22 Jun

New Ransomware Attacks With JavaScript

A newly discovered ransomware does away with downloading a malicious file, carrying out the encryption itself

A new form of ransomware has emerged that tries to evade detection by carrying out all its encryption using the JavaScript scripting language.

This the latest in the rapidly expanding ransomware category, which has grown into a significant threat in recent months as criminals are attracted by lucrative payouts.

“The JavaScript doesn’t download the ransomware, it is the ransomware,” wrote Sophos researcher Paul Ducklin in an advisory. “No additional software is downloaded, so once the JS/Ransom-DDL malware file is inside your network, it’s ready to scramble your data and pop up a ransom message all on its own.”

The script arrives as an attachment called Invoice.txt.js, which appears as “invoice.txt” on most Windows systems, which are configured by default not to display file extensions.

If opened, JavaScript attachments of this kind execute by default in the Windows Script Host (WSH), which doesn’t impose any restrictions.

The new technique is simpler than the most common method of infection, which involves the use of a Word document which then downloads executable code from a remote server.

If you think you may have been infected by this ransomware or  any other malware, give us a call on 01539 720104.


08 Apr

New ransomware that knows where you live!

ransomwareA new email phishing campaign has started sending thousands of ominous-looking emails that contain the recipient’s home address.

The well-worded email appears to come from legitimate email addresses, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a web link that purports to be an “overdue invoice.”

Click the link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom and the longer you wait, the larger the ransom you have to pay.

It appears that the scammers are leveraging some sort of database that has home addresses publicly available and using this for the scam.

Restoring from a backup is the only option available if you get infected by this type of virus, so make sure you have current and valid backups. If you need any help with backups or virus removal, please get in touch.

08 Feb

Avast SafeZone Flaws

avast-safezoneDangerous flaws have been discovered in the Avast SafeZone browser.  The vulnerabilities allow attackers to retrieve information from the browser like it’s web history and passwords, but could also allow full read access to the entire file system.

Avast has released a patch for the flaws and is recommending that all subscription based users update their program.

We have already made sure all our customers using Avast have the latest update but if you’re unsure please get in touch.

04 Mar

Mobile Malware Attack!

androidmalwareFake Amazon vouchers are being used to spread malware via Android mobiles.  The attack sends an SMS message to all the contacts in a mobile phone offering a free Amazon voucher.  If the recipient opens the message on an Android phone the malware tries to install itself and cycle is repeated.

Our advice is to delete any messages you’re unsure about and if your running an Android mobile make sure it’s got Anti-Virus software installed.  Avast have a free product here if you’re unsure: https://www.avast.com/en-gb/free-mobile-security

08 Jan

Ransomware – Cryptowall 2.0 Help!

ransomwareWe’ve seen a few more cases of the Cryptowall 2.0 ransomware this week and thought it best to advise people on how to prevent and deal with ransomware if infected.  Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator(s) of the malware in order for the restriction to be removed.  The most common form of ransomware at the moment, encrypts all personal documents including images, videos, word, excel documents etc on the computer, plugged in USB devices and network shares.  It then demands a ransom to decrypt these files.

How to avoid ransomware:

  • Ensure your operating system and security software are regularly updated.
  • Don’t open attachments from unknown sources or from emails that appear to be from a legitimate source but are suspicious.
  • Regularly back up important data and keep it on removable storage.
  • Ensure staff are educated in good computing practices and how to spot threats.
  • Block unnecessary email attachments.

What to do if you have become infected:

  • Shut your computer down straight away and disconnect all USB devices and network cables.
  • Call your IT support and tell them what has happened.
  • Don’t use the USB devices in any other computers.

If you’ve been infected we can help, the first thing to do is look for your most recent backup as this is the best way to recover your files.  Failing that we can try to use shadow volume copies or even specialist file recovery software.  We don’t recommend paying the ransom as you have no guarantee’s and you will only be funding the criminals behaviour, but if all else fails and you need the documents back we can advise you on how to do it.

If you’re worried your computers maybe at risk get in touch, we’ll be happy to help.

17 Dec

Malformed/infected word/excel docs sent via email

email-iconWe are seeing lots of emails with malformed or infected word and excel attachments.  These attachments appear to be genuine documents, but actually contain a macro or vba script virus.  Modern versions of Microsoft office (2010 and 2013) have macros disabled by default.  If macros are enabled then you will be infected by simply opening the attachments.  If you open an attachment by mistake DO NOT follow the advice and enable macros, as you will be infected.

If you have any concerns give us a call on 01539 720104