No 'slide' images have been detected!
How To Add Images To Your Slider
  1. View your project in edit mode by clicking the edit button.
  2. Import or drag and drop an image into your editor.
  3. Double click the image and in the popup menu change the filename to something that starts with 'slide'.
  4. Add as many images as you want and make sure to also change the filenames to something that starts with 'slide' (e.g. slide-2.jpg, slide-3.jpg).
Site logo

Virus

Antivirus is no longer enough to protect your computer

It wasn’t that long ago that anti-virus software was the epitome of computer security, especially if you were a Windows user. However, ransomware and crypto malware attacks are rising at a terrifying rate and show no signs of stopping. Unfortunately, traditional anti-virus software alone is not effective in dealing with these types of attacks

Although experts still recommend using anti-virus software to protect your computer, this is now only the first part of a “layered approach” to keeping your PC and personal information safe.

The second part of the “layered approach” is to ensure your computer’s other software (especially the operating system) is up-to-date. Remember the WannaCry ransomware attack which struck the NHS’ (amongst other organisations) Windows machines in May? Microsoft had already provided a software update about two months before the attack that protected users running operating systems like Windows 7 or Windows Vista from WannaCry. However, PCs that hadn’t been updated or that were Windows XP were left vulnerable. Microsoft says users who were running Windows 10 weren’t affected by the attack.
Don’t forget to keep your anti-virus software, like Windows Defender, updated too. The software can't fight a threat it doesn't yet know about, and that information is found in regular updates.

The third layer is to recognise that phishing attacks are the most common way for attackers to get into your system. Phishing attempts happen when you receive an email with a malicious link in it, or are asked to enter your username and password on a website that impersonates your bank’s website, for example. So, try to be smart about what email service you use. Google and Microsoft are good choices, because, as they have effective inbuilt controls and security, they help prevent phishing in their Gmail and Outlook.com email services.

DO BACK UP YOUR DATA REGULARLY, because should your computer become infected by ransomware, you can wipe your computer, install the operating system from scratch, and then restore it from the backed-up version. OK, so it can be a pain to do, however it’s better than losing everything. Don’t forget to unplug your back up drive from the computer once the backup is done, otherwise it too will become infected.

Finally, as I have mentioned many times before, vigilance and common sense are crucial factors in helping prevent malware and ransomware attacks:

  • Never follow links from e-mails. Instead open a new tab or window and enter the URL of your bank or other destination manually.

  • Enter your username and password only over a secure connection. Look for the “https” prefix before the site URL - if there is no “s,” beware.

Yet more ransomware

It will come as no surprise to you that this week’s article will cover the recent malware attack on the NHS and other major enterprises across the world.

The ransomware in question is called WannaCry (also known as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2) and in less than four hours, it had infected NHS computers,
beginning in Lancashire, and then spreading throughout the NHS’s internal network.

Although the NHS does not seem to have been specifically targeted, many
NHS trusts still use Windows XP, a version of Microsoft’s operating system that reached its “End of Life” on 8th April 2014. This meant that Microsoft stopped providing security updates or technical support for Windows XP, which instantly made the system vulnerable to a huge array of threats. Even though, in March, Microsoft released a patch for XP & Vista, the NHS failed to implement it!!

In case you missed the furore surrounding this cyber-attack, ransomware is a type of malware that infects a PC and then encrypts data files or even the entire system. Once all the files are encrypted, it posts a message asking for payment (usually in Bitcoins, a digital currency) for a code that will restore the files and threatens to destroy the information if it doesn’t get paid, often with a timer attached to put the pressure on. Even worse is that the hackers often take the payment but still do not unlock the data.

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

So, it has now been proven that computer users who continue to run Windows XP are playing a very risky game. Unfortunately, this irresponsibility then puts other computer users at risk because their systems end up hosting and distributing malware and viruses. Continuing to use Windows XP on the public internet is very much like going out in public with a virus and coughing on people.

If you are still using an XP machine, STOP! You need to upgrade your existing computer or, if your existing computer is too ancient to upgrade, buy a new one.

For users of the most recent Microsoft operating systems, do protect yourselves by installing
antivirus software and keeping your operating system and applications up-to-date. Don’t visit any suspicious sites or open email attachments from unknown sources. Most importantly, you really must perform regular back-ups of ALL YOUR DATA onto an external hard-drive, then immediately unplug the device from your computer since ransomware can encrypt what is on that as well as what is on the computer.

More Ransomware

You may remember our article from last September regarding Ransomware and in particular the CryptoLocker virus. So why are we writing yet another article about this malicious malware? Simply because in 2016 there was a massive rise in the number of Ransomware attacks.

