Attackers placed Brewery job ads on recruitment sites worldwide to provide cover for their phishing emails

The phishing email delivering the ransomware that hit Arran Brewery this month was sent under the cover of CV spam, after the attackers placed a legitimate job advert for the brewery on recruitment sites worldwide.

The attackers demanded payment in bitcoin worth about £9,600 after the ransomware-bearing CV they sent was opened.

The ransomware locked staff at the Brewery out of computer systems, although the company declined to pay up and lost three months of sales data from one of its servers as a result.

“We advertise job vacancies on our website. One such job vacancy was for a credit control and finance assistant post, now filled. Out of the blue we started getting applicants for the post from all over the country and the world,” managing director Gerald Michaluk told the BBC.

The attackers had taken our website vacancy and posted it on some international jobs site. We were getting three of four emails a day, all with attached CVs.

He continued: “I assumed one of my colleagues had advertised the post. However, this was not the case.

The attackers had taken our website vacancy and posted it on some international jobs site. We were getting three of four emails a day, all with attached CVs. The virus was in among the genuine job seekers, and when the CV was opened it took effect.”

Michaluk has spoken out about the attack in the hope that other organisations will be more aware of the early signs of an attack, and be able to act before they get struck.

He added: “I hope if anyone finds themselves in a similar position they can recognise the modus operandi of these bandits and not have the same issues we have had.”

The Brewery, based on the Isle of Arran in the Clyde estuary, made a “brave” decision, according to Barry Shteiman, vice president of research and innovation at security intelligence company Exabeam. He suggested that, more commonly, organisations pay-up if recovery looks more expensive and time consuming than simply paying up.

Caroline Seymour, director of product marketing at Zerto, suggested that half of all organisations have suffered some form of “unrecoverable data event” in the last three years. Organisations therefore need not just to ensure that they have robust security and up-to-date back-ups in place, but to test them, too.

Article from Computing.co.uk

The Situation!

I was recently called into a client because a Windows server had failed knocking one of their key websites off the internet. Attending site I had great difficulty accessing the server, and after much work (which I’ll detail below), I was confronted with a message like the above, and discovered all files stored on the server were encrypted with the .bip file extension, problems were made worse by the fact that all files within the Program Files folder were also encrypted.

A quick Google discovered that the Server had become infected with the .Bip Dharma Ransomware. Examining the backups the server made, because they were online backups, the Ransomware had reached out an begun encrypting the backups as well. Fortunately, much of the data was also stored offline, but these backups were some weeks old.

Further Problems!

The server in question was acting as a Web and File Server for their office, and access to it was restricted by Active Directory, the files for which were within the Program Files folder, and were also encrypted. So the only way I could gain access to the server at all, was through use of the Active Directory Recovery Mode, which also restricted what could be done on the Server.

For example, while the server was in this mode, I was not allowed to remove the Active Directory access restrictions which were not allowing me to login as Administrator. However, it’s access did allow me enough access to be able to work on it.

How I dealt with the problem!

First of all I reached to Google, and to remove the Ransomware everyone seemed to recommend . . .

Spyhunter

Which does indeed get rid of the Ransomware, and in fact what I downloaded and installed to ensure that no further harm was done.

However, Spyhunter when you download it, only Detects the problem, it will not remove it unless you pay for the subscription. There seems currently to be no better way of removing the .Bip Dharma Ransomware infection.

I ran this and cleansed the computer of the infection. However, all the files were still encrypted and useless.

Numerous sites recommend looking for deleted files, and trying various decryption programs. However, none of these worked on the variant that this server had become encrypted by, in fact none of them recognised the .bip file extension as being one connected with Ransomware at all.

I followed advice and scanned the computer for deleted files, hoping that when the ransomware encrypted and then deleted each file, that the original may have remained in a recoverable state, but this was all for naught.

