Ransom-ware scammers targeting AU Office 365 and Outlook.com Users

There seems to be a group of people targeting people using the Outlook.com and Office 365 platform. They are sending spoofed messages that are appearing to be coming from Microsoft to people on these services that appear as invoices. When you open up the documents they run code in the background that lets your run-of-the-mill ransomware launch to encrypt your documents.

This is not a flaw in these systems, just people that are being clever to bypass the filtering and target uninformed users. This is a fairly standard practice but it is becoming widespread on these platforms, primarily in Austraila right now.

I took the quote from the original article below but do note that this is not what anyone or myself would call “zero-day”. It is a standard practice for scammers to send out these to people in hopes that they will open them. It is just that in this case, they are targeting users on these specific platforms right now. Any user with an email address can receive these emails.

The ideal thing is to make sure you have working backups BEFORE you need them. This means local backups AND offsite. I personally have a small file server that I backup to and I also use a Cloud Backup service as well to offsite my important data. If you need help getting some sort of backup plan in place for your home or business please contact myself or your local IT person.

Original Article: News.Com.AU

Discovered by leading cyber security company Check Point, the particularly vicious “Zero-day” malware has widely spread across Office 365 — including Word, Excel, PowerPoint, Outlook and other applications.

 

Security analyst Raymond Schippers said cyber criminals were catching unsuspecting victims by asking them to open an invoice sent by email.

 

“The email sent to Office 365 users via Outlook gives the appearance of an invoice in the form of an Office document,” he told news.com.au

 

“When they go to open it, a message will appear telling people the document was created with a previous version of the software, so they will need to click something to enable the content.

 

“Users should not click the message as it will open up the ransomware, which will collect all of their files before asking for a payment to get them unlocked.”

 

 

If you see this message, close the document immediately.
If you see this message, close the document immediately.

Mr Schippers said the cyber criminals would ask for a couple of hundred Australian dollars to be paid, but under no circumstances should people comply.

 

“We are advising users to close the document and delete the email if they have opened it,” he said.

 

“If the message has been clicked and the ransomware installed, people should restore their computers from an available backup.”

 

Of course, Mr Schippers said this should be the last case scenario and reminded people that prevention was the best protection.

 

“People should ensure they keep regular backups of their computers, which should be stored offline. They should install a variety of protections types and should be more wary of suspicious content.”

Dr. Crimmy’s EJuice “Lab” – Questionable Cleanliness and Other Information

Another update. Someone found the floor plan from the realtor who manages the building that Dr. Crimmy’s is in and they have a BATHROOM in their “clean room”. Mmmmm poop particles. They are in Suite 1 and you can verify that from the video and their address.

You can also see from the listing that the back of the building is the same from the “lab” photos below. You’re busted Dr. Crimmy’s.

Property Listing: http://www.brenthoffman.com/listings/l0240.html
PDF of Listing: http://www.brenthoffman.com/pdf/ThompsonBridge2100Info.pdf
PDF Mirror: https://www.timothyhoogland.com/dl/ThompsonBridge2100Info.pdf

Dr. Crimmy's Suite Floor Plan

Update from “Matty Ice” who was the one who posted the photos. He even linked to my post. Thanks!

–Original Post Start–
Today on the Chicago Vape Nation page someone shared some photos that an ex-employee posted from their “lab”. You can see the flavorings, VG, PG, bottles, mailing boxes, and even their labels in these photos (posted below). They were initially claiming that they were NOT their photos but then released a video on Facebook (Source: Kevin Lynch (Owner of Crimmy’s) ). I have also attached the video to this post and a screenshot in case they pull it down.

Crimmys Lab Video From 09/23/2015

Facebook Screenshot Admitting to the Lab Photos
Facebook Screenshot Admitting to the Lab Photos

In the photos, you can see that it is a disgusting environment that they were making ejuice in. I myself started out making it in my kitchen on sterilized tables and used standard safety precautions for myself and the ejuice. This this is just deplorable. They have said on their FB video that this was their old location and this is no longer used.

I tried to join their Facebook group, but they are banning any new people that are trying to find out more information in order to keep things quiet. This is VERY concerning as they are clearly trying to cover something up. Even if they have a new “lab” like they are claiming my guess is that due to how tired this guy in the video looks (from cleaning the “lab” all night), the fact that he looks like he has no idea how to wear the safety gear, and they never enter any of the rooms where juice is made makes me question the legitimacy of this all.

That all being said, I will never recommend Dr. Crimmys to anyone and never purchase it again. I will stick with vendors that actually make liquid in sanitary environments whether that be at their homes using common sense or in a lab. If they were OK with the previous conditions of the place it makes you wonder how bad they will let the new one get.

This post is staying up as they are currently trying to get all the photos removed from other places. I will NOT remove these as the truth needs to be heard.

Dr. Crimmy’s “Lab” Photos (Source: Reddit)

The little fitness band that could – My Review of the Xiaomi Mi Band

Starting this year I have been being more active and taking better care of my health by dieting and working out regularly (weights and some running). I bought my girlfriend a Fitbit Charge HR and while it is pretty great I came across this little $20 fitness tracker. Enter the Xiaomi Mi Band.

While the other fitness trackers do a lot more than this one, what you get for $20 is well worth it. The Mi Band does automatic sleep tracking and step tracking. The best part about it is that you don’t have to do anything. Sleep tracking is automatic and so is the step counter. This device also integrates perfectly with Google Fit so you can have all your stats on your Google account for easy access on any device.

When you buy the Xiaomi Mi Band you need to make sure you are getting the REAL on by Xiaomi and not a knockoff. There are plenty of imitations so if it says DAMI anywhere on the box or listing where you are buying it from this is a FAKE.

When you open the box you get the fitness module, band, and charging cable. You charge up the module with any USB charger and takes about 1 hour to charge to full.

Mi Band Package Contents
Mi Band Package Contents

You slip the module into the band and then download the app to your phone. Now I had an initial issue where I had trouble creating an account in the app but I just went to their website, created an account there, and then signed in on the app.

There’s not much else to it. Just wear it and check the app for your progress. If you want Google Fit integration you can enable that in the app settings. There are also 3rd party apps that you can use to make the Mi Band buzz for different notifications with different colors to let you know you have an email, text, or whatever else you want to have it alert you on. I did not use these apps as I have a Pebble but had I not had a Pebble I would have taken advantage of them.

Let’s go over the pros and cons of this little device.

Pros:

  • Small
  • Battery life (Over 50 days)
  • Inexpensive
  • Good build quality
  • Easy to use
  • Completely waterproof up to 50M

Cons:

  • OEM band broke the first day (still usable, just cosmetic)
  • Hard to find 3rd party or even replacement bands for it (have to use AliExpress or Ebay and order from China)
  • App is not very refined

That’s really all there is to it. The Mi Band is a no-frills fitness tracker that does what it is supposed to do. I had no issues with getting it to sync with my LG G4 and it updated the firmware on the device seamlessly on its own when a new update came out.

The bottom line is if you just want sleep tracking and an accurate step counter this is worth picking up. If you want more than that you will need to look elsewhere. However, there are rumors that a new one with a heart rate monitor is coming out soon. If it does I may have to pick it up. I posted some pictures of the screens and of the 3rd party band I use (purchased on EBay). Enjoy!