There are currently two types of ransomware in circulation:
  • Encrypting ransomware, which is designed to block system files and then demand payment to provide the victim with the key that can decrypt the blocked content. Examples include Cryptolocker, Locky and CryptoWall.
  • Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.

Ransomware differs from other malware in that it features unbreakable encryption, meaning that you can’t decrypt the files on your own. It can encrypt all kinds of files, from documents to pictures, videos and audio files and it can scramble your file names, so you can’t know which data was affected. Usually, the ransom payments have a time-limit - going over the deadline will increase the ransom, but it can also mean that the data will be destroyed and lost forever

Victims are hacked by clicking on an innocent looking attachment or website link within an email. This releases malicious software
that destroys not only the victim’s data but also the data on any connected device including network shares. Ransom notes then appear demanding that money be paid in Bitcoin in return for a decryption key that will disable the virus. However, there is no guarantee that the key will work or prevent further attacks.

Ransomware creators target home users mainly because they often don’t have
data backups; because many users will click on almost anything and because their software and antivirus are not up-to-date (even if specialists always nag them to keep them updated!).

Businesses are targeted because that’s where the money is; because it can cause major business disruptions, which will increase their chances of getting paid and because computer systems in companies are often complex and prone to vulnerabilities that can be easily exploited.

Public institutions, government agencies in particular, are targeted because they manage huge databases of personal and confidential information that cyber criminals can sell; because they often lack defences that can protect them against ransomware and because they often use outdated software and equipment.

Like most malware, ransomware gets onto systems through untrusted sites and attachments. So protect yourself by installing
antivirus software, keep your operating system and applications up-to-date and don't visit any suspicious sites or open email attachments from unknown sources. The most important piece of advice I can impart is that you perform regular back-ups of ALL YOUR DATA onto an external hard-drive, then immediately unplug the device from your computer as ransomware can encrypt what is on that as well as what is on the computer.

Fake News Scam

newsI’d like to bring to your attention this week a new trend of “Fake News”, currently appearing on a great number of websites, including Facebook, Google and Twitter. Fake News is posted for a number of reasons: trying to influence opinion, attacking a political opponent (the 2016 Presidential election is a prime example); stock manipulation scams, to sell advertising and most popularly to shock people into clicking on the link and then infect their machine with malware (celebrity deaths).

For example, one of my customers saw a supposedly genuine news story on Facebook reporting that Noel Edmonds had died. When he clicked on the link, the entire page tuned into a huge virus warning saying he had less than 5 minutes to phone the support number at the bottom of the page otherwise his computer would become inoperable. This was a ruse (there was no virus) and just an excuse for the offending company to charge £150 for 10 minutes of support as well as selling him some anti-virus for a further £20.

Another example is the advert claiming you can become a millionaire overnight. These ads are usually placed next to an image of a famous person of great wealth and the scheme is described as his/her secret and people are encouraged to sign up.

So how do you know if a news story or advert is real or fake?
  • Avoid websites that end in “lo”, for example Newslo. These sites take pieces of accurate information and then package that information with other false or misleading “facts”.
  • Watch out for websites that end in “.com.co” as they are often fake versions of real news sources, and strange or unusual domain names are a big Red Flag.
  • Check to see if other known and reputable news sites, such as the BBC are also reporting on the story.
  • If it is an anonymous story and there is no known / trusted author, it's probably fake.

To summarise, consider the source, double check if the data is correct using other reliable sources, and most importantly Think Before You Click!

If you do happen to click on a fake news story, you will need to force your browser to shut down. To do this, press CTRL-ALT-DELETE (all at the same time), open Task Manager, then select your web browser (it'll probably be called Edge, Chrome, Firefox or iexplore) and click the End Task button. This will kill the fake virus web page. Once you have done this, you can reopen your web browser BUT DO NOT TRY TO RESTORE THE PREVIOUS SESSION.

And please, if ever you see a fake story, do report it to the platform you found it on.

Email Forwarding Scam

Once again I feel the need to write another article warning about hacking and identity fraud as I have visited several customers over the last few months whose emails have been hacked. In some of these cases the email hijackers created “forwarding policies” from the customers’ email addresses. But what does this mean and why is it dangerous?

Well, in one instance, a lady received a fake email from BT asking her to login to her BT email account to retrieve her statement. By clicking on the link within the email and then entering her email address and password on the fake BT email page (which looked incredibly convincing by the way), she'd unwittingly given the hacker all they needed to get into her real email account. Once in the BT account, the hacker altered the lady’s email settings so that all of her emails were automatically forwarded to the hacker’s email address.

