relax & hope that either your business is too small for attack (ransomware spread by social engineering doesn’t care how big, or small, your business is!), or that you filters are going to catch it (they never do).  Create your own “human firewall” by informing your employees about the risks, what to watch for, and what to do about it.   

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Illegal Game of Thrones Download

 

Illegal downloading of tv shows and movies from a variety of websites is the bane of the entertainment industry.  Yet it’s done all the time.  Currently, the HBO series, “Game of Thrones” is the #1 download.  

And CyberCriminals are ready to cash in…

Emails are being received that look like a legal violation notice from IP-Echelon, which is the company that enforces copyright claims for companies such as HBO.  The email states that the person receiving the notice has illegally downloaded “Game of Thrones”, or other copyright-protected entertainment and that unless they pay a settlement within 72 hours, the matter will be turned over to their attorneys.

When you click on the link provided, you are directed to a website where you can pay your “settlement”.

The people on the other side of the website, are CyberCriminals, not a copyright-protection agency.

In general, it’s a bad idea to illegally download shows and movies for two reasons:

1.  You are violating copyrights, which can turn out to be very expensive when you get sued.
2. The websites promising these downloads are often compromised and infect your computer with all kinds of malware.

If you’ve received a notice and want to verify if this is for real or not, contact the real IP-Echelon directly which you can do here: https://www.ip-echelon.com/contact-us/

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Don’t Get Poké-Punked!

 

With the Pokémon Go hitting the streets…you know CyberCriminals are not going to be far behind!

 

The game’s rapid rollout and unparallelled success has it’s risks.  Pokemon Go has immediately hit several security and privacy-related speed bumps, and not all of them are virtual…

Muggings

In this game, players can meet in real life using the Pokéstop feature to do virtual battle.  Police in several cities have already accumulated some scary stories – some people are using the popular game to lure other players to remote locations with the intention of robbing them (or worse!).

Google Login Permissions Problems

Many security researchers have been warning that the initial release of the Pokémon Go app has access to many more device permissions than needed, meaning a possible privacy risk.  Some information security experts have even been urging players to create “burner” Apple or Google accounts that are only used with this game.  

Trojanized Apps

Just 72 hours after the initial release of the Pokemon Go app, CyberCriminals had Trojanized a legitimate version of the free app to include malware, which was released via unofficial, third-party app stores.

Researchers at the security firm “Proofpoint” stated in a blog post that the malicious Android app file “was modified to include the malicious remote access tool called DroidJack – also known as SandroRAT, which would virtually give an attacker full control over a victim’s phone.”  Gaming websites have begun publishing instructions on how people can download the app, including using side-loading – evading Google’s official app store – to install them. 

Proofpoint went on to state, “In the case of the compromised Pokémon Go APK we analyzed, the potential exists for attackers to completely compromise a mobile device.  If that device is brought into a corporate network, networked resources are also at risk.”  

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Ransomware Update

 

Ransomware is the fastest growing, most lucrative form of malware out there right now, and CyberCriminals are cashing in.

 

 

Here is a list of some of the latest versions out there.  This list is ever-changing, and should not be taken as a complete list.  If you have any questions, please call us at 1-204-800-3166, and we can go over some of the solutions available to help to prevent infection.

Zepto

A form of the popular “Locky” virus, this encrypts your files to “.zipto”.  Usually spread through email containing a zip file.  When clicked, a javascript file will begin unpacking itself, and start encrypting your files.  Because this version is so new, some antivirus software may not detect it yet.  There is currently no way to decrypt the files.

CryptXXX

This has been around for a while, but has recently made a comeback in June collecting approximately $50,000 in ransoms for the month.  CryptXXX is spread through spam email.  There is currently no way to decrypt CryptXXX.

Bart Ransomware

Usually spread through an email with a “photos” zip attachment.  When the attachment is opened, it triggers a javascript filr called “Rocketloader” that zips up your files in a password-protected zip file.  Bart is a little different, in that it doesn’t have to communicate with the “mothership” computer to encrypt your files.  So it will continue to do so, even when disconnected from the network.  Currently there is no way to decrypt Bart-encrypted files.

Cerber Ransomware

This has been attakcing Office 365 users, and usually comes in the form of an emailed Office document.  Currently there is no way to decrypt Cerber-encrypted files.  

With no way to decrypt the files, and no choice but to pay the ransom, companies are seeking ways to avoid getting infected in the first place.  

Make sure your employees are familiar with how to identify a suspect email.  Check out our “Red Flag Emails” for tips! 

For increased protection, call Technology by Design at 1-204-800-3166 and ask us about our Spam Filter Solution!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Windows 10 Free Upgrade Ends Soon!

 

 

The free offer to upgrade to Windows 10 expires on July 29th, and here are some things you should know:

• The offer is not likely to be extended.
• Any upgrades performed before the deadline are valid for as long as the device lasts.
• There is a slim possibility of some new upgrade offers after the 29th, but don’t hold your breath.
• Windows 10 will eventually become software as a service.  Price is unknown at this time, but for Enterprise customers it looks like the cost will be just under $100 USD annually.
• Retail Windows 7 PCs and laptops will no longer officially be available after October 31st.  You may however, still be able to get old stock.

If you are planning on upgrading, the Window is closing (no pun intended).  

Extended support for Windows 7 ends in January 2020, so your PC will still receive security updates until that time if you choose to stick with Windows 7.

Need assistance upgrading your computer network?  

Call Technology by Design at 1-204-800-3166

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks