Is the Momo Challenge real, or an online hoax? Fact Check

BY CRAIG CHARLES ON FEBRUARY 25, 2019
https://www.thatsnonsense.com

A number of messages and warnings across the Internet describe an apparent phenomenon called the “Momo Challenge”. Many such warnings claim it is a game where children are tricked into performing increasingly violent acts including self-harm, sometimes even culminating in suicide.

Many such warnings claim the “game” is spreading on social media apps including Facebook and WhatsApp. The game is usually illustrated by a wide eyed, dark haired woman with creepy facial features.

An example is below.

FUMING IS NOT THE WORD, PASS THIS ON
So apparently there is a new thing called “the Momo challange” where this head thing is telling kids on YouTube to do dangerous stupid stuff. It starts with it coming out of an egg then develops in to hide and seek then moves on to more “fun stuff like” , turn the oven on, take pills, how to stab someone etc 😡
Your children will tell you this isn’t true as it threatens them not to say anything orels bad thing’s will happen to family members.
Apparently its leaked on to kids YouTube and comes on half way through a video to avoid being caught by adults and scares your kids in to saying nothing but doing dangerous stuff.
This has to be one of the most horrendous things iv ever seen. The face of it is a joke but the concept is horrendous.
Would hate for this to happen to any of my friend’s and family.
Until YouTube can 100% guarantee this is not a thing, there will be no more YouTube in this house.

Naturally the question many are asking – especially concerned parents – is whether the Momo Challenge is real, and should parents be alarmed?

The reality is that the Momo Challenge could be considered a number of different things, and whether it is real or something to be worried about largely depends on what you consider it to actually be in the first place.

“Momo” herself (or itself) isn’t real. It’s Internet folklore, rising up from the same murky corners of the Internet as other contemporary and passing crazes such as “Slenderman” and the very similar “Blue Whale”. The grotesque figure illustrating Momo is a sculpture, created by a Japanese special effects outfit called Link Factory. The figure is called “Mother Bird”, not “Momo”, and it’s got nothing to do with any sort of online challenge.

Additionally, there is no evidence that “Momo” can magically “hack” your phone, force her image to appear on your device or do any other sort of digital trickery, as claimed by many reports. There are no reports of “Momo” (or anyone purporting to be “Momo”) creeping into people’s rooms, or committing acts of murder for those that do not obey the “challenge”.

And there is no specific “challenge” either. There is no universal set list of tasks that those who engage in the “challenge” are told to do.

In this sense at least, Momo isn’t real. It isn’t a person, a monster, or any kind of individual hell bent on luring children or teenagers into committing acts of violence. There is no “Momo”, other than what we – and the Internet – make Momo out to be.

Taking a more pragmatic approach, while Momo isn’t real in the above sense, the Momo Challenge is a real phenomenon, perhaps most accurately described as somewhere between a viral prank, a media-fuelled alarmist craze and a potential form of cyber-bullying that should indeed be a genuine concern for parents.

It’s 90% Prank

If you come across Momo’s image, or references to her, on the Internet, it’s likely to be the prank side you’re seeing. Reports are commonplace that Momo has been “spotted” in Facebook groups, YouTube videos, in user-generated games such as Minecraft and Roblox as well as other corners of cyberspace.

But it’s unlikely that some obscure, ethereal being has infiltrated that part of the Internet looking for its next would-be victims. What you’re seeing is what the Internet does best. The proliferation of a prank. Keeping a craze alive. Scaring children, and needlessly alarming parents. For example, one thing we persistently notice after debunking viral “hacker” warnings on social media is that in the direct aftermath of the viral hoax, we see a surge of new social media accounts appear using the same name as the alleged hacker. The new accounts are not hackers, of course. Rather just pranksters cashing in on the popularity of the hoax.

Media fuelled craze

When it comes to clickbait, headlines don’t get better when discussing panic-inducing Internet challenges that have been ambiguously “linked” to teenage suicides. It’s the sort of headline that attracts clicks like a flame attracts moths. Which is why you’ll find no shortage of media outlets breathlessly warning parents to keep their children safe from Momo.

But in 2018, an Indian fact-check website investigated several cases of suicides in India and Argentina where local media had claimed the Momo Challenge was involved. In every case, police had either denied that the Momo Challenge played any part in the deaths and the link was erroneous, or that other more overriding factors (low school grades, depression, sexual abuse) had played a more significant role.

