FluBot malware poses as Flash Player app
FluBot represents a formidable banking malware that cunningly preys on Android phone users, aiming to gain unauthorized access to their banking credentials. This insidious attacker employs a clever strategy of superimposing deceptively genuine-looking login forms onto the interfaces of numerous banking apps globally. By resorting to tactics like smishing (SMS phishing), counterfeit security updates, fake Adobe Flash Players, voicemail memos, and even disguising itself as parcel delivery notifications, FluBot cleverly spreads its malevolent influence. Once it infiltrates your device, this malicious software stealthily pilfers your online banking credentials, intercepts or sends SMS messages (including those containing one-time passwords), and stealthily captures screenshots, all while remaining undetected. To compound matters, FluBot also shamelessly propagates itself by sending smishing messages to all your contacts, putting them at risk as well. It’s worth noting that even your most trusted contacts, be it friends or family, can inadvertently facilitate the spread of this malevolent software. Hence, exercise utmost caution when encountering an unexpected SMS urging you to click on a URL, as it is likely a clever ruse created by FluBot. To fortify the security of your Android device, we strongly advise against installing APK files from unfamiliar sources. Regularly verifying the activation of Google Play Protect and leveraging a reliable mobile security solution from a reputable vendor are further essential precautions you should take. Remain vigilant and fortify yourself against the treacherous grasp of FluBot.
FinalSite ransomware attack shuts down thousands of school websites
FinalSite, the leading provider of website services for schools, recently experienced a ransomware attack that impacted educational institutions worldwide, including those in Australia. With a client base of over 8,000 schools spanning across 115 countries, FinalSite offers comprehensive website design, hosting, and content management solutions for K-12 districts and universities. Unfortunately, this attack caused disruptions for schools trying to access their websites, leaving them with errors or unavailable pages. School IT administrators were left in the dark about when services would be restored, forcing them to inform parents via email. We apologize for any inconvenience caused by this issue. As a result, our website is currently unavailable due to a problem with our service provider. In addition to these website outages, schools were unable to send closure notifications for weather or COVID-19 protocols. Many districts rely on emergency notification systems to inform communities of closures, but this attack hindered their ability to do so. We understand the stress and frustration this has caused for your organizations, and we sincerely apologize for the lengthy outage. Although progress has been made to bring all websites back online, full restoration has taken longer than anticipated, as FinalSite prioritizes a secure and thorough recovery process. We appreciate your patience and continued support during this time.
Night Sky is the latest ransomware targeting corporate networks
It’s a new year, and with it comes a new ransomware to keep an eye on called ‘Night Sky’ that targets corporate networks and steals data in double-extortion attacks.
One of the victims has received an initial ransom demand of $800,000 to obtain a decryptor and for stolen data not to be published.
When launched, the ransomware will encrypt all files except those ending with the .dll or .exe file extensions. The ransomware will also not encrypt files or folders in the list below:
AppData
Boot
Windows
Windows.old
Tor Browser
Internet Explorer
Google
Opera
Opera Software
Mozilla
Mozilla Firefox
$Recycle.Bin
ProgramData
All Users
autorun.inf
boot.ini
bootfont.bin
bootsect.bak
bootmgr
bootmgr.efi
bootmgfw.efi
desktop.ini
iconcache.db
ntldr
ntuser.dat
ntuser.dat.log
ntuser.ini
thumbs.db
Program Files
Program Files (x86)
#recycleWhen encrypting files, Night Sky will append the .nightsky extension to encrypted file names, as shown in the image below.
In each folder a ransom note named NightSkyReadMe.hta contains information related to what was stolen, contact emails, and hard coded credentials to the victim’s negotiation page.
Instead of using a Tor site to communicate with victims, Night Sky uses email addresses and a clear web website running Rocket.Chat. The credentials are used to log in to the Rocket.Chat URL provided in the ransom note.
Double-extortion tactic
A common tactic used by ransomware operations is to steal unencrypted data from victims before encrypting devices on the network.
The threat actors then use this stolen data in a “double-extortion” strategy, where they threaten to leak the data if a ransom is not paid.
To leak victim’s data, Night Sky has created a Tor data leak site that currently includes two victims, one from Bangladesh and another from Japan.
Click for more about our Virus Removal Services
What our Clients Say
Daniel G
2024-01-15
Digby was a great help fixing a number of mistakes (and the effects of the same) I had unwittingly made with permissions on my laptop and communication between external drives. Would highly recommend!
Pancho Villa
2024-01-12
I had my sons MAC book repaired by Digby. Digby was very thorough and professional in his approach and communication. He quoted a fair price and undertook the repairs on time. I would highly recommend.
Andrew Bruce
2023-12-28
Digby provided a high quality service in uograge my computer after backing up and reinstalling my data, folders and files. He met his time and cost quotes and the machine is fully up and operational.
I cannot praise digby'd service too highly.
Inez McQuillin
2023-12-24
Thanks for the excellent service
Almas Nurlybekuly
2023-12-21
Hi All,
I do not usually write the reviews, but this time I would like to thank Perth Computer Repairs for the provided service.
I bought computer from my previous employer and I wanted to do a fresh installation of Windows. I tried to do it myself at first, but could not re-install the windows due to the security an error which said: "There is an error. Cannot connect the Windows Server while booting."
Then, quickly looked at the highest rated computer repair service near me. Called them, got the good repair cost. Dropped computer and got it fixed quickly.
The owner is very laid back and nice person. Very competitive price and very quality service. Definitely a place to trust.
Currently, enjoying my fresh Windows install. Thank you very much!
Greg Reid
2023-12-14
I tell you if you want honest service, no bull call Digby, he's your man.
Virginie Chetty
2023-12-12
Digby sourced and setup my new laptop exactly to my needs so that I can remotely access my work computer.
Dianne Casella
2023-11-21
Digby was efficient, thorough and very helpful in moving me forward with my computer concerns. I am very grateful to have been able to utilise Perth Computer Repairs.
Eric Brain
2023-11-16
Good value repair of my son's pc. Would recommend.
Gwyn [email protected]
2023-11-13
This man is so patient - me being somewhat of an older generation and not tech savvy - he helped navigate through a printer problem and certainly recommend him to anyone with computer issues!