With all the latest files remaining encrypted, and Windows not being operable with the contents of the Program Files folder being encrypted and unusable, we came to the decision to put the server back into use, with the existing backup files, but to store all of the encrypted files in case in the future decryption tools become available. So we took a backup of the server, formatted it, and restored the files from old backups. Configuring the system, with new passwords in case any of the data such as passwords had been sent to the author of the Ransomware while it was operating.

Recommended Plan to Deal with 
.Bip Dharma Ransomware

1: Remove the Ransomware with Spyhunter or the like.

2: Backup all encrypted files for possible decryption in the future.

3: Format the machine completely, and set up from scratch using any pre-infection backups you have.

4: Change all passwords stored or used on that machine.

5: Backup, Backup, Backup!

A short Explanation & Introduction

In running both this site and the number of others we do, we’re often contacted by people asking to be mentioned in a blog or article, and usually they’re nothing to do with the subject of the site they’re asking to be on, and are not offering any value or any quality experience to our visitors.

So on monday this week I was contacted by David of PikWizard, and I expected much of the same and very nearly hit delete on his email out of hand. However, David was asking politely, he’d chosen one of my articles (http://www.scruffydug.com/articles/free-stuff/ which was relevant to his site) and actually seemed to understand the situation from my side, so I checked out his site . . . . And it’s great.

It went straight into my bookmarks, and although all he was asking for was a mention on the site, I got back in touch with him and said if he wrote a wee article, I’d publish it on here.

As for PikWizard, I’m impressed and I’m sure you will be too if you check it out, I’m not sure the value my word carries, but I highly recommend PikWizard.

So over to David.

Sensational Stock Photos: introducing PikWizard

Visuals are becoming increasingly important in today’s digital marketing world.

After all, while written content will always have a part to play in things like audience engagement, and SEO, the truth is that pictures are what grab an audience’s attention and convince them to take notice. That’s because the human brain is hard-wired to notice images, whether it’s a snapshot of someone’s Instagram lunch or a picture of a cute puppy. Just look at the statistics for instance:

• 37% of marketers suggest that visual marketing is currently the second most important content for their business. While blogging came in first, even your blogs need pictures to thrive – after all, who wants to read a block of text with no images?
• 74% of social media marketers use visual assets in their campaigns – that makes pictures more valuable than videos and blogs for the social world.
• People who see an image paired with information retain up to 65% of that data three days later – combined to only 10% for people who absorb information with no imagery.

Where Does PikWizard Come In?

The biggest problem with being image-focused on the internet is the fact that most companies today simply don’t have the time or the resources to create their own images from scratch. If you don’t have a professional photographer on the payroll, it can feel as though the only other option is to resort to cheesy stock photos that you seem to see on every other blog or web page.

Of course, as any website owner will know, those dime-a-dozen stock images just aren’t enough to get the loyalty and attention of your target audience. You need stunning images that are unique, authentic – and most importantly, free to use. That’s where PikWizard comes in.

As one of the more recent photo sites on the web today, PikWizard are storming to the head of the visual pack with more than 100,000 high-quality images, including 20,000 that are entirely exclusive to their website. The great thing about these pictures is that they’re not the same old boring stock photos you’ll find everywhere else. They’re fresh, interesting, and compelling pictures designed to grab your audience’s attention and create conversions.

Fantastic Quality and Free to Use

If you’ve ever found yourself on the hunt for a stock photo website before, you’ll know how difficult it can be to find a company that offers the incredible pictures you want for your website, blog, or social media campaigns. On Pikwizard.com, not only are the images available first-class, but they’re also available to suit a range of niches and industries. All you need to do is search for the keywords that are appropriate to your content, and PikWizard will do the rest.

Additionally, it’s worth noting that the PikWizard photographs you’ll find are completely free to use, without attributions. That means that you can distribute, modify, copy, and play with the work, all without having to apply for permission.

PikWizard delivers natural, high-quality photos in a world of people laughing at salads and forced-looking boardroom snaps. Discover the visuals you’ve been searching for, and bring value back to your content.

So the phone rang…

Today I had an interesting little call, I cut it short because I know the script, but I’ll go through it anyway.

My house phone rang, meaning it was likely a sales call as everyone I know uses mobiles now, and I answered it. James, claiming to be from Microsoft in London (although refused to comment on the weather when asked) told me my computer was full of malware.

Asking me to sit down at my computer, which I already was, he asked me to open a command window (by holding the windows key then typing CMD), and run assoc, which brings up a list of file associations.

He then claims one near the bottom is my windows key, which only Microsoft and I have.

.zfsendtotarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

And then instructs me on how to open up the event viewer, and tells me how bad the number of errors is and how that’s the malware doing it.

At this point I told him that I was busy and didn’t have time to play with him anymore, that he was committing a crime under UK law and to not call again.

The end of the call, is then they direct you to a website to download a remote access program so they can log into your computer and access your files.

What’s really going on?

When you bring up the list of File Associations, what they point out to you is the zfsendtotarget, the ZF stands for Zip File, and this is not your user key, it’s connected with your context menu in folders, if you right click some files in a folder, one of the options will be Send to, and beneath that will be Zipped Files. This key they’re telling you is shared by around 90% of Windows computers, so they’re making a fairly confident guess that yours will be among them.

The Events log isn’t a log of Malware, its a list of pretty much everything your computer is doings that it thinks is worthwhile, everyone has loads of things on it, and some of them sound scary (but aren’t really).

This is just a scammer trying to get access to your computer, but that’s no who you’re talking to. You’re actually speaking to a Call Centre employee, who’s working from a script.

What to do?

Simply put,

1. Tell the guy you know that this is a scam.
2. Tell the guy you know that this is a crime.
3. Hang up.
4. DO NOT EVER INSTALL ANY SOFTWARE REQUESTED BY SOMEONE PHONING YOU UP.

Well, I did this last year, and I’m a little late doing it again, but lets have a look at the updated list of passwords popular last year.

The top 25 passwords on the 2017 list.

1. 123456 (Unchanged)

2. Password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 2)

5. 12345 (Down 2)

6. 123456789 (New)

7. letmein (New)

8. 1234567 (Unchanged)

9. football (Down 4)

10. iloveyou (New)

11. admin (Up 4)

12. welcome (Unchanged)

13. monkey (New)

14. login (Down 3)

15. abc123 (Down 1)

16. starwars (New)

17. 123123 (New)

18. dragon (Up 1)

19. passw0rd (Down 1)

20. master (Up 1)

21. hello (New)

22. freedom (New)

23. whatever (New)

24. qazwsx (New)

25. trustno1 (New)

Well, there’s a few new ones in the list, but the most popular ones still haven’t changed.
While I’m a big lover of Star Wars, I’d never use it as a password, and while it’s kind of sweet iloveyou has jumped in at number 10, never ever use it.

The top 10 is filled with ridiculously easy to guess words and arrangements of letters and numbers from the keyboard, and it seems some people never learn.

Anyway, to copy/paste from last year.

“So if your password is on this list, obviously change it, choose something personal, and then stick random capitals in it and some numbers somewhere, and it should be pretty safe, but if you’re sticking with something obvious, you’re just asking for your email account to be hacked.”

I received the below through my personal email this morning, it’s obvious spam, and perhaps even more obviously a phishing attempt. 

What is it?

The image is sent instead of text, as the text contained within cannot be scanned by automatic systems for the scammy content it contains, but the intent is clear to anyone reading the content, it wants the reader to believe that they’ve won money. They want the reader to contact them to get the money, and then they want the reader to give them some money to authorise payment, or to pay lawyers to deal with the taxes due or some such excuse.

What they want is the reader to believe that to get access to millions, they need only hand over a few hundred dollars, a small amount in comparison. You’ll never get any money, but if you pay the first amount of cash, they’ll continue to milk you for every penny they can get, with follow up fees, banking charges, etc, etc. They’ll pretend to be lawyers, and bankers, and hell they’ll even eventually pretend to be police who need a small fee to return your stolen money to you. They’ll set up different email addresses, pretend to be in different countries and try all sorts of tricks to keep the cash flowing, hell they’ll even ask for the price of airline tickets so they can meet with you at the airport and deliver the cash personally.

In the worst cases, they’ve arranged for their prey to visit their home countries, often in Africa or the former Soviet states, and people have actually been kidnapped and ransomed back to their families for the last bit of money.

But wait a second!

If these criminals go to these lengths to pretend to be different people, and try all sorts of tricks, why is the text on the email so bad. They claim to be representing Google and Micro Soft (notice it’s two different words not the singular Microsoft, that the company actually uses), but their using a yandex email account (a chinese search engine company), and the text mentions that the Yahoo prize award needs to be claimed, and then in the blurb at the bottom of the page, it’s the National Lottery International Promotion (is it National or International, they don’t seem sure). So which company are they actually from? Yahoo? Google? Micro Soft? Yandex?

And the mistakes don’t end there, the prize must be claimed in “28th days”, the agent you’ve to contact is Mr Clara Walters, and the address is in California, but the phone code is +27, which connects to South Africa. And while I’m certainly in no position to comment on people’s handwriting, the signature seems to have the initial R, and the Surname seems to start with an A, but the name given is Anna Brown, which even the most generous reading wouldn’t match the two together.

Oh, and you’ve to use the phone numbers and emails given within the email, not reply, because even though they claim to only award 6 people every six years, the reply address is “not read my human but computer”

These criminals aren’t native english speakers, and to give them credit, they’ve done a better job of making a fake letter in english, than I could in their language, but it actually seems that they leave these mistakes on purpose.

Why?

Because anyone who doesn’t see these mistakes, and isn’t being very skeptical by this point, is more likely to fall for their scams and tricks. Sadly those who are most vulnerable are those who probably are the most likely to fall for them, and the least likely to be able to afford to be scammed in this way.

So what should I do!

Let people know about these scams, warn people, show them scams you’ve received (like I’m doing), and make it easier for people to recognise the signs and to protect themselves from the scammers and criminals.

What posts should you make on your Social Media?

As I mentioned in my post on How to grow your twitter, one of the main things you need to do in your social marketing through Twitter (and Facebook, Linked In and Google+) is set a schedule, but what should you put in that schedule.

How many times should you post?

That totally depends on what you’re trying to do. If you’re trying to grow your audience, then research shows that the more times you post, the quicker your audience will grow. It’s that simple, the more interesting stuff you put out there, the more followers you’ll get.

6-8 posts per day seems to be the most popular, personally I only do 4 per day as more than that just seems excessive to me, but research says I’m wrong.

The answer here, is simply to set the balance between as many as you can, but few enough so you can cope with creating this level of content week after week, since the aim here is consistency. If you’re going to commit to doing this, make sure you can set aside the time, and cope with the extra workload. If it’s going to take an hour a week to set up a weeks worth of 4 posts per day, then 8 is obviously going to need at least 2 hours a week, and if you’re not a dedicated Social Media Manager, then finding an extra 2 hours each week in addition to your normal work, may prove difficult.

Well, let us set down some rules.

Firstly, people don’t like adverts. If all you’re going to post is post after post selling your business, then sorry people won’t want to read that. What they want is entertained, amused, stimulated and engaged. The general belief is that you shouldn’t post more than 20% of your content as adverts. So if you’re going to post 5 times a day, we’ve got one of those posts covered, and that’s going to be general posts on services you provide, work you’ve done, blog postings you’ve made, etc.

Secondly, with Twitter especially, and it’s 140 character limit you’re going to want to use images. When you’ve got the choice of capturing someone’s attention with a nice colourful large picture (or other graphic design) or just 140 characters of text, you’re going to want to use the images as much as possible.

Thirdly, unless you’re going to create a lot of content you’re going to need to promote other peoples work to engage your audience, and you should be generous with the praise for this. Find content you like, and you think connects with your particular audience and link to it.

Offers and Giveaways!

The best way to gain followers on Social Media is to give something away, whether it’s money off, or something completely free, everyone loves something for nothing.

