New Ransomware Attack Alert: BadRabbit

Yesterday many businesses worldwide were hit by a new ransomware outbreak targeted at a small number of organizations within USA, Russia, Ukraine, Turkey, Germany, Bulgaria, and Estonia. Likely created by the same authors as the Petya/NotPetya ransomware, BadRabbit pretends to be an Adobe Flash update. It relies purely on social engineering, encouraging user interaction.

Customers using Malwarebytes Endpoint Protection, Malwarebytes Endpoint Security or Malwarebytes Anti-Malware for Business are protected against this specific ransomware variant.

If you would like a quote for Malwarebytes then please get in touch.

For more information on the BadRabbit ransomware attack click here.


Read More

iPhone X Face ID Security

Are you considering upgrading or buying the new iPhone X?  Is privacy important to you?  Do you know how secure the new faceID really is?  You may wish to read the following article by wired for more of an insight into this feature before committing to a £1000 purchase.



Read More

Ransomware ‘here to stay’, warns Google study

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.

The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type.

Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat.

Two types of ransomware made most of the money, it said, but other variants are starting to emerge.

“It’s become a very, very profitable market and is here to stay,” said Elie Bursztein from Google

Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. The files are only decrypted when a victim pays a ransom. Payments typically have to be made using the Bitcoin virtual currency.

Novel variants were expanding quickly and many were encouraging fast expansion by paying affiliates more if they placed the malware on to large numbers of machines. The ransomware as a service model was already proving popular, he warned.

“It’s no longer a game reserved for tech-savvy criminals,” he said. “It’s for almost anyone.”

As the threat from Ransomeware increases, we advise in the strongest terms that everyone should have sufficient backup and Ransomeware protection in place on their systems.  If you’re unfortunate enough to be affected by one of these attacks, and you have neither of the above safeguards you will almost certainly loose your data and be faced with the difficult decision of whether or not to pay the ransom.  These figures can be very high.  In a recent case handled by Plexio, a client was asked for over £4000 to decrypt their data.  As they had a robust backup regimen in place, we were able to recover all the clients data without them paying the ransom.  Contact us to discuss your options.

Read More

More Ransomware Facts & Figure$ from the BBC

Ransomware attacks on businesses around the world rose 50% last year, research into successful cyber-breaches shows.

Its popularity means malware is now responsible for 51% of all the incidents analysed in the annual Verizon data breach report.

This analyses almost 2,000 breaches to find out how firms were caught out by cyber-thieves.

It also found that measures taken by some firms after payment systems were targeted, stopped new breaches.

Glimmer of hope

The rapid rise in the number of successful ransomware attacks was widely expected, said Marc Spitler, senior manager in Verizon’s security research division, simply because so many malicious hacking groups were adopting the tactic.

“Ransomware is all about how can they get more money per infected device,” he said. 

A separate report by security firm Symantec found that the average amount paid by victims of ransomware had risen to $1,077 (£834).

Consumers were likely to be hit straight away with ransomware, said Mr Spitler, but attacks on businesses were stealthier. Often, he said, attackers burrowed deeper into a company’s infrastructure to find key databases that were then scrambled before payment was sought.

In most attacks, booby-trapped attachments sent via email were the main delivery mechanism for ransomware and other malware, found the report.

“These attacks are all about getting a foothold on a system,” he said, adding that once attackers were inside an organisation they typically looked to use the back doors for many different types of attack.

Darren Thomson, chief technology officer for Symantec in Europe, said its statistics suggest about one in every 131 email messages was now harbouring some kind of cyber-threat.

“They are arriving in Word documents and Excel spreadsheets,” he said, “the messages people get many times a day.”

The Verizon report also spotted a shift in the targets of cyber-attacks with 61% of victims now being companies with fewer than 1,000 employees.

The good news, said Mr Spitler, was that some industry sectors that had been hit hard before, now appeared less often in its attack statistics – suggesting their digital defences were starting to work.

“The lack of large retailers suffering point-of-sale intrusions was a glimmer of hope,” he said.

Read More

Ransomware – Be Aware!

