Ransomware attacks are on the rise in Australia. Learn how to protect yourself against it and secure your devices.
This content was replicated from the ACSC website https://www.cyber.gov.au/ransomware
What is ransomware?
Ransomware is a type of malicious software (malware). When it gets into your device, it makes your computer or its files unusable.
Cybercriminals use ransomware to deny you access to your files or devices. They then demand you pay them to get back your access.
How does it work?
Ransomware works by locking up or encrypting your files so that you can no longer use or access them. Sometimes it can even stop your devices from working.
Watch this video to learn about ransomware and how to prevent it from infecting your devices:
The effects of ransomware
Ransomware is a common and dangerous type of malware. It can affect both individuals and organisations.
Ransomware can cause severe damage. It can hurt your reputation, and cost you money.
What to look for
Ransomware can infect your devices in the same way as other malware or a virus. For example:
visiting unsafe or suspicious websites
opening emails or files from unknown sources
clicking on malicious links in email or on social media.
Common signs you may be a victim of ransomware include:
pop-up messages requesting funds or payment to unlock files.
you cannot access your devices, or your login doesn’t work for unknown reasons.
files request a password or a code to open or access them.
files have moved or are not in their usual folders or locations.
files have unusual file extensions, or their names or icons have changed to something strange.
If any of these things happen to you, check with your friends and colleagues first to see if they made any changes.
We and the ACSC recommend you do not pay the ransom. There is no guarantee paying the ransom will fix your devices. It can also make you vulnerable to future attacks. Instead, restore your files from backup and seek advice.
For this reason, it is vital to back up your data and put effective cyber security practices in place.
HTTPS stands for Hypertext Transfer Protocol Secure, and as
the name suggests, provides security to your web traffic/users.
It is especially
important when those users are giving you any kind of personal information as
it provides multiple levels of protection to that information.
All web traffic is transmitted by either HTTP or HTTPS.
These stand for Hypertext Transfer Protocol and Hypertext Transfer Protocol
Secure respectively. As the names suggests, these protocols are very similar,
but have one major difference. HTTPS wraps an encrypted layer around regular
HTTP traffic, providing a much greater level of security.
This encrypted layer is called Transport Layer Security
(TLS, sometimes called SSL).
HTTP websites can be modified by third parties, ISPs or
Hotels/restaurants/other managers of free WIFI. These third parties can add advertisements
or other unwanted content (including malware) to websites that don’t use HTTPS.
While using HTTPS you and your visitors can be certain that no-one has modified
the content of your website, and no one else has access to information being
transmitted between user and web server.
HTTPS, and the synonymous padlock, are signs of
trustworthiness and authenticity.
Chrome is by far the most widely used browser. Compared to
its closest competitor Safari, Chrome accounts for more than four times as much
web traffic. Chrome averages around the 60% mark of total web traffic. https://www.w3counter.com/globalstats.php
Google was the first major company to
mark all HTTP websites as insecure and for the last couple of years and they
have strongly advocated that all HTTP websites migrate to HTTPS. Chrome
will eventually mark all http sites as affirmatively non-secure with a red
triangle and an exclamation mark unless and SSL certificate is supplied. https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
An SSL certificate ensures all data passed between browsers and web server are kept private. The certificate can include a Serial number and expiration date, digital signature, name of the holder and a copy of the holder’s public key. In the past SSL certificates have been expensive although today they are more moderately priced. Paid certificates will usually have a more rigorous screening process and may come with insurance.
Some technologies, such as AMP (accelerated mobile pages,
which makes certain pages load almost instantaneously on mobile) require SSL.
AMP-ready pages also receive better rankings on Google. (there are other
requirements that must be satisfied before a site is amp-ready.)
There are many reasons why HTTPS is the preferred protocol
and is used by almost all major websites on the internet. From keeping your
visitor’s information safe, ensuring that your website is not modified by third
parties and a ranking boost from Google, migrating to HTTPS is an easy choice.
Should you choose to migrate to HTTPS iT and Beyond offer this service. Please contact us if you need
any assistance with your choice.
Use one of the evaluation websites listed below to evaluate the
security of your own website.
Last year over 6 million Australians were victims of online crime1, and that number will continue to rise unless something changes. iT and Beyond is a Stay Smart Online Partner and in an effort to further raise awareness of cybercrime, we are supporting Stay Smart Online Week 2018 – Reverse the Threat of Cybercrime. From October 8th to 14th, 2018 businesses all over Australia will be reversing their websites, social media pages and communications from colour to black and white, to draw attention to the dark side of the internet and thrust cybersecurity into the national spotlight. In a massive collaboration with businesses and individuals across the nation, the importance of the four key areas of Passwords, Software Updates, Public Wi-Fi and Phishing will be highlighted, and will hopefully impact Australians’ cybersecurity in a big way.
Stay Smart Online Week began in 2008, at a time when Stay Smart Online had 50 partners. Today, with over 1400 partners, they are a driving force of cybersecurity and awareness in Australia.
Network Security – Passwords, Software Updates, Public Wi-Fi and Phishing scams
A study last year found that 59% of people use the same password across all accounts2. This is great news if you’re a cybercriminal. Our passwords are our first line of defense and can be the only thing keeping your information from the wrong hands. For these reasons it’s essential to create strong passwords and use different ones for all your accounts. Implementing two-factor authentication where possible is also strongly recommended.
It’s important to install critical software updates for all devices and apps as soon as they become available. These updates can add new features, install bug fixes and fix security holes that could let cybercriminals in. Despite these advantages, 80% of Android users and 23% of Apple iOS users haven’t installed the latest software updates3. By keeping up with the latest versions of firmware and software, we can give ourselves the best chance at fighting off malicious activity online. At iT and Beyond, as part of the Proactive Managed IT Support we provide, we update all critical software updates for Microsoft Windows operating systems on workstations and servers, Microsfot Office software, Adobe software, Java software and Browser software (Microsoft Edge and Internet Explorer, Google Chrome, Mozilla Firefox).
Public hotspots aren’t always safe, and when connecting to the internet this way you can never be sure cybercriminals can’t access your information. Some simple ways you can stay safe while using public Wi-Fi are turning off any auto-connects, avoiding online shopping and banking and critically evaluating any rogue hotspots before you connect.
Phishing scams – email, SMS, social media
As one on the most common online scams, phishing scams cost Australians $50 million in 20174. This included emails, SMS, social media messages and more attempting to trick individuals into giving out personal identifying information, online banking logins and credit card details.
Being diligent when assessing online communications and thinking before you click can be the difference between your continued cybersafety and a successful phishing campaign. Remember to avoid clicking links or opening attachments in suspicious emails, and never assume the person you are talking to is who they say they are.
The Stay Smart Online Week 2018 initiative provides a great platform for businesses to share knowledge, experiences and best practices, which will promote education and allow others to share the benefits. Feel free to participate in any way you can, because the more people who get involved, the bigger the impact on national cybersecurity awareness will be.
A new email phishing scam is hitting inboxes , targeting myGov login and bank account details. The email purports to be from the Australian Government Department of Human Services, and includes logos from the Australian Government, Medicare and myGov, which all serve to make the body visually convincing. The email demands an update to Electronic Funds Transfer (EFT) payments with Medicare, ultimately claiming that this will allow for “prompt Medicare payments for benefits and claims”.
Following the email’s link opens a replica myGov website, which features relevant logos and a familiar design. One indication of the illegitimacy of the website is its URL: mygovau.net. The real myGov website’s URL is my.gov.au. It’s a good idea to search for sign-in pages online, or type in the URL manually, rather than follow a link in an email. This ensures that you won’t be taken to an imitation site with a modified URL designed to steal your credentials.
If login details are input, security question and answer are requested, before the user is taken to a fake Medicare site. This site aims to retrieve a range of information, including bank name, BSB number, account number, customer number and online banking password. Of course, this information would never be requested via email, and should not be entered after following links in emails.
