Monthly Archives: November 2013

2012-2013 figures issued for reported physical assaults against NHS staff

NHS Protect today released the 2012-2013 figures for reported physical assaults against NHS staff in England.

The figures were collated from 341 health bodies across the country, and show that the number of criminal sanctions following reported assaults has risen by 201, from 1,257 to 1,458 – a rise of 15.9%.

Overall, there was a rise of 5.8% in total reported assaults from 59,744 in 2011-2012 to 63,199 in 2012-2013.

A detailed breakdown of the figures can be found at:

Richard Hampton: head of local support and development services at NHS Protect

Richard Hampton: head of local support and development services at NHS Protect

Richard Hampton, the head of local support and development services at NHS Protect, commented: “NHS staff should expect to be able to provide care in a safe environment, free from violence and physical assault. NHS Protect urges employers to take firm action in all cases of assault against NHS staff.”
Hampton added: “We urge all NHS staff to report assault and acts of violence against them. Employers must do all they can to support staff in preventing incidents and pursuing offenders.”

What health bodies need to do

NHS Protect urges health bodies to:

• Take advantage of the joint working agreement with the Association of Chief Police Officers and the Crown Prosecution Service and use existing guidance to pursue local arrangements building on this national agreement – to ensure criminal assaults are identified and do not go unpunished

• Seek advice from the enhanced network of NHS Protect’s Area Security Management Specialists (ASMSs). They give guidance to Local Security Management Specialists (LSMSs) and assist in assessing risks of violence, addressing these through prevention work and pursuing legal action when assaults do occur

• Ensure staff are trained to use available powers to respond decisively to low level nuisance behaviour before it escalates into violence against staff (these powers are available under the Criminal Justice and Immigration Act 2008)

• Be aware that NHS Protect has been included in the forthcoming Anti-Social Behaviour, Crime and Policing Bill in order to provide new tools for dealing with persistent anti-social behaviour within the NHS

• Note that NHS Protect’s new guidance: ‘Meeting Needs and Reducing Distress: Guidance on the Prevention and Management of Clinically Related Challenging Behaviour in NHS Settings’ is to be launched shortly and aims to provide NHS staff with the tools to de-escalate and reduce challenging behaviour within the National Health Service

Leave a comment

Filed under News

Christmas shoppers warned to be vigilant when buying online

Action Fraud, the City of London Police and Get Safe Online are warning consumers to take extra care when shopping online for tablets, games consoles, electrical items and other Christmas gifts.

Last Christmas, fraudsters conned consumers out of more than £12 million through online shopping and auction scams. Action Fraud received more than 10,000 reports, with the average loss to victims more than £1,700.

Record numbers are expected to log-on for Christmas shopping this year, in turn creating opportunities for retailers and bargain hunters but also presenting opportunities for fraudsters.

Last year, fraudsters conned consumers out of more than £12 million over Christmas through online shopping and auction scams

Last year, fraudsters conned consumers out of more than £12 million over Christmas through online shopping and auction scams

Security minister James Brokenshire said: “We are taking the fight to cyber criminals with the newly-created National Cyber Crime Unit, which is part of the National Crime Agency, but the public should also stay vigilant to ensure they don’t lose their hard-earned money on fakes and frauds. Following straightforward steps while shopping online will help the public to avoid cyber fraudsters.”

Brokenshire added: “Shoppers can find great bargains online ahead of Christmas, and this time of year provides a welcome boost to retailers, but shoppers should remember if something looks too good to be true that’s often the case.”

Looking out for the warning signs

Action Fraud experts say that even the most confident online shopper can be caught out by professional fraudsters. Fraudsters often target vulnerable shoppers who are unsure in using modern technology.

Consumers should look out for the warning signs that a website may not be secure. Action Fraud, Get Safe Online and the City of London Police (who run the National Fraud Intelligence Bureau) encourage online shoppers to be particularly careful when using new websites and sites that offer deals that look too good to be true.

By following these simple tips you can keep fraudsters at bay this Christmas:

1. Trust your instincts: if an offer looks too good to be true it usually is. Legitimate popular technology and designer items are rarely discounted
2. Check the URL in the web browser. Don’t be fooled by spoof websites where the address is slightly different
3. Ensure the website address begins ‘https’ at the payment stage (this indicates a secure payment)
4. Don’t access links in unsolicited e-mails. Always type in the website address or use a search engine to find a site
5. Only deal with reputable sellers. Only use sites you know or ones that have been recommended to you
6. Avoid paying by money transfers direct to people you don’t know. Use an online payment option such as PayPal which helps to protect you
7. Watch out for pop-ups appearing asking you to confirm your card details before you’re on the payment stage. Never enter your PIN number online
8. If your bid for an online auction item is unsuccessful, don’t be tempted to trade off-site if another seller approaches you with a similar item. This is likely to be a scam and you will not be covered
9. Keep security software and firewalls up-to-date. Regularly update your Internet browser when a new patch (security update) is released
10. Keep receipts and check these against your statement. If you spot a transaction you did not authorise speak to your card company immediately.

Scams change and adapt

Tony Neate, CEO of Get Safe Online, said: “£12.4 million is a huge amount of money to be lost to online fraud but, unfortunately, it’s the type of figure I see every year. The problem is, scams change and adapt as trends come and go. Scammers have also become more sophisticated as we get wiser to what is and isn’t legitimate so it’s understandable that people sometimes get caught out.”

Neate added: “We know how busy and stressful Christmas can be so we don’t want to overwhelm people with complicated advice, but we urge consumers to keep the basics in mind as a good preventative measure. It’s easy to get carried away when you spot a bargain online for that gift you’ve been all over the High Street trying to find, but take a step back and think before you buy it. Is it too good to be true?”

Detective Chief Superintendent Dave Clark, director of the National Fraud Intelligence Bureau, commented: “Online shopping has revolutionised the way in which we buy our Christmas presents, with each year more and more people choosing to search for gifts over the Internet rather than heading to the shops. However, the result is that online fraud is top of the festive scam list.”

He continued: “To reverse this trend, we all need to be extra careful about what we’re buying online and from whom, especially if it is popular technology at a reduced price. By carrying out all the necessary checks you should guarantee that your presents will be enjoyed by friends and family and not lost to fraudsters.”

Items most at risk from fraud

Based on an analysis from last year, the items most sought after – and therefore most at risk from fraud – are smart phones. However, electronic goods in general, including computers, tablets, laptops, games consoles and e-readers were also very popular.

In January, the Government and partners will be launching a new campaign to increase public and small and medium enterprises’ confidence online by helping them to adopt simple changes to their online behaviour.

Private sector partners who have joined the campaign include Financial Fraud Action UK, Sophos, the RBS Group, Trend Micro and Facebook who are providing investment and support.

If you or someone you know has been a victim of this type of fraud, report it to Action Fraud so that the incident can be passed to the police.

Christmas shopping tips from Get Safe Online

Leave a comment

Filed under News

MITIE awarded security contract with Arup

MITIE has been awarded a security services contract with Arup, the global professional services firm providing engineering, design, planning and consulting services for all aspects of the built environment.

MITIE’s Total Security Management (TSM) business was successful based on its experience in the corporate security sector, in addition to innovative offerings such as its online operational platform MiTSM.

The contract will see MITIE providing highly skilled people to Arup in order to protect the latter’s members of staff and assets.

MITIE TSM has won the contract to provide security for Arup. Credit: Ed Robinson/OneRedEye

MITIE TSM has won the contract to provide security for Arup. Credit: Ed Robinson/OneRedEye

In addition, MITIE will provide its market-leading security manager and resilience tool (SMART) software to create a consistent approach across Arup’s estate of buildings.

Bob Forsyth, managing director of MITIE’s TSM business, commented: “We’re delighted to be partnering with Arup to provide our comprehensive security services. We’ll be integrating our manpower and latest technological innovations to create an extensive security provision.”

Forsyth concluded: “This is a sector we know well, and we’ll be using our experts to drive results and the most effective forms of security.”

Leave a comment

Filed under Uncategorized

Security Industry Authority to cease paper-based licence applications

In January 2014, the Security Industry Authority will stop issuing paper-based licence applications.

For individuals, the only way to apply for a new licence will be to fill in their application online at the SIA’s website. They will then be told which identity and other documents to take to one of over 750 Post Offices around the country in order to complete their application.

The Post Office will complete licence applications by:

• Checking and returning the applicant’s documents
• Taking a digital photograph and an electronic signature
• Taking payment of the application fee

The applicant’s photograph and signature are sent to the SIA electronically by the Post Office. The SIA will then add them to the application information already received and continue with its checks, just as it does today.

The service with the Post Office makes applying for a new SIA licence easier and cheaper. Most applicants will no longer need to post valuable documents and supply a photograph, which can be both costly and inconvenient.

Individuals renewing their licence can use the SIA’s telephone renewals service, as is the case at present.

What does this mean for businesses?

For businesses, the SIA will continue to offer the bulk application service – a service used by companies to manage the completion and submission of new applications on behalf of their employees. However, to use this facility the registered company sponsor will be expected to apply for an exemption.

The SIA’s Business Support Team will be contacting registered company sponsors to discuss the exemption process with them.

The SIA’s e-Renewals service – which allows companies to renew SIA licences, or apply for additional licences on behalf of their staff – will continue and company sponsors for this service will continue to be accepted by the SIA.

Charlotte Jennings, deputy director of operations at the Regulator, said: “The private security industry has been telling us for some time that it wants a faster and more efficient method of applying for new licences. We have listened to the industry and worked with it to introduce the new application service with the Post Office, which was launched in July 2013.”

Jennings continued: “The SIA is committed to providing an easier, cheaper and quicker service to all applicants. The move away from paper-based applications is a crucial step in achieving that. The face to face element of the new service will reduce errors, which can cause applications to be rejected, and will also help to discourage fraud.”

Leave a comment

Filed under News

UK companies “must do more” to tackle cyber threat

The UK’s top companies are not considering cyber risks in their decision-making processes, a new survey has revealed.

The Department for Business, Innovation & Skills’ survey of FTSE 350 companies shows that only 14% are regularly considering cyber threats, with a significant number not receiving any intelligence about cyber criminals.

However, 62% of companies think their Board members are taking the cyber risk very seriously, while 60% understand their key information and data assets.

Science minister David Willetts

Science minister David Willetts

Science minister David Willetts commented: “The cyber crime threat facing UK companies is increasing. Many are already taking this extremely seriously, but more still needs to be done. We are working with businesses to encourage them to make cyber security a Board-level responsibility.”

Development of an official ‘cyber standard’

To tackle the growing threat, the Government is working with industry to develop an official ‘cyber standard’ which will help stimulate the adoption of good cyber practices among business.

Backed by industry, the kitemark-style standard will be launched early next year as part of the £860 million cross-Government National Cyber Security Programme.

Willetts added: “The cyber standard will promote excellence in tackling cyber risks, help businesses better understand how to protect themselves and ultimately increase the nation’s collective cyber security.”

BIS’s cyber governance health check was sent to the chairs of the audit committee of the FTSE 350 companies in August 2013 via the six largest audit firms.

Each company which completed the survey will be offered follow-up advice from one of the firms based on their responses.

The anonymous results, published today by BIS, also show:

•25% of companies considered cyber a top risk
•39% had used the Government’s 10 steps of cyber security guidance
•56% have cyber on the risk register
•17% have clearly set what they see as an acceptable level of cyber risk

Leave a comment

Filed under News

BSIA members invited to tender for Commonwealth Games security contracts

Security arrangements for the Glasgow 2014 Commonwealth Games have taken a major step forward, with the event’s Organising Committee announcing a list of 19 security suppliers who have been invited to tender for a range of Games-specific security contracts.

Among the 19 companies invited to tender are eight members of the British Security Industry Association (BSIA). Their proven track record of delivering security at large-scale events will play an integral role in delivering a solution that Games organisers have planned to include a mix of police officers, private security officers, stewards and military personnel so as to cover all aspects of the security operation.

Commenting on the announcement, which was made on Monday 18 November, Police Scotland deputy chief constable Steve Allen (security director for the Commonwealth Games), said: “Glasgow 2014 will be a fantastic sporting event which we want to ensure people can enjoy from the starting blocks to the finishing line. From the time that athletes and spectators start arriving in Scotland through to the Closing Ceremony, it’s Police Scotland’s absolute priority to ensure a safe and secure Commonwealth Games.”

Allen continued: “To deliver that, Police Scotland and the Glasgow 2014 Organising Committee have spent many months developing a programme through which we will work with the private security industry to deliver appropriate levels of security and stewarding staff. These staff are expected to be deployed in a range of specific, targeted locations across the footprint of the Commonwealth Games, from Games venues and accommodation to training facilities.”

He added: “19 companies have been invited to sign up to framework agreements. Police Scotland will always have the lead role and responsibility in delivering Games safety and security, with private contract security staff used in roles which do not require police officers to carry out those specific functions such as stewarding and venue and site security.”

19 security suppliers have been invited to tender for a range of 2014 Commonwealth Games-specific security contracts

19 security suppliers have been invited to tender for a range of 2014 Commonwealth Games-specific security contracts

Developing security and stewarding solutions

David Leather, Glasgow 2014’s chief operating officer, explained: “Glasgow 2014 has been working positively and collaboratively with Police Scotland and the private security industry to develop security and stewarding solutions which will play a key role in delivering a safe and secure Commonwealth Games next summer.

“We recognise and value the important role that private security suppliers have to play, and we’ve created an opportunity for a wide range of security providers to contribute to delivering a safe and enjoyable Games experience for athletes, officials and spectators alike.”

Among those companies invited to sign up to framework agreements (including both private contract security and contract safety stewarding) are the following members of the BSIA:

Allander Group
Corps Security
Show and Event Security
The Protector Group
Wilson James
G4S Secure Solutions (UK)

James Kelly, CEO of the BSIA, commented: “Our members have a long and successful track record in partnering with the police to deliver successful private and public sector security operations. From national celebrations including the Queen’s Jubilee, Royal Wedding and Olympic Torch Relay to large-scale sporting events like Wimbledon and the Grand National, BSIA members have made significant contributions to securing them all. We look forward to welcoming the results of the procurement process and, of course, to a safe and secure Games.”

James Kelly: CEO of the BSIA

James Kelly: CEO of the BSIA

BSIA membership includes several dedicated sections whose members have experience in securing events. These include Crowd Management, Security Guarding, Leisure Industry Security, Police and Public Services and Specialist Services.

For more information about the BSIA and its members visit:

Further detail about the Glasgow 2014 Commonwealth Games can be found at:

Leave a comment

Filed under News

Tavcom enjoys continued success in UAE

Tavcom Training has begun an extensive programme of CCTV training for students at the International Centre for Security and Safety in Dubai.

Tavcom’s tutors are conducting Foundation and Advanced CCTV courses in partnership with the International Centre for Security and Safety (ICSS) to enhance the skills of local engineers. This is to enable the Department of Protective Systems of the Dubai Police Service to issue licences to those wishing to install and maintain electronic security systems in accordance with international Codes of Practice.

Based at the Dubai Police Academy, the ICSS plays a significant role in the strengthening of the skills of Dubai nationals, as well as local and contracted personnel of various nationalities working in the region. As such, it provides a range of vocational training programmes for individuals involved in the electronic security industry.

During the next 12 months it’s estimated that approximately 1,000 engineers will benefit from the specialist training provided by Tavcom’s expert team of tutors carried out at a purpose-built Training Centre.

In a separate initiative, Tavcom has developed an online training analysis tool on behalf of the Dubai Police Service which is designed to establish a person’s current level of knowledge on a wide range of CCTV technical issues and to analyse what further training is required in order for their licence to be renewed.




Tavcom presentation at EmSEC 2103

Responding to an invitation from the Department of Protective Systems, Tavcom’s CEO Mike Tennent flew to Dubai to carry out a presentation at EmSEC 2013.

This took place at Al Bustan Rotana Hotel on 28 and 29 October and brought together law enforcement and security agencies with elite companies and organisations working in the same field.

Now in its second year, EmSEC – organised by the Department of Protective Systems in partnership with the UK Home Office – Aerospace, Defence, Security & Space organisation – is regarded as the premier platform for showcasing law enforcement and public security solutions in the UAE.

“Understandably, I’m delighted that Tavcom has been given the opportunity in a number of different ways to contribute to increasing knowledge and the raising of standards in respect of CCTV in the UAE,” said Mike Tennent.

“I was particularly pleased to be invited to carry out a presentation at such a prestigious event as EmSEC 2013.”

In his presentation, Tennent highlighted important aspects of the system design process that need to be taken into consideration in order to ensure that specified cameras are fit for purpose.

He also provided some practical tips on how video management software can assist with the display, recording, storage, transmission and retrieval of video evidence and, when necessary, how the use of technology behind the software can be used to enhance poor quality images.

Leave a comment

Filed under News

Xtralis Everywhere portfolio of converged safety and security solutions launched to market

Dignitaries from the City of London Fire Brigade, the US Homeland Security Investigation (HSI) Directorate and the Bank of England presented their thoughts at a gala launch event held in central London.

Xtralis has announced its next generation Xtralis Everywhere (Xtralis-E) portfolio of converged safety and security solutions. This innovative portfolio provides early, reliable detection and remote visual verification of smoke, gas and perimeter threats for businesses, Governments and critical infrastructures.

Among the next generation solutions released are VESDA-E and VESDA Laser Quantum (VLQ) aspirating smoke detectors (ASD) and the ADPRO FastTrace 2E Remotely Managed Multi-Service Gateway (RMG) security platform.

The new safety and security platforms can be enhanced with seamless hardware expansion modules and innovative, remotely downloadable software analytics known as Xapps.

Using Xtralis Xchange (an online licensing portal with a downloadable PC application), Xapps can be quickly deployed to remotely manage, configure and exchange licenses to Xtralis platforms.

In addition, Xtralis has revealed its comprehensive safety and security convergence strategy using these platforms to achieve 100% detection with 0% false alarm rates – a bold goal previously thought to be unattainable.

VESDA-E: 15 times greater sensitivity to smoke

VESDA-E is the next generation of the VESDA ASD system. While the current generation VESDA was considered the benchmark for such systems, VESDA-E surpasses VESDA with 15 times greater sensitivity to smoke and double the longevity while maintaining sensitivity over its lifetime, all with 4% less power consumption.

Xtralis will continue to offer VESDA as a Best in Class ASD for a wide variety of applications while initially focusing VESDA-E on the retail, healthcare, education and office building segments which comprise a large cross-section of the fire prevention market.

VESDA-E is the next generation of the VESDA ASD system

VESDA-E is the next generation of the VESDA ASD system

VESDA-E also delivers a first in aspirating smoke detection: pinpoint ASD addressability at up to 120 holes. This unprecedented capability brings the early, reliable detection of VESDA to mainstream applications with a lower total cost of ownership advantage.

VESDA-E can quickly add monitoring, servicing and detection capabilities with the addition of bolt-on hardware modules called VESDA Stax, including a version of its award-winning ECO gas detection solution. The Stax do not require re-engineering of the smoke detection pipe network.

VESDA-E brings “superior set-up, configuration, monitoring and connectivity options” and features “unique, innovative and downloadable Xapp software applications” which enable new, on-demand monitoring services.

Available immediately are WireTrace Xapp (designed to isolate threats from overheating cables and electrical wires), DieselTrace Xapp (for monitoring diesel smoke trends to enable on-demand ventilation systems) and the DustTrace Xapp (for monitoring dust conditions and enabling corrective response to take place with ventilation).

Monitoring of the VESDA-E detector is available on popular tablets using an iVESDA application.

ADPRO FastTrace 2E: video recording

The ADPRO FastTrace 2E is a four-to-20-channel next generation version of the award-winning FastTrace 2, a Remotely Managed Multi-Service Gateway platform for video recording, bi-directional audio for deterrence, transmission over any network and remotely downloadable software analytics to eliminate threats to a facility through automatic visual detection and verification.

