Disguising itself as an invoice proved to be an effective approach for the original Locky ransomware, which infected millions of users in 2016. Although it was mostly defeated, hackers are currently using a similar approach to spreading a new type of malware. In 2017, a new Locky ransomware is poised to duplicate the success of its predecessor.

Quick facts

According to a threat intelligence report, the email-based ransomware attacks started on August 9 and were detected through 62,000 phishing emails in 133 countries in just three days. It also revealed that 11,625 IP addresses were used to carry out the attacks, with the IP range owners consisting mostly of internet service providers and telecom companies.

How it works

The malicious email contains an attachment named “E 2017-08-09 (580).vbs” and just one line of text. Like the original Locky authors, attackers responsible for the new variant deploy social engineering tactics to scam recipients into opening the attached .doc, zip, pdf, .jpg or tiff file, which installs the ransomware into their systems.

When an unsuspecting user downloads the file, the macros run a file that provides the encryption Trojan with an entry point into the system. The Trojan then encrypts the infected computer’s files.

Once encryption is completed, the user receives instructions to download the Tor browser so they can access the "dark web" for details on how to pay the ransom. To retrieve their encrypted files, users will be asked to pay from 0.5-1 Bitcoin.

What you need to do

This ransomware variant builds on the strengths of previous Trojans. In fact, the original Locky strain made it easy for cyber criminals to develop a formidable ransomware that could evade existing cyber security solutions. This is why adopting a "deny all" security stance, whereby all files are considered unsafe until proven otherwise, is the best way to avoid infection.

Here are other tips to avoid infection:

• Don’t open unsolicited attachments in suspicious emails. Alert your IT staff, and most importantly disallow macros in Microsoft Office unless they’ve been verified by your IT team.
• Performing regular backups guarantees you never have to pay cyber criminals a ransom. If all other security measures fail, you can always rely on your backups, which protect your business not just from cyber crime-related disasters, but also from natural and other unforeseen system failures.
• Train your staff to identify online scams like phishing. This and other similar ransomware strains take advantage of users’ lack of cyber security training.
• Update your operating systems as soon as updates become available to reduce, or eliminate, the chances of your system’s vulnerabilities being exploited.

Even with a trained staff and the latest protections installed, your IT infrastructure may still have unidentified security holes. Cyber security experts can better evaluate your entire infrastructure and recommend the necessary patches for your business’s specific threats. To secure your systems, get in touch with our experts now.

The post Beware of a new Locky-type ransomware appeared first on Complete Technology Resources, Inc..

Contrary to popular belief, Macs do get hacked. Although it doesn’t happen as frequently as it does on Windows PCs, Macs have been infected by worms, Trojan horses, and other forms of malware in the past decade. Recently, security researchers discovered a new spyware that has flown under the radar for several years.

Fruitfly spyware
The spyware, known as Fruitfly, was first discovered in January 2017, but Synack chief security expert, Patrick Wardle, discovered a more cunning variant last month.

Along with being able to track the victims’ names and locations, the spyware reportedly gives the hacker control over webcams, mice, microphones, keyboards, and notifies hackers any time the computer is in use. This enables hackers to take non-consensual photos, capture screenshots, track keystrokes, and record audio.

What’s surprising is this type of spyware is not built for financial gain or designed to steal government secrets. It’s used to spy on regular people. According to experts, the hacker developed the spyware for voyeuristic reasons. Collecting private data from users also suggests that hackers planned to set up more targeted social engineering scams.

So far, there have been only 400 confirmed Fruitfly infections, but considering how it has remained hidden for nearly decade, that number could be much larger.

While experts are still not sure who created the malware and how it is delivered, it’s best to follow security best practices like avoiding pop-up ads, banners and suspicious file attachments, using extreme caution when downloading free software, and update applications frequently.

Users should also install anti-malware software with spyware detection capabilities and perform full system scans as often as possible. New security patches have been released to detect and block Fruitfly variants, so you should keep your security software up to date at all times, too.

Surge in Mac Malware
Windows PCs are targeted more frequently, but a recent threat intelligence report by McAfee found that the Mac malware incidents have grown by 53% over the first quarter of 2017.

Hackers will likely uncover new vulnerabilities in the future, which means Mac users can no longer afford to think that their device doesn’t need strong security software and support from managed services providers.

If you’re worried about the security of your Mac, talk to us today. We offer comprehensive solutions that can defend against the new Fruitfly strain and a host of other cyberattacks.

The post Fruitfly spyware targets Mac computers appeared first on Complete Technology Resources, Inc..