Cybersecurity Blog

Ransomware Hidden in Scanned Document Attachments – 11/29/17

Please note: This post has was updated on 11/30/17!

Over 2 million malicious emails per hour are being sent out worldwide. The emails have the subject lines:

  • Scanned from Lexmark
  • Scanned from HP
  • Scanned from Canon
  • Scanned from Epson

They appear to come from a printer or copier and contain an attachment that appears to be a scanned document. The attachment has the extension .7z. Opening it loads a new strain of ransomware onto your computer.

If you receive an email that appears to come from a copier or printer and you haven’t recently scanned a document, report the email as phishing to Google. If you have scanned a document:

  1. Check the sender, it should say me.
  2. Check the email address, it should be yours.

If the email is not from you and does not have your email address, report it as phishing to Google.

 

 

ALERT – Bad Rabbit ransomware attack – 10/25/17

 

The US Department of Homeland  Security has issued an alert for the Bad Rabbit ransomware strain. It has crippled organizations in Russia and the Ukraine and has been found in the US. It is only a matter of time before it begins appearing here.

What does it do?
  • It encrypts your files and extracts the login credentials for your computer.
How do I know I have been victimized?
  • Your computer will start to run slowly.
  • You are directed to a webpage that gives you 41 hours to pay the ransom to get access to your files or the ransom will go up.
How do you get infected?
  • When visiting a legitimate website, a pop up appears asking you to install Adobe or the Adobe Flash Player.
  • Downloading and installing either of these programs installs the ransomware.
What is IT Services doing to fight this attack?
  • Our anti-virus is up to date.
  • We are actively monitoring systems to detect any abnormal activity on the network.
What can I do to fight this attack?
  • If you are prompted to download Adobe Flash Player or Adobe:
  1. Close the browser tab that contains the prompt.
  2. Open a new browser tab and visit www.adobe.com/ca.
  3. Search the Adobe website for the application and download it from there.
  • If you are a victim, disconnect from the network immediately (pull the network cable or disconnect from WiFi) and contact the IT Service Desk at 403-440-6000.

If you have any questions or concerns, please contact the IT Service Desk.

What you should know about the worldwide ransomware attack – 05/15/17

Friday the world was given a sampling of exactly how much damage ransomware can cause.  Cyber criminals released a brand new form of ransomware that had the capability to replicate itself and infect other machines on the same network. This allowed it to spread at a very rapid  rate. The ransomware’s more notable victims were the NHS, UK’s healthcare sytem and the Spanish telecom giant Telefonica. Surgeries were cancelled, ambulances were diverted and services were interrupted.

This ransomware called WannaCry, took advantage of a vulnerability in Windows that had been found by the NSA and then published on Wikileaks. In March, Microsoft issued a patch that effectively eliminated this vulnerability. You may be wondering why millions of machines became infected if this vulnerability was addressed. The answer is two fold.  First, Microsoft has stopped supporting older operating systems such as XP and Vista. That means they do not normally provide security patches for these operating systems.  Second, many users do not install the latest updates.

So how to you keep your data safe from WannaCry and other malware?

  • Backup your files regularly

We are human, at some point we may click on something we shouldn’t. If all your files are backed up, you can restore your system if you are hit by malware.

  • Keep all your applications secure by installing all updates

Programmers are human too. Sometimes their programs are released with vulnerabilities that allow criminals to use the programs for their own purposes. When those vulnerabilities are found, they are fixed with a software update.  If you do not install your updates, you leave your computer vulnerable.

Do you have a XP or Vista machine? You should consider upgrading to Windows 7 or 10. In the meantime, Microsoft has taken the unprecedented step of issuing Vista and XP updates to address the  vulnerability WannaCry exploits.

  • Verify all links and attachments in unexpected emails before opening them

To date the majority of malware is delivered by a user clicking on a link or opening an attachment. Phishing emails are no longer containing, poor graphics, bad grammar or are coming from strangers. More and more attacks appear to come from someone you know, contain relevant content and are slick in their appearance. To truly stay safe, you should contact all senders of unexpected emails containing links or attachments by phone and verify that they actually sent the message.

By following these simple steps, you will avoid the heartbreak of WannaCry.