The FastTrace 2E provides “superior detection capabilities” and is up to 86% lower in total cost of ownership than solutions combining discrete recording, transmission (for remote access over any network) and analytics capabilities.

The ADPRO FastTrace 2E is a four-to-20-channel next generation version of the award-winning FastTrace 2

The ADPRO FastTrace 2E is a four-to-20-channel next generation version of the award-winning FastTrace 2

The ADPRO FastTrace 2E is packed with pay-as-you-grow features that can easily be upgraded ‘in-the-field’ with minimum effort, and provides significant installation and operational cost savings versus more traditional deployment methods.

ADPRO FastTrace 2E allows end users to add video channels or migrate between analogue and IP on-site with an upgrade package. End users are able to remotely download applications such as IntrusionTrace (an intrusion detection analytic that is i-LIDS® approved as a primary detection system for operational alert use in sterile zone monitoring applications), LoiterTrace ( a detection analytic for unauthorised loitering in indoor and outdoor applications) and SmokeTrace, which allows monitoring sites to visually verify fire threats before calling the fire brigade, in turn reducing false alarms and significantly lowering the large cost of responding to false fire alarms.

VESDA Laser Quantum (VLQ) brings VESDA-quality value and very early warning (VEW) to compact areas where VEW was previously unaffordable

VESDA Laser Quantum (VLQ) brings VESDA-quality value and very early warning (VEW) to compact areas where VEW was previously unaffordable

VESDA Laser Quantum (VLQ) brings VESDA-quality value and very early warning (VEW) to compact areas where VEW was previously unaffordable. VLQ offers 4 Class-A VEW holes and quick and easy installation and commissioning, covering 1,002 metres (1,000 sq ft).

Target applications include remote telecom exchanges, base stations, portable data centres and other compact critical infrastructure applications.

Converged safety and security solution

Xtralis also unveiled its first converged safety and security solution. Designated SmokeTrace, it’s a FastTrace 2E video analytic to provide remote visual verification of smoke threats and eliminate false alarms while providing real-time situational awareness to improve first responder efficiency and effectiveness.

SmokeTrace PLUS uses the Xtralis OSID smoke detector to alarm on real smoke threats in existing installations where video cameras and traditional smoke detectors are already installed, providing certain visual verification and real-time situational awareness of a smoke threat.

When used with VESDA-E, SmokeTrace allows real-time situational awareness to complement VESDA-E’s addressable pinpoint location identification.

More information on these solutions is available at:

Leave a comment

Filed under News

Reliance High-Tech launches 720˚ Security

A suite of networked services that leverage the power of IP to increase security, efficiency and business intelligence has been introduced to the market by Reliance High-Tech

The 720˚ Security suite of IP services capitalises on the company’s highly accredited monitoring capabilities not to mention the continued growth in networked systems.

Reliance High-Tech 720˚ Security

Reliance High-Tech 720˚Security

Reliance 720˚ has uniquely combined specialist monitoring technologies and IT support capabilities to successfully provide customers with intelligent IP services that have complemented traditional security activities and increase security, efficiency and business intelligence. These include:

• System Health and Usage Monitoring: Live usage and performance monitoring across networked access and CCTV systems to reduce cost and improve resilience through a pro-active and condition-based maintenance regime

• Environmental Condition Monitoring: Monitors critical environments for changes and trends in temperature, moisture, power supply and air quality, in turn ensuring the continued safe operation of facilities and key system components

• Hosted Access Control: A solution that eliminates the day-to-day cost and risk associated with managing an access control system. This includes a safe and simple online card bureau service to manage identities across disparate estates through to complex hosting and storage services

Commenting on the launch, Terry Sallas (managing director of Reliance High-Tech) said: “We have long embraced advances in technology and the growth in networked systems, and we’re now providing innovative services that deliver real value and improved intelligence.”

For details on 720˚ Security go to or e-mail for more information

Leave a comment

Filed under News

CSARN Blog: ‘CryptoLocker ransomware demonstrates criminal innovation’

City Security and Resilience Networks has produced an excellent commentary on CryptoLocker, the latest sophisticated strain of ransomware.

This period has seen the widespread emergence of a sophisticated strain of ransomware called CryptoLocker.