The below article outlines the threat from Ransomeware.  These attacks are very real.  Plexio have recently dealt with a very sophisticated attack, and only the fact that the client uses our online backup saved them from losing ALL their data to the crooks involved.  The ransom demanded was 4 Bitcoins – nearly £4000 at the time.  Needless to say they declined to pay.  PLEASE READ THIS , IT MAY HELP YOU…..


A recent survey has suggested that one in five businesses has been hit by a cyber-attack in the last year.
The study, released by the British Chambers of Commerce (BCC), revealed that 20% of firms have fallen victim to a cyber-attack within the last 12 months. Of those targeted, 42% were businesses employing more than 100 staff. The survey also revealed that the majority of businesses (63%) rely on IT providers to resolve problems after an attack.

Ransomware has become one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.
The current wave of ransomware families can have their roots traced back to the early days of FakeAV, through “Locker” variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration.

Even though most companies have extensive security mechanisms in place, such as virus scanners, firewalls, IPS systems, anti-SPAM/anti-virus-email-gateways and web filters, we are currently witnessing large numbers of infections worldwide. Files on computers and network drives are encrypted as part of these infections in order to blackmail the users of these computers to pay a sum of money, usually in the region of USD 200 -6000, for the decryption tool.

A common infection scenario may look like this:
 A user receives an email that comes from a seemingly plausible sender with an
attached document, a parcel service with attached delivery information or an external company with an attached invoice.
 The email attachment contains an MS Word or Excel document with an embedded
macro. If the recipient opens the document a macro will attempt to start automatically, executing the following actions:
 It tries to download the actual ransomware payload from a series of web
addresses that only exist momentarily. If a web address cannot be reached, the next one is accessed until the payload has been downloaded successfully.
 The macro executes the ransomware.
 The ransomware contacts the command & control server of the attacker,
sends information about the infected computer and downloads an individual public key for this computer.
 Files of certain types (Office documents, database files, PDFs, CAD documents,
HTML, XML etc.) are then encrypted on the local computer and on all accessible network drives with this public key.
 Automatic backups of the Windows operating system (shadow copies) are
often deleted to prevent this type of data recovery.

A message then appears on the user’s desktop, explaining how a ransom (often
in the form of bitcoins) can be paid within a time frame of e.g. 72 hours to ensure delivery of a suitable decryption tool with the private key that is only available in the attacker’s system.
 The ransomware will then delete itself leaving just the encrypted files and ransom
notes behind.
This is just an example of how such an infection scenario may play out. While email is a popular technique to spread these threats, by no means is it the only approach.

Contact Plexio to discuss protection for your buiness today.

Read More

DHL Phishing Emails

Yet another new slant on a phishing attempt.  An email that looks as though it comes from a courier – but if you look into it a little further you’ll see the sender’s email address is very suspect.  If you get one of these, don’t do anything other than delete it.

Screen Shot 2015-12-04 at 09.07.59Screen Shot 2015-12-04 at 09.08.29

Read More

Paypal Scam

Another round of phishing emails have appeared asking you to lift a restriction from your Paypal account. Needless to say there is no restriction on your account & they should not be actioned, but immediately deleted.


Screen Shot 2015-12-01 at 09.01.46

Read More

How to make your Wi-Fi hotspot work for you.

Last week we installed a Guest Wi-Fi system in the Hanover Hotel in Liverpool city centre.  The system enables the hotel to keep their guest network separate from their private network, whilst sharing a single broadband connection, and using the system to market their business.

Guest Wifi


This enables the hotel to build their social media presence and at the same time create a marketing database.  This is achieved by presenting customers with a log on screen that asks them to login with one of their social media accounts, or if they don’t have one, to input their name and email address.  If they login with Facebook they are then asked if they would ‘Like” the hotel’s Facebook page.  Once they do this the hotel are able to promote their business to the guest by having their posts appear on the guest’s Facebook page.  Guest’s email addresses are also collected and used for email marketing campaigns.


By the use of a controlled wireless system, multiple access points are centrally managed giving full coverage with no dead spots & instant handoff when a mobile device is moving between access points.  Individual devices are separated from one another, so if one user’s device is infected with a network aware virus it will not spread to other users. File sharing and torrenting protocols are also blocked to prevent network abuse, and specific devices are automatically blocked for a pre-set period of time if an attempted illegal operation is detected.


Read More