In another instance a customer called me because he had not been receiving emails for several weeks. It turned out that his BT email account had also been compromised and once inside his email account, the hacker had set up an auto-forward which was sending all his emails to an email address he had never heard of. We only got to the bottom of this because the hacker hadn’t ticked the box to keep a copy of the emails in the in-box; hence he was not receiving any emails.

The reason that this email forwarding scam is so dangerous is because the hackers will receive everything you receive, including bank statements, personal messages, log-in information for other websites and accounts and much more. How long would it take, I wonder, for a hacker to build up enough information from your emails to create a new identity based on you? Not long at all is most certainly the right answer.

My advice therefore to all email users is to check all your email settings, in particular ensuring that the box to forward email on is not ticked. I would also recommend being careful when clicking on a weblink within an email. Personally speaking, if I am asked to log into any of my accounts – be it email, banking, Apple, Google, Paypal or anything - I do it directly through their website and not through an emailed weblink.

I would also like to take this opportunity to stress once again the importance of strong passwords for all your accounts. The longer the password the better and the more characters there are in your password, the longer it will take for a hacker to break it, making it less likely they will continue trying. Do use a mixture of numbers, lowercase and uppercase letters and special characters as it increases the complexity of your password and increases its strength.

BT and Talk Talk Scams

You may well remember my article last year warning of the scam whereby someone claiming to be from Microsoft or Windows technical support calls to tell you that your computer has been attacked by a virus and that they need to take control of it in order to remove the virus. In return, naturally, for a large fee. Of course, the caller is not from Microsoft and there is probably nothing wrong with your PC.

It would appear that since many people are now failing to fall for the “Microsoft Scam”, the scammers have put in place a twist on an old trick and are now purporting to call from ‘BT’s support team’ and have very believable answers when challenged.

They warn you that they have detected a virus which needs to be “fixed immediately” and then get you to download a piece of software onto your PC so that they can access it remotely to be able to remove the virus. In reality, what this software does is to give them access to your computer, therefore providing them with all your passwords and log-ins etc. Not only do they then access your bank accounts, they also make purchases using your credit or debit card details.

The alternative trick is to get you to pay the best part of £400 to remove the non-existent virus from your PC.

But the scammers are not stopping at phone calls. There is now an on-line scam in which fraudsters pose as legitimate internet service providers (ISPs) offering fake technical support. It works as follows: you are happily browsing the internet when a warning pop-up appears on your screen. This pop up is supposedly from your actual internet provider warning that “malware has been detected” and urges you to call a number "for immediate assistance”. When you call the number, you will be charged an excessive call fee and be asked to install software that compromises your computer.

It is scarily realistic because the scammers know which internet provider you are subscribed to. But how? Basically they place adverts which are infected with malware on perfectly legitimate websites. The user browses these websites and without even having to click on the advert, the malware in the advert redirects the user to a website in the background which checks their computer and finds their IP address. From the IP address it is easy to find out which ISP owns which IP address.

If you’re called by one of these scammers, whether they purport to be from BT, Microsoft or another company, NEVER let them remotely access your PC and NEVER hand over your bank details. It is simply not possible for a caller to know whether your PC is infected with viruses.

If you think you’ve been a victim, run a
virus scan, alert your bank and contact Action Fraud to report the scam.

CryptoWall

CryptoWall is a very dangerous piece of ransomware that over the last few years has not only been infecting individual users but large corporates all over the world (Lincolnshire County Council included) have also been targeted.

Ransomware is a type of malware that infects a PC, encrypts data files or the entire system and then demands payment (usually in Bitcoins – a digital currency) for a code that will restore the files. Even worse is that the hackers often take the payment but still do not unlock the data.

How does CryptoWall infect your computer?
The CryptoWall trojan is distributed in several ways. Malicious websites, or even legitimate websites that have been hacked, can infect your machine by installing it without your knowledge. However, it is mostly downloaded after opening an infected email attachment.

How do you know if your computer is infected?
When trying to open a Word, Excel or a picture file, the file is launched with the correct program, however the data will not display properly.
Alternatively, a text document or web page appears with a message informing the user that their files have been encrypted. It will demand that a payment of several hundred US dollars is made to obtain a code to unlock the files.

Please,
DO NOT EVER pay the ransom as there is absolutely no guarantee that your files will be reinstated. It's just a malicious way of earning illegal money. Bear in mind that every penny you pay these evil individuals will fund their attempts to target other victims. If nobody pays, they will hopefully stop these campaigns.

Once your PC has been infected with CryptoWall, there is nothing you or anybody else can do to get back your files. Your computer can be reset to factory defaults though.