Computer Security Tips for staying safe
Never click links in emails claiming to be from myGov or Medicare. You will never be sent an email with hyperlinks or web addresses from either of these sources
Be wary of any email that asks you to login to an account or input personal information such as bank account details
Don’t open a message if you don’t know the sender, or if you weren’t expecting the message
Be suspicious if you receive an email not addressed directly to you, or that doesn’t use your correct name
Login to myGov by manually entering the web address in your browser, and check your inbox there for any legitimate emails from Medicare
Always check the sender email address, and confirm that it matches the email body and the domain name of the company the sender claims to represent
Hover over links in emails to verify the URL
Contact the organisation independently to confirm whether they sent the message
If you think your personal information has been compromised, contact Australia’s National Identity and Cyber Support Service, IDCare.
“KRACK” security vulnerability discovered in WiFi Protected Access II (WPA2) security protocol
A security flaw has been discovered that could be used to hack into any device that uses WiFi, including smartphones, tablets, laptops desktop computers, laptops.
Many modern Wireless networks use WiFi Protected Access II (WPA2) security protocol and security certification programs to secure the wireless computer network. WPA2 wireless protocol has a new security vulnerability called “KRACK”, which is short for Key Reinstallation Attacks. This security flaw has been discovered by researchers at KU Leuven, a university in Flanders, Belgium.
Attackers can use this to steal sensitive information that is sent over a WiFi network that uses WPA2, including credit card numbers, passwords and other sensitive information. It may also be possible for an attacker to inject malicious information into the WiFi network which could include malicious ramsomeware and malware. The attacker needs to be within Wireless range.
The vulnerability is not per individual device but the actual WPA2 protocol, which means all devices that use WPA2 could be affected.
What you should do about the WPA2 “KRACK” security flaw on your WiFi networks
KRACK does not use your WiFi password to get access to your network, so changing your WiFi password will not make you less vulnerable, although changing your password regularly is good practice.
Many WiFi product vendors will be releasing updated firmware and drivers for their products. To protect yourself, we strongly recommend that you update your hardware as soon as an update is available.
For our clients who enjoy our Proactive Managed IT Support and Network Security services, we have details of all WiFi equipment and will continue to monitor when vendors release updates and will install them as soon as they become available.
The devices and hardware that will need to be updated, once patches are released, include the following:
Wireless Access Points (WAP) including Office and Home routers
Tablets and e-readers that use WiFi
Home devices connected to WiFi including Apple TV, NEST, Amazon Echo and Google Home
Printers, both home and office, that use WiFi
Any other device that uses WiFi
Need more information about KRACK, below are some helpful links to give you more of an insight into the KRACK WPA2 Vulnerability.
One of our security partners Sophos, have some great IT Security Tips and have launched a Spot the Phishquiz to test your skills by spotting ransomware attempts. There are some great prizes on offer.
Cybercriminals are often smarter than we think, and they’re using those skills effectively to make phishing emails harder and harder to spot.
Sophos RansomWare IT Security Tips – Spot the Phish RansomWare Phishing scam online quiz.
Can you identify a phishing email from a legitimate one?
The new Sophos online Spot the Phish quiz, tests your skills to see how many fraudulent emails you can spot.
In this contest of speed and skill, correctly identify ransomware attempts from legitimate emails and be among the fastest participants and you’ll be eligible to win one of seven prizes: a 12” MacBook, three iPad Pros, or three iPhone 7s, complete with AirPods. But you better be quick as this is your final chance to play before this contest ends on the 20th of December 2016.
Don’t worry if you are not sure as there will be a chance to participate in the Sophos online phishing school to learn more.
This short Sophos video on our YouTube Channel also provides some great tips on IT Security:
Our Network Security solutions can show you how cost-effectively protect and maintain the security of your network, assets and data against external attack, providing you peace of mind.
Amazon Go Mobile Computing – a whole new way to shop, featuring the world’s most advanced shopping technology.
Mobile computing and our ability to harness its benefits to improve productivity has come a long way and continues to revolutionise business and every day activities.
Online retail giant Amazon, published this video on Monday 6 December, 2016 on their new physical store concept.
