Cyber Attack Alert

A renewed warning to be aware of Viruses & Cryptolocker RansomWare, Scam emails and hackers. There has been a world wide cyber attack with over 200,000 affected cases already confirmed.

Be alert, this new attack is very sophisticated and it is the first of its kind to be seen. This virus can spread through an entire network rapidly and is not necessarily received via email.

If you receive a virus or are even concerned you may have a virus, do the following:

  • Turn off the computer straight away
  • Call Consulting IT
  • Notify all staff to be alert

If you receive a virus on more than 1 computer:

  • Shut down every computer you have
  • Call Consulting IT

Possible warning signs may be:

  • Unable to access files
  • Strange error messages
  • PC background changes

There is already 1 confirmed case in Australia and another 2 potential cases yet to be confirmed. The nature of this virus is such that it could spread rapidly.

Security & Safety Audit

IT Security & Safety Checklist

□            Do you have a backup of your data?
□            Do you have a plan if your server breaks today?
□            Would you be up and running within 4 hours if your server broke down?
□            Have you ever audited your business’s IT?

If you answered NO to any of these questions, your Data is at risk. Consulting IT is here to help you ensure your Data is safe and secure.

“The worst time to test your backup is when you need it!”

Our Services
  • Desktop and Server Support
  • Helpdesk
  • Cloud & Hybrid Services
  • Network Management and Design
  • Backup Disaster and Recovery
  • Security and Safety Audits
  • Business Support
Why Consulting IT

We are a Logan based business with 15+ years’ experience. We provide IT support for medium sized businesses of up to 250 staff.

Our approach is focused on proactively maintaining our clients’ IT systems.

We work with clients in the mining & energy, manufacturing & engineering industries, not for profit sector and professional services.

We provide you with solutions tailored to your business needs.


It’s not if you get hacked, it’s when!

“9% of breaches are ever found – out of that 1/9 with monitoring and 8/9 by pure luck”. 1 This was a statement tweeted by Sami Laiho on October 17, 2016. Sami is a Microsoft MVP and a leading expert on Windows Security. This is a compelling statement, one which infers that if you haven’t already been hacked, it’s only a matter of time before you are and you may never know!

Hackers operate for many different reasons, often for the challenge it presents and not always to steal your data. Some hackers will simply plant malware on your website that will infect anyone visiting your site, this could cause minimal or no impact to your business. However, others with an intention to inflict pain upon a business, will release viruses or ransomware into a network. The motivation is usually financial benefit or organised criminal activity and could cripple a business.

Hackers with a motivation to cause disruption for political gain or intentional espionage, are impossible to stop, their method is to execute an aggressive attack on servers. As these hackers are often state sponsored (in the case of the US election hackings), they are well resourced and financed.

Businesses are most likely to fall victim to the “low hanging fruit hack”, this is where automated objects (bots) continually look for weaknesses in security, such as servers and firewalls that are not properly maintained or updated, viruses that have not been removed or untrained staff who are deficient in adhering to security protocols. It’s only when the bots detect a weakness that a physical person gets involved in the hack to investigate the opportunities and find an opening to plant viruses or malware.

Early in 2016 news broke of a medical centre in Los Angeles which was being held to ransom; reportedly to the sum of $3.6 million USD to decrypt their systems including all of the hospitals patient files. In this case hackers found an opening and tunnelled into the system where they found a number of vulnerable points and they released a CryptoLocker virus (a form of ransomware where all of the computers files are locked and the hackers request a ransom to unlock the files). The virus was released into the system and the hackers shut the system down internally so the IT consultants for the hospital could no longer access the systems. The attack destroyed the backups and current data.2

With bots continually trolling for the low hanging fruit targets, it’s inevitable that businesses will be hacked at some point if they haven’t already. Businesses need to protect themselves from the possibility of lengthy interruptions or the worst case scenario of a complete loss of data, by having at a minimum, functioning, regularly tested offsite backups and preferably, a complete disaster recovery plan.

At the very minimum you need offsite backups that are stored in a location not attached to your business, usually in a cloud environment or at an alternative location. If a hacker is successful in gaining access to your server, they are likely going to lock or destroy your local backups first and then follow the path to your offsite backup. This activity should raise alarms with your monitoring software and will also give you another layer of protection as they will need to either hack your host or managed services provider. A complete disaster recovery plan is yet another layer of protection for your data as it could be structured so that the offsite backup is in a location that your server cannot see.

Any business that requires their data, needs to ensure that they have a tried and tested solution for the recovery of their data. The worst is coming…


  1. Link to Sami Laiho Twitter

2. Link to an LA Medical CryptoLocker story

Cryptolocker Virus Warning to 365 Users

365 Users are the latest targets of ransomware viruses such as Cryptolocker and it’s various mutations. You may even see the term “Cerber Attack” used in the media to describe these ransomware infections.

This latest threat was received by 365 users as spam or phishing emails and the file attached contained the virus. When the attachment was opened it had a message at the top of the screen asking you to “Turn on the Edit mode and click on Enable Content” similar to the below images.

Image 1

Image 2

Image 1 is similar to a message we have all seen on Microsoft products.
Image 2 is not a normal Microsoft warning and should be an indication that there’s a problem with the file.

By clicking enable content the virus was activated. Once activated, the virus acted like all other Cryptolocker viruses and started locking up files it determined as being “important” to the user and displayed a ransom note. However, this virus also broadcasted a message over the users speakers telling them about their files being locked up “encrypted” as well as read the ransom note to them.

Microsoft have since blocked this particular virus, however, it is important to note that we shouldn’t rely solely on a programs built in security tools or antivirus as the only protection against Cryptolocker attacks. Especially when Cryptolocker virus attacks are sadly becoming a daily occurrence.

What you can do

  • Always keep your antivirus up to date
  • Always backup your data files, photos (anything you don’t want to lose) to another location and regularly
  • Do not open attachments to emails from sources you don’t know
  • If you are waiting for an email with an attachment, check the sender and other information in the body of the email (such as grammar and spelling) prior to opening
  • Check with Consulting IT if you are not sure of the files legitimacy, it’s better to be safe, than sorry.

We can help you!

We are constantly upgrading our own security and testing new products that may benefit your security. We can provide you with a tailored solution to suit your businesses security needs such as:

  • Antispam
  • Antivirus
  • Backups / Disaster Recovery
  • Hardware to improve overall security

Apple issue safety recall on Adapters

Apple have issued a safety notice to all customers who may have an affected adapter.

If you have a wall plug adapter with 4 or 5 characters (or no characters) running up and down on the part of  plug that attaches to the adapter, then it is part of the recall.

Check all of your Apple plugs (even if you have plugs you use in other Countries).

Apple have an exchange process for all affected adapters. You will need the serial number from your iPhone, iPad etc and you can either take the adapter to your nearest Apple store or request a replacement online and they will provide you with a newer version of the adapter.

Click here to visit the Apple site and view the recall information.

California hospitals $3.6 million Ransom by CryptoLocker Virus

Recent reports indicate that a Medical Centre in California is being held to ransom for $3.6 million dollars by Hackers who’ve released a CryptoLocker / Ransomware Virus on their network. Read more

Don’t be fooled and think that this “could only happen in America”. This is a very real possibility for all businesses in Australia (and around the world).

Business owners can no longer afford to ignore this issue, as businesses here in Australia are being attacked by the CryptoLocker / Ransomware Viruses and/or Hackers every day. We published an article to clients just last week about making sure that your backup data is stored in a different location to your actual data. Since then, we have had yet another client impacted by CryptoLocker and once again they were lucky to only lose a couple of hours of data and time, due to their backup systems and design.

We are once again reviewing our data security and that of our clients.

If you are concerned about your data security, contact us today.




CryptoLocker / Ransomware Viruses – Secure your Data!

We have yet another client affected by a variant of the CryptoLocker and Ransomware viruses. This client has 100 employees across multiple locations. They were severely impacted and could have suffered major data losses.

CryptoLocker viruses lock your files and programs. The virus stops you from accessing your files and then demands you pay a ransom to unlock them. This latest virus appeared to have been sent from Australia Post.

The correct backup plan is becoming critical for businesses. The offsite backup of your data must be in a different location and on a different network to your actual data. If it is not, the virus is capable of affecting your backups as well as your actual data. This can potentially make recovering your data impossible and/or extremely expensive to attempt to recover. Recovery attempts in this scenario can have major outage impacts for businesses ranging from days to weeks.

Correct use of real-time mail, spam and virus filtering, alongside real-time SPI (Statefull Packet Inspection) of all data passing through the internet to your network, can also help mitigate a virus threat attacking your business.

This client was “lucky”, we worked through the night to remove the virus, which had affected 10’s of 1000’s of files in a short period of time. We managed to stop the virus from spreading any further and recover their data through our diligent backup maintenance.

Although the client lost time and a small amount of data, we were still able to remove the virus from their system and restore their data from backups that were stored in a different location. Without this setup, they would have lost more than just 12hrs of time, they would have lost every file and program required to run their business, unless they paid the ransom.

These viruses are extremely difficult for virus scanners to pick up and can get through sophisticated systems, which is why it’s even more important for you to have the correct backup management plan in place for your business.

If you would like to know more about how to secure your data or are concerned that you may have received a virus, please do not hesitate to contact us.

Windows 10 has arrived!

Microsoft have released Windows 10 and are calling it their best version of Windows.

Windows 10 includes a start menu that many users missed in previous versions, is easier to use and includes greater security then previous versions.

Consulting IT have been using Windows 10 for a few months now and our team can answer any queries you may have about using this latest Windows version.

Many users may even qualify for a free upgrade to Windows 10, please contact us to find out more.

CryptoLocker Viruses

CryptoLocker Viruses are once again attacking computers and servers.

We have had 2 clients recently who were severely impacted by CryptoLocker viruses, causing major data losses.

We worked for several hours (days actually) to recover their data for them through our diligent backup maintenance, however, they did lose their valuable time because of these viruses.

These last 2 viruses were received as attachments to emails in the format of Resumes. If you are not currently recruiting or expecting resumes to be emailed to you, then do not open any attachments you receive labelled as Resumes. These viruses are extremely difficult for virus scanners to pick up, so a reminder to always be careful opening attachments to emails, even if you do know who the sender is.

If you are concerned that you may have received a virus, please do not hesitate to contact us.

G20 Is almost here, are you ready?

We have identified a number of  our clients who will be affected by the G20 Summit, whether by road closures or simply because they are within (or located near) the security areas.

Some questions we have asked our clients and you may wish to consider…

  • Are you planning on working on the Brisbane Holiday day 14th November or over the  weekend of 15th & 16th  November?
  • Are you closing your office for the week or just a day (10th -14th November)?
  • Do you plan to work away from the office during this time or require the ability to do so?

If you answered yes to any of the above please let us know if we can be of assistance to you.

If you would like to find out more about the restricted areas and road closure, please visit the G20 Summit Website