 

Latest scam: The fake Whatsapp voicemessage – 04/18/17

Coming soon to an inbox near you, an email from Whatsapp notifying  you that a voice message is awaiting your response. The email includes a handy Play button so you can listen to the message without having to open Whatsapp.  So thoughtful of them. Of course clicking the Play button loads your computer with malware allowing the criminals to steal your identify or encrypt your files and hold them for ransom.

This is yet another reminder not to click on links/ buttons/ attachments/photos in unexpected emails.  Criminals are getting more and more creative and sophisticated, crafting emails that are getting harder and harder to detect as fake. However, you can avoid becoming a cyber crime victim by simply adopting the practices of:

  • Being fully present when reading your emails.

Criminals count on you being distracted when you read your email. The majority of attacks occur on the day before a long weekend when users are not paying attention to what is in their inbox. They click not because they don’t know better, but because they aren’t paying attention.

  • Visiting known sites or apps directly.

If you receive any kind of notification from any organization or application, visit the site or open  the application directly. If it is legitimate the same information that is in the email will be found on the website or in the application.  Do not trust the email.

  • Calling  people from your contact list to confirm that they sent an email.

If you recognize the sender, do not assume the email came from them. Cyber criminals can hack your contact list and make it look like a trusted friend sent you a nice cat video. Call the sender directly and confirm that they sent the email.

 

 

Anatomy of a Ransomware Attack – 03/14/17

Your stereotypical hacker used to be an overweight manchild living in his parents basement. Nowadays, however, a hacker can be working for a large organization making billions a year.  Hacking has become big business with ransomware offering hackers the ability to make lots of money quickly and easily.  Everyday you are hearing about companies and organizations being brought to their knees by a cyber attack.  Just how do hackers do it? How do they manage to get through the latest firewalls, anti-virus software and network security protocols to breach some of the highest levels of security found on the planet? Watch the video and find out.

 

Ransomware Alert – Do not install a Chrome font pack! – 02/02/17

There is a new ransomware scam.  So new that antivirus software isn’t aware of it yet and therefore can’t detect it. Chrome for windows users that visit compromised websites are suddenly finding the text on the page becomes unreadable. An alert appears explaining that their browser doesn’t have the font needed to display the page properly and instructs them to install a font pack.  To add to the fun, they are unable to close the alert using the “x” button and they cannot close the browser.  If you choose to download and install the so called font pack, you are able to read the text but ransomware is also being installed in the background. The nasty thing is so sneaky, you don’t even notice that something is awry…at least not at first.

Your first clue is your computer starts to run rather slowly. Then you see folders on your desktop grey out and you can’t open them. As the encryption starts to spread you loose access to your documents one by one.  Then the lovely ransom note appears. However by this time you no longer have access to any of your files.

If you find your folders are greying out or you are unable to open files, please disconnect from the network immediately and call the Service Desk.

This latest ransomware uses a common tactic for delivering malware, the fake alert window. If an alert of any type pops up when you visit a webpage, encouraging you to install something to fix the problem, close the browser immediately.  Do not click on anything in the alert window including the “x” as some diabolical hackers design their malware to install regardless of where you click. If you are unable to close the browser, reboot your machine. By following this simple no click rule, you will save yourself a whole lot of frustration and heartache.

Satan Ransomware Removal Instructions – 01/23/17

Sooo, you have been nailed by the Satan Ransomware bug. What do you do? Well, if the nasty thing is sitting on a Mount Royal workstation, device or laptop call the ITS Service Desk. If it is your home machines or device, no worries because you have followed our terrific advice and have backed up your data regularly…right? If you didn’t quite get around to that all is not lost.  Some nice people at PCrisk have a solution for you. More specifically the wonderful Tomas Meskauskas has written an article detailing how to get rid of the awful thing.  Do note, that his instructions only apply to the Satan Ransomware bug. If you have another version of ransomware, his procedure will not work. Once you have followed his advice and successfully averted disaster, do remember to perform those regular backups. The next time you get a ransomware infection, there might not be removal instructions for it.

Responding to a Ransomware Attack – 01/09/17

If your workstation here at Mount Royal becomes infected with Ransomware, you know to call the IT Service Desk at 403-440-6000 for help. What do you do if your home machine becomes infected? This article by GrahamCluley.com walks you through the steps.  Enjoy!!

Protecting yourself against ransomware

Does the ransomware attack on the University of Calgary have you concerned? Do you wonder if it could happen here at Mount Royal?  What the video to learn how you can protect yourself and Mount Royal from a ransomware attack.