No lines, no checkout. Shoppers simply use the Amazon Go app on their smartphone, take the products they want, and go! Just walk out, without getting arrested. Technology detects your selected items and automatically charges your Amazon account when you leave the store.
Selecting IT Systems that are right for your business
As is the case for our small business, accounting firm or not-for-profit (NFP) clients, the IT Systems we choose, need to reduce our costs, increase our productivity, mitigate business risks and assist us to provide superior customer service to our clients.
At , we practice what we preach when it comes to selecting IT Support Systems, including strategic research, investment and ongoing development of breed-of-breed technology that provides automation throughout the entire delivery of Proactive IT Support services we provide.
Although the IT Support industry is spoilt for choice of IT Systems Management solutions and tools, careful cost-benefit evaluation and ongoing improvements are required to maximise investment benefits. Some computer support tools are designed for specific tasks, whilst other solutions are feature rich and include components such as 24x7x365 Remote Monitoring & Management, Remote Control, Patch Management, Network Discovery & Performance, IT Automation, Backup and Disaster Recovery, Security, Professional Services Automation, Project Management and Customer Relationship Management.
After strategic research and testing of available solutions, we chose a unique IT Systems Management framework and online Client Support Portal that are both powered by leading global provider Kaseya and driven by Best Practice.
Kaseya Virtual System Administrator (VSA): Remote Monitoring & Management (RMM)
Kaseya Business Management Solution (BMS): Professional Services Automation (PSA) and Client Support Portal
Both IT Support systems are cloud based Software as a Service (SaaS) solutions. They provide the flexibility needed to customise Proactive IT Support configurations for our small business, accounting firm or not-for-profit clients. We continue to invest in ongoing development and improvements and their ability to help us prevent problems before our client’s notice them.
Kaseya’s solutions may not be the cheapest in the market, but as is the case with many IT Solutions, you get what you pay for.
Award Winning IT Support systems for Small Business, Accounting Firms and NFPs
Caution when installing Java Updates is required or you may be tricked into installing FoistWare.
What is FoistWare (also called CrapWare)?
Firstly, lets explain what we mean by FoistWare. FoistWare is a tactic used by software developers to install additional software during the installation process, sometimes without the users knowledge or consent or with deceptive messages that trick the user into installing the additional software.
Often if you accept the default installation options, the unrelated third-party software is installed.
The FoistWare itself may be a legitimate program, though the manner in which it is installed makes it FoistWare.
The software developers try to make a quick buck by tricking users into installing software they don’t need, which can impact on system performance.
Some FoistWare applications are browser hijacks that modify your web browser’s settings without user’s permission, which can inject unwanted advertising, replace your existing home or search pages.
This tactic is sometimes used by Freeware software developers and has been used by Oracle for many years when installing updates to their popular Java software.
What is Java (by Oracle)?
Java is a programming language and computing platform used on many devices from laptops to datacenters, game consoles and mobile phones. Lots of applications and websites will not work unless you have Java installed.
For Australian Accounting firms and Businesses, one especially relevant application that needs Java is the Australian Government’s AUSkey secure login, used to access participating Government websites.
Oracle is at it again installing deceptive software with Java Updates
Java Updates have previously tricked users to install the Google Toolbar, Yahoo and Ask Toolbar and Search App. Here’s one example of what users were prompted with when installing previous Java Updates:
Previous Java Update defaulting to install Ask Search
The latest Java updates now try to trick you into installing the Teoma Search App:
Latest Java Update Install Offer Teoma Search App
Other vendors that have been purveyors of FoistWare include:
Adobe when you download Flash Player, included Google Toolbar for Internet Explorer or when you download Reader downloaded Google Chrome.
Our Recommendations for Caution installing Java Updates
It is important to install patches and updates for all software, including Java. If you don’t install the latest Java update, you may not be able to use your AUSkey to access Government websites.
When installing software, including updates, always review installation questions/options, rather than simply accepting the Defaults and clicking Next, Next, Next.
If you require any assistance with installing updates, removing any unwanted FoistWare inadvertently installed, or removing any browser hijacks, please Contact Us.
See the following articles for more information on Java Updates installing FoistWare: