Tech News

Latest Ransomware Demands Charity Work to Return Data

A new strain of ransomware, called GoodWill, has recently been detected. Rather than requesting money, it forces its victims to complete a series of charitable tasks in order to retrieve their data. The ransomware can leave your business unable to operate while you are forced to follow the time consuming instructions on how to retrieve your data. The instructions so far include doing a number of charitable tasks and documenting them online.

So what is Ransomware

Ransomware is typically a form of malware that will encrypt a user’s photos, documents and other files. This prevents them from accessing any data until they have followed the hackers instructions. They usually extort their victims to pay a ransom in order to receive the decryption key to recover their data.

What Goodwill ransomware demands

The GoodWill ransomware is different, rather than asking for a money, the group direct their victims to perform three good deeds. They must record them and post them on social media to supposedly encourage others to follow suit.

The ransomware’s first task requires its victims to provide clothing and blankets to people in need. They must then feed five kids under the age of 13 at a Dominos, KFC, or Pizza Hut, and take a selfie with the kids. Finally, the victims must find a stranger in hospital and pay their hospital bill.

The ransomware victims must document all of these acts and post the photos on Instagram, Facebook or WhatsApp. The hacker group writes, “It doesn’t cost you high, but matters for humanity,” on their security bulletin. What is not clear exactly who they’re targeting or how they determine their victims’ capabilities to fulfil these tasks.

What can you do to protect your network

We recommend having an up to date, paid Anti Virus like Avast to protect you from ransomware and other attacks. We sell the latest cloud Anti Virus software which offers the best protection against these type of ransomware attacks. Contact us for details on hope to protect your network.

Facebook, Instagram, Whatsapp and Facebook Messenger have gone down

Facebook, Instagram, Whatsapp and Facebook Messenger have all gone down in a major outage. Outage website Downdetector noted a spike in user reports relating to the services. The services all share common backend infrastructure.

Facebook users were greeted with this message when trying to access the site.
“We’re working to get things back to normal as quickly as possible, and we apologise for any inconvenience.”

On Twitter, Facebook policy communications director Andy Stone said the company was aware of the reported problems. They are “working to get things back to normal as quickly as possible”.
The New York Times reports Facebook has now sent a team to one of its California data centres to manually reset the servers.

Facebook is going through a major crisis after a whistleblower who exposed the company’s awareness of internal research into the negative effects of its products and decisions went public on 60 Minutes in the US on Sunday.

Frances Haugen was identified in the interview as the woman who anonymously filed complaints with federal law enforcement. The complaint alleges that the company’s own research shows how it magnifies hate and misinformation. It also leads to increased polarisation and that Instagram, specifically, can harm teenage girls’ mental health.

World’s most dangerous’ botnet brought down

Police have seized thousands of computers running one of the most dangerous hacking networks worldwide. The Emotet network obtains access to victims’ computers, via malicious email attachments, then sells it to criminals who install more dangerous malware.

Police from the UK, EU, US and Canada worked together to “disrupt” Emotet. Europol called it “one of most significant botnets of the past decade” and one of the main “door openers” for computer systems worldwide. Once unauthorised access was established, it was sold to other top-level criminal groups. They would use this to deploy further illicit activities such data theft and extortion through ransomware, it said.

Dmitry Smilyanets, from Recorded Future, said: “Even if the creator and his support and operators are not arrested, they likely will not try to rebuild. They have enough cash to retire in peace – or start a new criminal adventure. Working botnet’s are a very complicated system. If more than a half of the infrastructure is not working, it’s safe to say bye-bye.”

Emotet was initially a banking trojan, designed to spy on victims’ computers and steal login details. Victims would receive an apparently important Word document marked for their attention. When opened, it would ask them to “enable Macros” that actually opened their computer up to attackers.

“The most successful and prevalent malware of 2020 by a long way”, he said. It had, over the course of the year, sent phishing emails with more than 150,000 different subject lines and 100,000 file names for the attachments.

“It constantly adjusted its phishing emails to victims’ interests and global events. For example, the Covid-19 pandemic or major shopping seasons such as Black Friday,” Mr Finkelstein said.

Personal information leaked by Melbourne-based Council and Recruiter

Sensitive personal information leaked by recruiter

A Melbourne recruiting company leaked sensitive personal information on Amazon Web Services Simple Storage Service. The online storage was left open for anyone to access for over a month. A Melbourne-based security researcher found the open storage instance on October 24. It was found to contain images of passports, driver’s licenses, tax forms, and employment contracts. While it is not known how long the online storage was left exposed, it was indexed by one or more search engines on September 14 this year. One search engine found 12,709 files in the online storage, these included passports, driver’s licenses, tax forms and thousands of employment contracts.

The breach will be reported to the authorities and the workers affected by the data breach. Let this be a timely reminder about the dangers of cloud storage and need for implementing strong  security measures. This company did save a few hundred dollars when they rolled out the cloud storage themselves but now face hundreds of thousands of dollars in fines for breaches of the privacy act.

City of Port Phillip leaks personal information in data.gov.au blunder

An unknown number of residents who reported graffiti to a Melbourne-based council have had their personal information inadvertently published on the federal government’s open data portal. The City of Port Phillip council revealed the data breach on Wednesday. Names, phone numbers and email addresses were disclosed in its graffiti management data on data.gov.au. Property addresses “used to identify the location of the graffiti” were also accidently release “in some instances”, which the council said “may link the person reporting the graffiti to that address”.

“Council became aware of the breach on 5 October 2020 and in response conducted an internal investigation,” the council said. “It was determined that the data breach started in March 2020. “The data was immediately suspended from the data.gov.au website on 5 October 2020, to prevent any further views/downloads. “Council has tried to directly contact any persons affected by this breach via email.”

“As the data was open to the public, Council is not able to confirm who has accessed the data,” it added. As a result of the accidental disclosure, the council said it had updated the process for publishing open data, and now included a “peer review and sign-off prior to publishing”. It has also updated “automated generation of data”, so to include only “information that relates to the location of graffiti (street number, street name, suburb, postcode and date submitted)”.

“Council sincerely apologises for the disclosure of personal information and for any distress and inconvenience this may cause,” it said. “Council regards the protection of personal information to be of great importance and makes every effort to safeguard personal information under its control. “Council assures that this breach is being appropriately addressed by the organisation. All efforts will be undertaken to ensure that future breaches of this nature do not occur.

ACCC investigate Apple and Google over the way they control what Apps you can install on your Phone

As part of its ongoing digital platform services inquiry, the Australian Competition and Consumer Commission (ACCC) is joining other international agencies to investigate Apple and Google over the way they control what Apps you can install on your Phone.

Apple’s App Store is a particular point of interest as unlike Android, which does allow you to install apps from elsewhere, the App Store is the only way for iPhone and iPad users to get apps. This means it’s also the only way for to developers to get their apps to consumers. They’re forced to give Apple 30 cents out of every dollar they make from purchases in the app. Google also charges a similar amount to app developers.

Apps have become essential tools for daily living for many Australian consumers. A trend that is likely to have increased during the COVID-19 pandemic. Apps are, in turn, increasingly important for businesses as they promote, grow and run their enterprises. ACCC deputy chair Delia Rickard said. The consumer watchdog is “examining potential competition and consumer issues in this area”; with a particular focus on the fact the marketplaces are pre-installed on consumer devices.

How marketplaces determine what apps can go on its store and how those apps are ranked ahead or below one another is also under the microscope. For app developers and suppliers, gaining a spot in one of the major app stores can result in significant sales. Failing to gain access can be a major setback and a total block on app sales. We are keen to provide greater transparency on how this process works, Ms Rickard said.

A survey on the ACCC’s website asks for your thoughts, which you can provide anonymously. They are open for submissions until October 2.

Some of the questions include concerns about the amount of information users are given about apps before they download them. Also how those apps handle data, as well as around hidden costs in apps and misleading or scam apps.

The survey can be taken at https://consultation.accc.gov.au/communications-1/app-stores-consumer/

WordPress locked out of Apple App Store

Apple has been forced to make a public apology after it locked out WordPress from its app store. This was done in a move to get more profit from in-app purchases. WordPress founder Matt Mullenweg noticed on Friday that his company had been locked out. All he had to do was change the free app status of WordPress and allow in-app purchases. Apple would then be eligible for a 30 per cent cut of any purchases made through the app.

Mr Mullenweg was opposed to the idea, especially as he founded WordPress to make the internet free for everyone.

“My life’s mission, and the purpose of WordPress, is to increase the freedom of the internet,” he said in a later tweet. After his tweet got thousands of reactions, he prompted an apology from the tech giant. “We believe the issue with the WordPress app has been resolved,” Apple said in a statement. “We have informed the developer and apologize (sic) for any confusion caused.”