A form of cyber-bullying

While media are often quick to report on vague “links” between suicides and Internet crazes, phenomena like the Momo Challenge can serve a real purpose in that they can demonstrate the inherent dangers of allowing children and young teens to use the Internet unsupervised.

Whether it’s the dangers of being exposed to mature content, the dangers associated with connecting with strangers or the danger of cyber-bullying, the Momo Challenge serves as a timely reminder that the Internet can be a dangerous place for both young and vulnerable minds.

Protecting your children as they use the Internet is paramount. This includes supervising what they see, blocking or preventing access to platforms that contain adult content, educating children on popular Internet threats, teaching them not to give away their personal information and perhaps most importantly encouraging an open dialogue where parents and children can be honest about what they encounter when using the Internet.

It is this approach that will best protect kids when using the Internet, and that encompasses passing crazes like Momo, and whatever her successor will be.

An opportunity for scammers?

Scammers and cyber-crooks will always looking for ways to exploit viral trends, and the Momo Challenge isn’t likely to be any different. Crooks may use search trends (people looking for information concerning Momo) to lure visitors to booby trapped websites, or may use the guise of Momo to trick victims into handing over sensitive information that may result in someone falling for a cyber scam such as identity theft.

Sextortion Scammers Using Email Address Spoofing to Fool Victims


written by Brett M. Christensen February 1, 2019
www.hoax-slayer.net

Fake blackmail sextortion scams are increasingly common. Typically, sextortion scammers send out thousands or even millions of identical emails claiming that they have captured video of the recipient visiting a porn site. The scammers threaten to send the compromising video to all of the recipient’s contacts if they do not receive a “keep quiet” payment via Bitcoin. But, the scammers have not created a compromising video. Nor have they hijacked the recipient’s contact list. The whole thing is a bluff. However, the scammers know that at least a few recipients will be panicked into sending the requested money. To increase their chances of success, the scammers use a variety of dirty tricks to convince potential victims that the claims in their fake blackmail messages are true.

Email Spoofing Trick
One such trick is to make it appear that the email was sent from your OWN account thereby supposedly proving that they have indeed compromised your device as claimed.

Here’s an example from a typical scam email:

Your account has been hacked by me in the summer of this year.I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email address removed]: [password removed] (on moment of hack).

If you look at the sender address of the email, it will display YOUR email address. So, it may seem that the sender has indeed broken into your account to send the email. But the scammer has simply forged the header of the email so that your email address appears as the sender. This is a technique known as “spoofing’ and is not difficult to do. In other words, the email did not come from your account at all. It just looks that way because of the forged email headers.

Other Dirty Tricks
As I discuss in more detail in another report, the scammers often include user passwords in their scam emails as a way of making their false claim seem more plausible. And, in another variation, the scammers include the recipient’s phone number along with the password. The scammers are extracting passwords and phone numbers from old data breaches and automatically matching them to the corresponding email address. They can then distribute vast numbers of emails that are identical except for the password and phone number that matches each email.

Don’t Respond — Just Hit “Delete”
If you receive one of these scam emails, don’t be fooled. By including real passwords and real phone numbers, and making it appear that the recipient’s account sent the message, the scammers significantly increase the likelihood that their claims will be taken seriously. More people will fall for the ruse and send their money to the criminals. But, despite these clever tricks, the emails are still just empty bluffs. To reiterate, the sender has not hacked your computer and has not created a compromising video of you.

Don’t respond. Just hit the “delete” key.

New Phishing Email – Don’t get caught

There is a new phishing email doing the rounds claiming your incoming emails are on hold and to click one of the actions listed in the email. ( see below )

There are a number of clues to prove its spam.

Firstly the from address on service@vienna.taskwunder.com – not any Office 365 admin email address I’ve ever heard of! 🙂

Secondly – hover (don’t click) the links – they link to www.nlsandton.me – again not any email provider anyone’s ever heard of.

If you get this mail – simply delete it! 🙂

Lloyds Bank fake email “FW: Incoming BACs Documents”

Just received the email below – proporting to be from Lloyds Bank – looks genuine enough but clearly it is just another phishing email looking to grab some details off you or drop some malware or Virus on your PC. If you receive this email – delete it. Do not click on the PDF link in the email

If you have already done so – contact me and I can clean your PC for you. If you don’t have a decent anti-virus – I can help you there too as I resell BitDefender GravityZone – one of the best on the market.

The Worst Passwords of the last year

Everyone who uses a PC or Mac gets told not to use easy to guess passwords like “123456” or “password” . As it turns out – people obviously aren’t that bothered as they still use them.

Password management application provider SplashData on Tuesday released a list of the 100 Worst Passwords of 2017, compiled from more than 5 million passwords leaked during the year. For a fourth consecutive year, “123456” and “password” took the top two spots on the list.The list included plenty of other usual suspects like “qwerty” (No. 4), “football” (No. 9), “iloveyou” (No. 10) and “admin” (No. 11), along with some new additions, including “starwars,” which ranked as the 16th worst password of 2017.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” SplashData CEO Morgan Slain said in a statement. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Other new additions to the list this year included “letmein” (No. 7), “monkey” (No. 13), “123123” (No. 17), “hello” (No. 21), “freedom” (No. 22), “whatever” (No. 23) and “trustno1” (No. 25). SplashData warned that using any of the passwords on the top 100 list “would put users at grave risk for identity theft.”

The company recommends using passphrases instead of simple passwords, mirroring advice earlier this year from the National Institute of Standards and Technology. Passphrases should include at least 12 characters and a mix of characters, including upper and lower cases, SplashData recommended. Users should also be sure to set a unique password for each website, and consider using a password manager.

Without further ado, here’s SplashData’s list of the top 25 worst passwords of 2017. To see the full 100, click here.

1 – 123456
2 – password
3 – 12345678
4 – qwerty
5 – 12345
6 – 123456789
7 – letmein
8 – 1234567
9 – football
10 – iloveyou
11 – admin
12 – welcome
13 – monkey
14 – login
15 – abc123
16 – starwars
17 – 123123
18 – dragon
19 – passw0rd
20 – master
21 – hello
22 – freedom
23 – whatever
24 – qazwsx
25 – trustno1

Shame, confusion among office workers spur record numbers to give in to ransomware

Posted by : https://businessinsights.bitdefender.com/shame-confusion-among-office-workers-spur-record-numbers-to-give-in-to-ransomware

By Filip Truta on Nov 03, 2017

Despite considerable efforts to educate employees on ransomware, many organizations still don’t know what to do if they fall victim to an attack. According to part 2 of Intermedia’s Data Vulnerability Report, a record number of employees and their employers are paying ransom.

Intermedia examined the security habits of more than 1,000 office workers and found that many employees draw a blank when they fall victim to ransomware. About a third admit they aren’t even familiar with ransomware.

“This lack of awareness, paired with massive global attacks such as WannaCry and Petya (and new strains popping up all the time like Bad Rabbit), is resulting in both employees and employers paying ransoms in record numbers,” according to the report.

Although 70% of office workers say their organization regularly communicates about cyber threats, employees aren’t always told what exactly to do if hackers seize their computer. Because of this, employees hit by ransomware sometimes take matters into their own hands, which can dramatically undermine their organizations’ security efforts.

In fact, the study shockingly reveals that employees shoulder the costs of ransomware payments more often than their employers – 59% paid the ransom personally, and 37% said their employers handled the payment.

In organizations where WannaCry was named as part of the cybersecurity training, as many as 69% of employees paid a ransom themselves. Intermedia suggests shame, as well as lack of knowledge, may drive employees to pay ransom themselves.

Other findings include:

  • Over 73% of Millennial workers affected by ransomware report paying a work-related ransom
  • 68% of impacted owners / executive management said they personally paid a work-related ransom
  • Small and medium-sized businesses are particularly vulnerable to ransomware attacks as they lack the resources, tools and/or training that larger organizations use to recognize, prevent and protect themselves
  • Ransom paid by office workers averages $1,400
  • Growth in ransomware attacks is directly linked to the increased willingness of victims to cough up ransom money

To mitigate the risk of falling victim to a ransomware attack, companies would be smart to employ a proven enterprise security solution trained in sniffing out not just ransomware, but any kind of malware.

Regular backups are also a good idea. In case of an attack, organizations can restore from backup with little or no harm to their operations and, ultimately, their bottom line.

With ransomware damage costs predicted to exceed $5 billion in 2017 (up from $325 million in 2015), and the General Data Protection Regulation just around the corner, doing nothing is no longer an option – neither for big corporations nor for small businesses.

