• NO Processing Fee, No Diagnosis Fee, NO Data No Charge
Surge of MegaCortex Ransomware attacks detected
08 May

Surge of MegaCortex Ransomware attacks detected

Surge of MegaCortex Ransomware attacks detected

A new strain named MegaCortex.

A cyber-security firm in the UK has reported detecting a spike in ransomware attacks at the end of last week from a new strain named MegaCortex. The firm said the MegaCortex ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions – a tactic that is known as “big-game hunting.” The modus operandi is not new and has been the preferred method of delivering ransomware for almost half a year.

MegaCortex now joins an ever-growing list of ransomware strains that cyber-criminal groups are using only in targeted attacks, rather than with spam or other mass deployment techniques. The list includes some recognizable names, such as Ryuk, Bitpaymer, Dharma, SamSam, LockerGoga, and Matrix.

SUDDEN RISE OF ATTACKS THIS MONTH.

According to a report released late Friday night 3rd May 2019, MegaCortex was first spotted back in late January, when someone uploaded a sample on malware scanning service VirusTotal.

Since then, the number of attacks has been growing, but they spiked mid last week when the firm says it detected 47 attacks – accounting for two-thirds of all the 76 MegaCortex attacks the company has seen all year.

The firm says it blocked the attacks it detected, which originated from enterprise networks located in the United States, Canada, the Netherlands, Ireland, Italy, and France. However, other megacortex attacks might have occurred in other places where the UK antivirus vendor had no coverage.

 

 

Share this
Facebook Messenger Spam and scam is targeting its victims via a video link malware
15 May

Facebook Messenger Spam and scam is targeting its victims via a video link malware

Facebook Messenger Spam & Scam Spreading Malicious Chrome Extensions, Adware

Beware Facebook Messenger users, as cybercriminals are targeting victims by spreading malware through links sent by their friends.

The malware campaign was discovered by David Jacoby, a senior security researcher in the global research and analysis team at Kaspersky Lab, who was himself targeted after a Facebook friend with whom he rarely interacts, sent a link to a purported video file in Messenger.

After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” David said.

So, how does this malware spread? Apparently, the malicious message containing a bit.ly or t.cn link and the name of the user plus the word “Video” arrives through one of your friends account on Messenger to make the potential victims believe that it is a legitimate video link. When the victim clicks on the link, it will take the user to a Google Docs page that has a screenshot photo of that Facebook friend. The message is made to look like a playable movie.

But when clicked on that video, the victim is redirected to external sites depending on their browser, location and operating system that ultimately attempt to lure them into installing the malware. This malicious software, if downloaded, will cause the victim to spread the virus to their contacts on Facebook Messenger.

By doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links,” Jacoby writes.

 

facebook_messenger_malware

For example, a Google Chrome user is redirected to a fake YouTube page with a fake error message designed to push the user in downloading a malicious Chrome extension.

Meanwhile, on Firefox, the users get directed to a website displaying a fake Flash Update notice, which attempts to run a Windows executable to deliver the adware. Since this malware is cross-platform, it affects MacOS Safari too and offers the download of a .dmg file, which is also adware.

It is unclear how the malware spreads via Messenger.

The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking,” David speculated.

The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” said David.

We know that clicking on unknown links is not recommended, but through this technique they basically force you to do so.

Please make sure that you don’t click on these links, and please update your antivirus!,” added David.

When ZDNet got in touch with Facebook regarding the matter, a spokesperson for the social media giant said: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook.

“If we suspect your computer is infected with malware, we will provide you with a free antivirus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.

Source: ZDNet

Share this
How to prevent Locky ransomware
07 Jun

How to prevent Locky ransomware

How to prevent Locky ransomware

Remember that preventing Locky and extortion-ware like it is simply a matter of user discipline and an awareness of how malware can be contracted. The first consideration for stopping infections is to maintain an up-to-date system. This includes operating system security patches and ensuring that you’re using the latest version of your browser; place browser settings to their highest that still allow access required and warn of hazardous ‘site content. Disallow all add-ons, plugins and extensions. Install a good firewall that will cover ALL routes – including remote and networking connections; set this to disallow communication on Tor and I2P networks (so that if a trojan does gain entry, it cannot communicate and execute), block unauthorized port use. Get the best security software possible that will carry out in-depth scans. For good measure, make backups as regularly as possible to external storage.

lockyvirus

The next consideration is settings, or privilege. On a network of any size – family or business – do not use the Administrator log-in for general use, or stay logged-in for longer than necessary in this capacity. It’s safer to give the username/password to everyone who may need it with the instructions to log-off when a task is completed. Allow strictest Admin privileges that still enable the network to function (see the Microsoft website for more detail on this).

lockyvirus2

The easiest element of prevention is good working practice – though perhaps this is sometimes the most difficult to enforce or adhere to. Bear in mind the delivery routes mentioned above. In the case of the e-mail delivery threat, depending on a system, set ‘mail to highest security. Ensure that all users are aware of the risks of opening unsolicited ‘mail. Disallow ActiveX (macro) function for all Microsoft Office applications. Find a method to filter incoming containing attachments and preview if neccessary by left-clicking and viewing Source in Properties which will supply the body of the text and display any hidden attachments without actually opening the file (DO NOT preview in Print Preview, as this can execute some malware).
Stay organized and up-to-date – don’t let this current threat know your business!

macroslocky

Contact us now

If you’ve lost valuable, irreplaceable data   or need Data Recovery Plan for your Oraganisation or business— We can save it! Call us now at +254 711 051 000 or visit our offices Chiromo Court 3rd Floor Westlands, Kenya. Best of it, we have distributed offices all over East Africa and can easily get your device brought to us from anywhere in East Africa.

Also  we have other services in data recovery for various  devices; Hard Drives, Laptops, Desktops, Raid SystemsRAID / NAS / SAN , Servers, Memory Cards, Flash Drives, Databases, SSD Drives etc

East African Data Handlers ltd  no data – no charge policy means you owe us nothing if we are unable to recover your critical files.

Share this
Email us
+254-711-051-000
Live chat with us

© 2015  East African Data Handlers. All rights reserved.