Having infected a computer, invariably via a phishing vector, the malware connects to a command and control server to generate a 2,048 bit RSA cryptographic key (sufficiently complex to deter any attempt to crack it) to encrypt the victim’s files.

The program then demands a ransom of $300 USD via Green Dot MoneyPak pre-paid credit cards or 2 Bitcoins (currently worth around $1,000 US) to decrypt the files. If payment by these anonymised means is not made before the expiration of a 96-hour countdown timer, the victim’s files are permanently encrypted.

In more recent versions of the malware, victims can instead choose to extend this deadline, albeit at vastly inflated prices.

Encryption can also spread to flash drives through private networks, and onto cloud-based storage providers.

CryptoLocker ransomware demonstrates criminal innovation

CryptoLocker ransomware demonstrates criminal innovation

Focus on small businesses

The malware operates on all versions of Windows and appears to be focused on small businesses, presumably on the basis of the combination of data dependence and comparatively weak security practices.

Infections have been most prevalent in the US, with a Massachusetts Police Department reportedly among victims opting to pay the ransom.

In the UK, the newly-formed National Crime Agency has warned that “tens of millions” of malicious e-mails containing the ransomware have been distributed to PC users, though there is currently no evidence of infection on this scale.

Considering current propagation methods, the simplest means of preventing infection is enhanced vigilance to phishing e-mails which feature attachments containing the malware. To date, popular variants have included a document circulated within companies claiming to be a payroll report, designed to pique an employee’s interest, and a document claiming to be parcel tracking information from UPS or FedEx (an approach with particular current appeal due to the upsurge in home deliveries associated with increased online shopping in the run-up to Christmas).

Less common vectors include the exploitation of a vulnerability in Java, and the automatic infection of computers that are part of the Zeus banking Trojan botnet.

Besides user awareness, popular free anti-virus programs such as Avast and MalwareBytes may assist in the detection of such attacks, while CryptoPrevent is specifically designed to prevent infections from this form malware.

Mitigating the worst effects

Though prevention an initial infection is the only guaranteed means of avoiding encryption, some other techniques can help users mitigate the worst effects of the ransomware.

The Windows feature ShadowExplorer allows victims to access previous versions of files. Despite claims to the contrary from the creators, adjusting the time on a PC’s BIOS (Basic Input/Output System, the program used by the operating system to communicate with the hardware on start-up) can buy victims more time.

However, such techniques may be rendered ineffective by future modifications to the ransomware. The creator’s continued financial interest in the ‘integrity’ of the transaction invariably means that payment remains the surest method of regaining access to encrypted files, although there have also been reports of some users’ files corrupting in the decryption process.

While the perpetrators’ sophisticated command and control and payment techniques have helped to maintain their anonymity, evidence that multiple groups are running the ransomware, combined with the program’s use of broken English (“most cheap option” and “nobody and never will be able to restore files”) suggest the possible involvement of Russian criminal gangs, which remain among the world’s leaders in this field.

The ability to constantly adapt has been a significant factor in the success of CryptoLocker. The creators appear to have been monitoring computer security forums for victim ‘feedback’ in order to increase their revenues. This has led to modifications such as the addition of a desktop item to ‘reinstall’ the malware if a victim’s anti-virus software removes their ability to pay after encryption has occurred.

Although current estimates suggest only 3% of the victims opt to pay the ransom, further adjustments and reinvestment of this revenue may increase the attractiveness of this option in the coming period. Accordingly, the authors may increasingly seek to employ alternative methods of infection, such as spear-phishing (highly tailored) attacks with higher ransoms or watering hole attacks, which involve the infection of a trusted third-party website.

This latest strain of ransomware also represents the continuing evolution of the form of malware from relatively unsophisticated ‘Ransomlock’ Trojans which act simply to freeze a user’s interface pending a ransom payment. The increasing success of such tactics despite the currently simplistic means of infection reinforce the need for effective basic security measures.

In addition to the steps above, readers are advised to ensure valuable documents are backed up in secure locations on a regular basis to minimise the impact in the event of such a breach.

Access the CSARN website

Leave a comment

Filed under News