Hackers Distribute Malware-Infected Media Player to Hundreds of Mac Users

Yet another software supply-chain attack hits popular applications.
Lucian Constantin
Oct 20 2017, 3:52pm
https://motherboard.vice.com/en_us/article/bj789w/elmedia-player-malware-hack-mac-trojan

Hackers managed to compromise the website of a company that develops several popular apps for Apple computers, distributing malware-infected versions of those apps to hundreds of users. Security researchers from antivirus firm ESET reported Friday that the free version of Elmedia Player distributed from Eltima Software’s website contained a macOS information stealing trojan known as OSX/Proton. The same malware was distributed earlier this year through another trojanized version of a popular macOS application called HandBrake.

Eltima told me in an email that hackers also managed to trojanize one of the company’s other applications, an internet download manager called Folx that also acts as a BitTorrent client. The Proton malware is capable of stealing a lot of data from infected computers including history, cookies, bookmarks, and log-in data from browsers; cryptocurrency wallets; SSH authentication keys; macOS keychain data; Tunnelblick VPN configuration data; PGP encryption keys and data stored in 1Password, a password management application.

Elmedia Player has 1 million users as of August, according to Eltima. The company provides free and paid versions of its software programs and distributes them through its website and through the Mac App Store. Only the installers for Elmedia Player and Folx downloaded by users from the company’s website contained the Proton trojan, an Eltima spokeswoman told me. “The built-in automatic update mechanism [of the applications] seems to be unaffected.”

The security breach happened Thursday and was discovered relatively fast by ESET who reported the incident to the software developer. The malicious installers were available on Eltima’s website for around 24 hours and were downloaded by almost 1,000 users. “Users who downloaded and executed the software on October 19 before 3:15 PM EDT, are likely compromised,” the ESET researchers said. On Friday morning, Eltima announced that both apps are now “safe to install and malware-free.”

The attackers don’t appear to have compromised the company’s development infrastructure, as happened recently with the developer of a Windows application called CCleaner. Instead, the hackers just managed to hack into Eltima’s website through a vulnerability in a JavaScript-based library called TinyMCE. The malicious installers were not digitally signed with Eltima’s Apple developer certificate, but with a different developer ID under the name Clifton Grimm. It’s not clear if this certificate was obtained from Apple by using a fake identity or if it was stolen from another developer. Gatekeeper, Apple’s first line of defense against malware, allows signed binaries to execute without warning by default, Patrick Wardle, director of research at Synack and a macOS security expert, told me in a Twitter direct message. Because of this, most Mac malware is now signed with stolen or fraudulently obtained Apple developer IDs, with the latter being much more likely, he said. “It appears Apple has a problem with ensuring only legitimate developer IDs are given out,” Wardle said.

Apple revoked the misused Clifton Grimm certificate after being alerted by ESET and Eltima, but users who downloaded and executed the rogue Elmedia Player and Folx installers before this happened didn’t get a Gatekeeper warning. At installation, Proton displays a fake password authorization window in order to gain system administrator privileges. It’s not unusual for legitimate applications to request such access, so users might easily be tricked into inputting their password. There is some evidence that this new attack might have been perpetrated by the same attackers who compromised a legitimate download server for the HandBrake video converter application in May and distributed a malicious version of that program to macOS users.

In both cases, the trojanized installers infected computers with Proton and in both cases the malware’s command-and-control servers used domain names similar to those of the compromised software. The difference is that the rogue HandBrake installer was not digitally signed, meaning that users would have had to override Gatekeeper manually in order to install it.

To determine if they’ve been infected users can search their systems for the presence of the following files or directories: /tmp/Updater.app/, /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist, /Library/.rand/ and /Library/.rand/updateragent.app/. If any of them exist, Proton was installed, according to ESET.

“As with any compromise with an administrator account, a full OS reinstall is the only sure way to get rid of the malware,” the ESET researchers said. “Victims should also assume that the secrets outlined in the previous section are compromised and take appropriate measures to invalidate them.”

Software supply-chain attacks pose a very serious danger because they abuse the existing trust relationship between users and software developers. These attacks can happen in several ways and can be very hard to detect and prevent. Attackers recently managed to distribute infected versions of CCleaner—a Windows system optimization tool—to over 2.2 million users after hacking into the program developer’s infrastructure. Last year, attackers hacked into the website of popular open-source Transmission BitTorrent client on two separate occasions and distributed infected installers to macOS users.

