Hackers publish thousands of files after government agency refuses to pay ransom

In an update on last weeks report on the ransomware attack faced by the Scottish Environment Protection Agency (SEPA), the malicious actors have published stolen data after SEPA refused to pay the ransom.

The ransomware gang have published over 4,000 documents and databases relating to strategy, contracts and commercial services as a result of the non-payment. The chief executive of SEPA has stated “We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds”.

Almost a month after the initial attack, SEPA’s systems remain disrupted.


WARNING: National Insurance scam leads to surge in calls to Action Fraud

Action Fraud is warning the public about a National Insurance scam after a receiving an influx of 1000 calls from the public last week.

Targeted individuals have reported receiving automated phone calls claiming that their National Insurance number has been compromised and to amend the situation the victim is promoted to “press 1 on their handset to be connected to the caller”. They will then be connected to the caller, where they will be pressured into giving over personal information with the promise of a new National Insurance number. Unfortunately, the unsuspecting victims have been connected to a criminal who may use their personal details to commit fraud.

If you have provided personal details to someone over the phone and you now believe this to be a scam, contact your bank, building society and credit card company immediately and report it to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040.


Introducing data breach guidance for individuals and families

The National Cyber Security Centre (NCSC) warns the public of the threat to their personal data following cyber attacks or breaches after 46% of UK businesses reported incidents in the last yearNew guidance published on international Data Privacy Day encourages people to look out for suspicious emails and consider changing passwordsPublic encouraged to visit www.cyberaware.gov.uk for key advice on staying safe onlineCYBER security experts have today issued new guidance to help individuals avoid being scammed following data breaches against organisations.

U.K.’s University of Kent establishes cybersecurity and conflict institute

Targeted Phishing Attacks Strike High-Ranking Company Executives

TikTok Bug Could Have Exposed Users’ Profile Data and Phone Numbers

Cifas weekly coronavirus scam update – Covid vaccine bookings, Netflix phishing, M&S Facebook scam and Bitcoin

Attack of the clone firms: over £78 million stolen in ‘clone’ firm investment scams

Self Assessment customers warned about scammers posing as HMRC

NCA in international takedown of notorious malware Emotet

With a consistent rise in ransomware attacks, some with detrimental effects to organisations and businesses, it is more important that ever to educate yourselves and your organisations. But what exactly is a ransomware attack and how do you avoid becoming a target? Below is some advice from the NCSC around how to protect yourself against Ransomware attacks and what to do should you fall victim to one.

What is Ransomware?
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). A computer that is infected with ransomware may become locked or have its data stolen, encrypted or deleted by a malicious actor. Normally, the victim of such an attack will be asked to pay a ‘ransom’ in order to unlock the system/data or for the key to decrypt your stolen data.

Keeping your data and devices secure

Keep operating systems and apps up to date – Install all updates promptly as they contain ‘patches’ that aid in keeping your device secure.

Antivirus protection – Ensure that your system is equipped with a good quality antivirus software that is turned on and up-to-date. Many Windows and macOS devices have built in malware protection tools which are suitable for this purpose.

Be wary of what you download – Apps should only be downloaded from official app stores (i.e. Google Play or the Apple App Store), as these services are more likely to provide protection from malware’.

Avoid becoming a victim of blackmail!

Regularly backing-up your most recent and important files will reduce the ability for cyber criminals to blackmail you with the threat of deleting your data.Ensure the device containing your back-ups (e.g. a USB) is not permanently connected to your device. If your device becomes infected with ransomware it could potentially spread to these connected back-up devices.Turn on auto-backups, where available.

What to do if your device becomes infected?

Open your antivirus software and run a full scan – Follow instructions given. If your antivirus does not have the ability to clean your device, you will need to perform a ‘clean re-install’. This will remove all of your personal files, application and settings.

If you receive a phone call offering to help clean your computer system do not hand over any information – This is a common ruse used by criminals.

Should you pay the Ransom?
It is highly recommended you not pay any ransom demanded by cyber criminals. If a ransom is paid, the money is going to a criminal group with no guarantee of the return of your data/computer system and your computer will also still be infected after the payment is made.  This could likely make you a target in the future.

Weekly Threat Report

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Researchers at Netscout have uncovered over 14,000 Microsoft Remote Desktop Protocol (RDP) servers that could be abused by malicious individuals to amplify DDoS attack.

New malware takes advantage of WhatsApp’s auto-reply feature to spread itself.
Researchers ReBensk and Lukas Stefanko have reported a new malware that spreads by auto-replying to Whatsapp message conversations using a malicious link that leads to a false Huawei app.

If the recipient opens the link, they will then be taken to a mock Google Play  store where they can download the fraudulent app. When installed, this new app will request various permissions. If accepted, these permissions can aid malicious actors in bombarding devices with unwanted ads, subscribing the owner to services without permission and generally spying on the user and their activities. 

Misconfigured Cloud Server Exposes 66,000 Gamers

A misconfigured Elasticsearch cloud server resulted in thousands of individuals having their personal information exposed. A research team at WizCase found the open server with no password protection and zero encryption via a simple search. The server was tracked back to popular free-to-play card and board game platform VIPGames.com, a platform with 100,000 Google Play downloads.

DreamBus botnet targets enterprise apps running on Linux servers

The one latest threat to Linux servers is the DreamBus botnet.  This new threat is a variant of an older botnet called SystemMiner, which was first seen in 2019. However, this newer DreamBus version has seen numerous improvements compared to its predecessor. The botnet is currently targeting enterprise level apps that run on Linux servers such as Apache Spark, Hadoop YARN, SaltStack, HashiCorp Consul and the SSH service.

What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!

Virtual School and Education Cyber Aware Training Events

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.
Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Choices: Virtual School and Education Events 

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.
Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Aware – Training for staff: Sports Organisations
Join our monthly online webinars aimed at sports organisations and discover the latest attacks businesses are facing, the social engineering tactics being used to gain data and the latest awareness training that staff need to know.
Please note: All participants are screened before being invited to the event. Please use your corporate sports email address when registering.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040 
toreport and obtain advice about fraud or cyber crime

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.