How do you prevent Cryptowall from infecting your computer?
1. Be vigilant and secure
We say it in nearly every other blog but the first line of defence is to not get infected in the first place. Avoid clicking on links or opening attachments in suspicious email messages and beware of dodgy web sites. Regularly update your internet security software as well Adobe Flash, Java and Microsoft Office.
2. Back up your data regularly
You can do this using external hard drives, a cloud service or USB flash drives. NOTE: if your back-up device is connected to your computer when CryptoWall strikes, these will be infected too.
Although these steps are no guarantee, they do add another barrier against this and other viruses and ransomware.

Ads, Add-Ons & Anti-Virus!!

First thing things first, don’t trust your anti-virus program, a very odd thing to say I know, but hear me out. You can spend any where up to £60 a year on Norton or McAfee and they give you a warm fuzzy feeling that you are safe. But beware!
Anti-virus software makes you as safe as it can and for the most part does a really good job at what it is supposed to do, which is to kill viruses and improve your firewall. It does however have 2 major flaws: it is only as good as its last update and it provides you with a false sense of security.
The internet is full of fraudsters and hackers wishing to access your bank account and what we’ve found most of the time is that we’re the ones letting them in with weak passwords and the belief that we are safe in doing crazy things like installing free programs from unknown sites that get around our firewalls.
Secondly, if you're seeing extra or unusual ads on your computer, you may have an unwanted ad injector. Ad injectors are programs that insert extra ads or replace existing ads on web pages. Unfortunately, many of these ad injectors are not detected by traditional anti-viruses.
Browser add-ons (also called browser extensions) are simple little programs that add functionality to your web browser. Some, like Adblock Plus, are really good, however there are many rogue add-ons that bombard people with ads, the most malicious of which may steal login names and other valuable data. Ad injectors may be acquired through malware, deceptive advertising, browser add-ons or simply through a careless attitude towards online risks. It is essentially "unwanted software" and in some cases can be considered as malware. Not only are ad injectors intrusive, but people are often annoyed because they have been tricked into installing them in the first place.
Only last week Google announced that after analysing over 100 million visits to their sites, they had discovered more than 200 fraudulent add-ons for its Chrome browser. It concluded that as many as 1 in 20 people who visit their websites have at least 1 malicious add on and of those users, a third have four or more. Google’s research found that malicious extensions were available for every major browser.
So our advice this week is simple: check your browser to see if you have any lurgies hanging about that could inject those unwanted and possibly dangerous adverts.

Whats the difference between malware and viruses

We are often asked what the differences are between malware and viruses and why an anti-virus cannot stop everything. This week I’d like to try to help out a little.

Malware (malicious software) is the big umbrella term. It covers viruses, worms, trojans, adware, spyware etc. Malware can be unwittingly downloaded from infected bogus email attachments, USB sticks, pirated material and hijacked websites.
There are 2 major categories of malware: hidden and visible.

Hidden Malware.
This is malware that is predominately installed without the user’s knowledge. Its intention is to cause damage or for financial gain:

Virus -
this may corrupt or delete data on your computer or even delete everything on your hard disk. Viruses spread when the software or document they are attached to is transferred from one computer to another.

Worm - a malicious computer program that is able to copy itself incredibly quickly from machine to machine, usually by exploiting a security hole in a piece of software or the operating system.

Trojan - like the mythical Trojan horse, they are often disguised as a piece of software that looks innocent. Trojans are one of the most common methods a criminal will use to infect your computer and collect personal information.

Visible Malware (Grayware)
Grayware refers to applications or files that are non-malicious, but can still adversely affect the performance of a computer:

Spyware - installs components on a computer for the purpose of recording internet surfing habits. Spyware sends this information to its author or to other interested parties when the computer is online.

Adware - displays advertising banners on web browsers, which many computer users consider invasive. Adware programs often create annoying pop-up ads and a loss of network connection or system performance.

PUPS (Potentially Unwanted Program) – software that uses high amounts of system resources and is a common cause of spam e-mails and slow systems.

The reason your anti-virus won't stop all types of malware is because the release rate of malware is so high. New malware is released on a daily basis and the anti-virus companies just cannot keep up. We advise that you protect your computer as best you can by:

  • Keeping up-to-date with the latest operating system updates and patches.

  • Installing anti-virus software and downloading updates.

  • Ensuring that Adobe Flashplayer is up-to-date. Use their official website (never use a pop-up which informs you that you need to update it): https://get2.adobe.com/flashplayer/

  • THINK BEFORE YOU CLICK. The best way to prevent a malware infection is YOU. Avoid downloading and installing anything you do not understand or trust.


Hopefully that clears things up a bit!