There are two approaches to this, firstly to give something away like a free consultation, something you most likely wouldn’t charge much or at all for. You could write an ebook or white paper, digging into a problem your audience might have problems with, and giving them the solution. If they trust you as a source of information, then they’re likely to trust you enough to become a customer.

Secondly, to give away something that gives a discount on your products (or even offers products or services completely free). The secret to this is that you’re not giving something away for free.

When you’re offering a discount, then really all you’re doing is putting the advertising cost for selling that product straight into the hands of the customer. If you’re giving something away completely free, you want something back for that.  So in reality “1 free with every 5 bought” means, I want to sell 5 and the cost I’m willing to pay to sell them is the price of 1. Or “1 free to our 10,000th follower” means, to get 10,000 followers I’m willing to pay the price of 1 of our products.

Remember, to ask people to share your giveaways to their friends, as this will definitely help in the rapid growth of your social media, as these friends will likely follow to see if any other offers are to follow.

Engaging your Audience!

Social media isn’t just about you broadcasting your posts to an audience, social media is about engaging with an audience, and that involves two way communication, the easiest of which is to ask questions.

Post polls, quizzes, and ask questions of your audience, and interact with them. From the simple, “What’s the best book you’ve read recently?”, through to honest questions “Does anyone recommend any accounting software?”, people are more than happy to talk, and it’s a free resource of research and information for anything you might want to know.

Other Ideas for content!

Here’s a list of other things you can use to engage your audience.

• Pictures: Personally I travel to clients a lot, and I’m lucky that Scotland is quite picturesque, so I take pictures and post them, but you do you.
• Quotes: Humorous, inspiring or motivational quotes are greatly loved and very re-postable.
• Polls: As mentioned above, people love to be asked things, they love to speak. So ask them things.
• Share a helpful resource: Any websites or online tools you’ve used, let people know. And the vendor might retweet or link to you, increasing your exposure.
• Recommend your favorite products: Something either business related or just personal, let the world know, be kind with your praise, and hopefully others will be just as kind back in praise for you.
• Ask for advice: As mentioned above, your followers are likely interested in your business sector, so ask them about things, what software they use, how to solve a particular problem. People love to share, and it can be useful and informative.
• Take a trip down memory lane: If your business has been around for a while, maybe you’ve got old photographs of the office showing 80’s fashions, or maybe old logos and products, show them off, people might remember and love seeing them again.
• Share a comic or meme: These spread across social media because people love them, so share that love, and you may feel some back.
• Share a news article: Anything in your sector interest you, share that, maybe just share your opinions on world news (nothing too controversial though, unless that’s the direction you want to go in!).
• Ask your fans for content ideas: What do your followers want to see? What problems do they have that you could answer, ask them, and see what you get back. If you get a reputation for being helpful and responsive to your followers needs, that’s a great reputation to have.
• Find out what your competitors are sharing, and do it better: Check out others in your sector, and find out what they’re posting. And then quite simply, put your own spin on it and do it better in your own unique way.

Summary

When you think about filling 4 or 5 posts a day, every day, it feels somewhat daunting, that could be as many as 35 posts to come up with Every Week.

But if you break it down into doing a news post every day at 12, a meme at 3, a question at 5, etc. Then looking through your sectors news, for 7 posts in across the week, can be done in 5 minutes work. Finding some funny memes from your favourite sources, the work of mere moments, and a few questions, that’s easy.

Once you’ve broken it down into organised smaller chunks, you’ll be able to prepare your weeks social media in only an hour or so. Make that routine and keep to it.

It’s the question that you’ll ask yourself when you’re building a website, or getting one built for you.

The short answer is . . .

NO!

The long answer is . . . 

Maybe . . . for now . . . but not it’s not finished finished.

You website is like your shop window to the world, it may contain the items that are of interest today, but you’ll change your product range, you’ll change the way you want to promote things. And even if you don’t actually sell physical products, maybe you are a hotel, or maybe you sell your own skills and services, things will change. You’ll redecorate, the local amenities will change, you’ll find new services to sell and promote.

Another thing worth remembering is legalities, sometimes mail order legislation will change, or other things (remember the European Legislation which required all websites using cookies to inform you of that fact?) Also text explaining that which seemed important at the time (“New laws introduced in 2005 say . . . ” would look terribly out of day today), and the wording may need updated to keep your website current.

All of this means that your website is going to end up out of date, and is going to need to be updated. 

Under Construction!

In the late 90’s, early 2000’s, lots of websites marked themselves as “Under Construction”, to let visitors know that they weren’t finished and there was more to come.

But really, that should be taken for granted, and is mainly taken as that these days. When Amazon adds a new category (Selling Cars or whatever), visitors aren’t confused (“Wait a second, they didn’t used to sell cars, what’s going on, they should have warned me their product list wasn’t totally complete!”), they take it for granted that more and more options will be added to websites. In fact most people visit websites on a regular basis for their new content and features (imagine a news website which never updated?).

So how often should I change my site?

Well often enough to keep it up to date seems the obvious answer, if you release a new catalogue of products every 6 months, then change it every six months. But the important thing is, to schedule when you’re going to do it, or at least when you’re going to check if it needs to be updated. If you’ve a list of team members on there, how long do you want new ones missing off the list, or ones who have left remaining on there? Maybe your colours have changed, maybe your site was cool six months ago, but looks hideously outdated now (some design trends go out of style as quickly as they come into it).

Set a schedule, mark it in your diary, and then keep to it. Check what’s changed, and get it updated.

Who should update my site?

If you built the site yourself, then the answer is obviously you. However if you’ve contracted a supplier to build you a site, then the answer isn’t quite as clear.

Most good web design companies will support you, at least for the first year, and possibly afterwards with some kind of support contract. This will allow updates to be made on a regular basis, usually free of charge. However, some companies (usually in an effort to give you the best price upfront) will skip the support part of the contract, and would charge you for any updates. Yet others will charge you for an entire new site if you want it updated (fortunately these are few and far between).

If in doubt ask whoever did the website for you, they should be only too happy to let you know.

Summary

Unless your website is extremely simple (like an online business card), it’s going to need updated, probably regularly. Set a schedule to check if anything needs updated, exactly the same way a store will check their shop window to see if everything is up to date and fresh. Your website will serve you best if it doesn’t look outdated and isn’t full of inaccurate information.

How do you set up a site for Hotel Bookings?

There are loads of different ways of setting up a hotel booking website, but the way I’m going to shop you involves WordPress and WooCommerce, so you’ll need to set those up by following the instructions for setting up WordPress and WooCommerce.

So once you’ve got the site up and running, and WooCommerce up and ready to accept sales, all you need to do is change WooCommerce from selling items, to booking rooms, and this is done through the Woocommerce Easy Booking PlugIn.

So head back to your sites PlugIn section, and search for WooCommerce Easy Booking, following the instructions to install and activate it.

Configuring WooCommerce Easy Booking

Easy Booking adds some settings to WooCommerce, mainly about how people will book dates (by the night is standard), and whether the week starts on a Sunday or Monday, these should be simple to set up, and will depend on how you do business.

Setting up your Rooms

Because all we’re doing is changing selling products by the quantity, to rooms by the night here, you’ll need to add your rooms as Products. When you go into new product in WooCommerce, you’ll notice a new product category next the others just beneath the product description box. This category is “Bookable”, this allows you to set the Bookings Tab beneath, which allows settings from the configuration to be changed on a by product basis. Once the price is set, and the product saved out, you’ll notice in your “shop” in WooCommerce, that the room can now be booked, and dates selected for when the customer wants to book the room.

It’s really that straight-forwards

The difficult part was setting up the shop really, and WooCommerce Easy Booking makes everything super easy to configure your hotel booking site.

Things worth thinking about, are possibly getting the plug-in which automatically blocks off dates when booked (so you don’t get double bookings, but you can do that manually if the site isn’t that busy.

If you’ve any questions about this article, or need any help with anything, just get in contact with us.