News

Recently we heard about a file containing a malicious macro (this is a small program, that once run expands into something larger) that Microsoft have flagged under a family of Trojan viruses that have been targeting MS Office software for several years.

The problem was, there wasn’t an immediate, obvious identification that this file was actually malicious. It’s a Word file that contains seven VBA (Visual Basic for Applications – the programming language used within Office to develop Macros) modules and a VBA user form with a few buttons.

These modules appeared to be legitimate programs powered with a macro; no malicious code found there … However, after further investigation Microsoft noticed some anomalies within the macro. These anomalies cause the macro to connect to a URL and download a Locky ransomware payload.

This means the Locky virus will be downloaded to your PC if macros are enabled when opening the Word file in question.

We strongly suggest that to help prevent Office-targeting macro-based malware from infecting your system, you only enable macros if you wrote the macro yourself, or completely trust and know the person who wrote it.

As always, if you’re unsure about your system’s susceptibility to these attacks, or you would like some assistance preventing or dealing with this, please give us a call.

It only takes a moments inattention to change a normal day into an unimaginable nightmare.  In this particular case, although we are still yet to verify, we are assuming an employee opened an attachment in an email which started a chain of events which had a serious impact on the company’s ability to trade.

The innocent looking email opened contained the file locking Trojan which quickly locked up the file system and prevented access to the data.


Normally we would be able to recover the damaged system by restoring the latest backup. Sadly, in this case, it transpired that the unmanaged backup had stopped working several weeks ago which took away that solution.

Due to the daily cost of the disruption a decision was made to pay the ransom, but unfortunately, this wasn’t a straight forward as one would expect.  The criminal(s) behind the ransom demand, would only accept payment in Bitcoins (Bitcoin is a digital asset and a payment system, transacted online).

Under normal circumstances, setting up a Bitcoin account takes several days.  Computer Culture managed to shorten the process by using a trader that accepted payment via a Smart Eftpos money machine. We had 1 hour to withdraw the cash (compounded by BNZ being down during that timeframe) and deposit the cash at the designated machine.

To shorten the story, the unlock code was sent and the majority of the data was recovered. Paying a ransom was a last resort and an action we found abhorrent.  So serious is that treat that in the UK, companies are purchasing large amounts of Bitcoins to reduce the downtime in the event of a ransom attack. Prevention though is better than trying to find a cure and that is what we focus on at Computer Culture.

There are powerful lessons to be learnt from this experience.
1) Organisations need a level of security to reduce the chances of an intrusion and enable early detection.
2) Organisations need a robust and comprehensive backup system
3) These processes need to be proactively managed and reviewed.
4) There needs to be polices, procedure and staff training to mitigate the risk
5) Consider taking our Cyber Insurance (we can recommend some companies)

If you feel your site does not meet this criteria, please contact us urgently and we will help you through the process.

Contributed by Hugh Burns

Your domain name is critical to your business, both as your online brand, and also as something that controls many aspects of your day to day business operations including:

• Email delivery - ensuring you get your email
• Network functions - for example allowing remote access for workers
• Website - ensuring your public website is up and running
• Communications - for example VoIP phone systems, Skype etc

What many companies don’t realise is that they actually have no “ownership” of their own domain, and we’ll cover that issue in this article.

There are three important bits of information associated with every domain:

• Registrant
• Admin Contact
• Technical Contact

The Registrant is the person or entity that registered the domain, and effectively owns it.
The Admin Contact is the person or entity that the registrant trusts to handle issues or answer questions about any non-technical aspect of the domain management. 
The Technical Contact is the person or entity that the registrant trusts to handle any technical aspect about the configuration of the domain, for example your IT provider.

Unfortunately, what we often see is companies registering domains on behalf of other companies, and not setting these details up correctly. For example a business may get a website designed, and the company that hosts the website registers the domain on behalf of their client, and specifies themselves as the domain owner, and not the business they are registering the domain on behalf of. Remember the Registrant is the owner. If you’re not listed as the Registrant, you don’t own your own domain! If you get into a dispute with the company listed as the Registrant, the results can be disastrous. In extreme cases they could shut off email and other critical functions.

So how can I tell if my domain details are correct?

You can do what’s called a “WHO IS” lookup, which shows the information above. There are many websites that can do this for you, but here is one example: https://www.whois.net/
Enter your domain name (without www or anything else in front, e.g. computerculture.co.nz) which will return the Registrant, Admin Contact, and Technical Contact.

Our best practice recommendation is as follows:

Registrant – this should be the name of your company, not another company, and not an individual
Admin Contact – this should be the name of an individual within your company that can answer questions about the domain management.
Technical Contact – this should be someone who can handle the technical aspects of the domain, for example an internal IT person or your IT support company like us.

Please take the time to review your domain registration details. Its such a critical aspect of your business that often gets overlooked, and can have big consequences if not correct. Sometimes it can just be a timewaster trying to complete tasks like changes to email systems or websites if these details aren’t accurate.

If you would like any help with looking this information up, please let us know, or if you’ve had a look and are not happy with the current registration details, please also let us know and we can assist you with getting it sorted.

Contributed by Steve Shaw

When it comes to people's digital lives, entanglement is pretty much the norm nowadays. Ask almost anyone what's installed on their computer, phone, or digital device and you'll find a combination of work and personal information. We're always online and always connected whether it's to our friends, our family, our co-workers, our clients, or our suppliers. The lines between each piece of this information has become blurred. Now we're simply connected people.

For many, the digital push has started with their work. There's a much better ROI for an organisation than an individual when it comes to cutting-edge digital devices. As such, the devices we become familiar with and embed our digital lives into aren’t actually ours, but the organisation we work for. Likewise, for those whose first email account was provided by work, it easily becomes the default or only account that’s used – both for personal and work relationships.

So what happens when, for better or worse, someone moves on from and out of their native digital environment? Keeping good relationships is an essential part of any organisation, so maintaining a healthy link to an organisation after someone moves on can be key. How then can an organisation or individual prepare for a healthy breakup, digitally speaking?

Like most processes, the first step is always information gathering. What exactly would be lost if someone were removed from your organisations technological infrastructure? Phone numbers and email addresses of friends? A digital music collection? Personal emails? Family photos? Access to an email address linked to bank accounts? Losing any or all of the above could easily sour a relationship.

Once you’ve established just what’s going to be lost, you can then move forward. For each individual there will likely be a need to migrate data. From an organisation, however, the greatest need is to put in place policies and procedures that will set you up for when the inevitable need to disentangle occurs.

If you’re concerned about any of these points, talk to one of our friendly team members for assistance with the data migration.

MYOB have released new information stating they will be ending support on MYOB products still running on technologies, such as Windows 7, that Microsoft has ended mainstream support for.

It’s important to consider upgrading, as running outdated software no longer covered by mainstream support introduces an element of risk into your business. When Microsoft ceases mainstream support for a product, it ceases to fix anything other than security issues.
By continuing to use old technologies you also limit yourself to old programming and components up to a static point in time. In other words, using software that has been on the market for approximately six years means you aren’t able to take advantage of the improvements made in that time.
Considering your IT plays a large part in the operating effectiveness of your business, updating your technology to get the latest features makes good business sense.

If you have any of the following applications in your business practice, you’ll find that MYOB will only be providing limited support for any of their software packages being used in conjunction with them. 
- Windows 7 (all versions)

- Microsoft Office 2010 (all versions)

- Windows Server 2008 (all versions), including SBS 2011 (which is built on Server 2008 R2)

- Microsoft SQL Server 2008 R2, excluding MYOB AO clients with SQL 2008 R2 Express

You’ll need to look into making a plan for change however, as MYOB won’t be providing support beyond the 31st December 2016. This gives MYOB users some time to upgrade their IT infrastructure if required.

Feel free to talk to one of our friendly sales team to create a plan of action and ensure you’ll be operating on MYOB supported technologies in 2017 and beyond.