In order to compromise Macs, attackers need a way to get malicious applications onto them, and hacking into a legitimate developer’s website to surreptitiously trojanize a popular app is a great way to achieve this, Wardle said. We’ve seen attackers use this mechanism before, so it won’t be surprising if they continue to rely on this attack vector, he said.

KRACK attacks – is your Wi-Fi at risk ?

Here’s what its all about and what to do

The latest bug to hit with its own logo called the KRACK Attack. KRACK attacks mean that most encrypted Wi-Fi networks are not as secure as you think.
KRACK works against networks using WPA and WPA2 encryption, which these days covers most wireless access points where encryption has been turned on.
An attacker within Wi-Fi range could, in theory, sniff out some of the encrypted traffic sent to some of the computers in your organisation or home. Even if an attacker can only “bleed off” small amounts of traffic, in dribs and drabs, the end result could be very serious.

KRACK explained

KRACK is short for Key Reinstallation Attack, which is a curious name that probably leaves you as confused as we felt when we heard about it, so here’s our extremely simplified explanation of what happens (please note this explanation covers just one of numerous flavours of similar attack). At various times during an encrypted wireless connection, you (the client) and the access point (the AP) need to agree on security keys.
To do so, a protocol known as the “four-way handshake” is used, which goes something like this:
(AP to client) Let’s agree on a session key. Here’s some one-time random data to help compute it.
(Client to AP) OK, here’s some one-time random data from me to use as well.
At this point, both sides can mix together the Wi-Fi network password (the so-called Pre-Shared Key or PSK) and the two random blobs of data to generate a one-time key for this session.
This avoids using the PSK directly in encrypting wireless data, and ensures a unique key for each session.
(AP to client) I’m confirming we’ve agreed on enough data to construct a key for this session.
(Client to AP) You’re right, we have.

The KRACK Attacks (with numerous variations) use the fact that although this four-way protocol was shown to be mathematically sound, it could be – and in many cases, was – implemented insecurely. In particular, an attacker with a rogue access point that pretends to have the same network number (MAC address) as the real one can divert message 4 and prevent it reaching the real AP. During this hiatus in the handshake, the client may already have started communicating with the AP, because the two sides already have a session key they can use, albeit that they haven’t finalised the handshake. This means that the client will already be churning out cryptographic material, known as the keystream, to encrypt the data it transmits.

To ensure a keystream that never repeats, the client uses the session key plus a nonce, or “number used once”, to encrypt each network frame; the nonce is incremented after each frame so that the keystream is different each time. As far as we can determine, all the KRACK attacks involve reused keystream material accessed by “rewinding” crypto settings and thus encrypting different data with the same keystream. If you know one set of data you can figure out the other – that’s the best case; some cases are worse than that because you can as good as take over the connection both ways.

Back to the handshake

At some point, the real AP will send another copy of message 3, possibly several times, until the rogue AP finally lets the message get through to the client.
The mathematical certainty in the protocol now meets cryptographic sloppiness in its implementation.
The client finalises the handshake at last, and resets its keystream by “reinstalling” the session key (thus the name of the attack), and resetting the nonce to what it was immediately after stage 2 of the handshake.
This means the keystream starts repeating itself – and re-using the keystream in a network encryption cipher of this sort is a big no-no.
If you know the contents of the network frames that were encrypted the first time, you can recover the keystream used to encrypt them; if you have the keystream from the first bunch of network frames, you can use it to decrypt the frames encrypted the second time when the keystream gets re-used.
Even if attackers are only able to recover a few frames of the data in any session, they still come out ahead.
Gold dust sounds less valuable than a gold ingot – but if you collect enough gold dust, you get to the same value in the end.

What to do

Changing your Wi-Fi password won’t help: this attack doesn’t recover the password (PSK) itself, but instead allows an attacker to decrypt some of the content of some sessions.
Changing routers probably won’t help either, because there are numerous variants of the KRACK Attacks that affect most Wi-Fi software implementations in most operating systems.

Here’s what you can do:

Until further notice, treat all Wi-Fi networks like coffee shops with open, unencrypted, wireless.
Stick to HTTPS websites so your web browsing is encrypted even if it travels over an unencrypted connection.
Consider using a VPN, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way.

Apply KRACK patches for your clients (and access points) as soon as they are available.

Simply put, if you ever use open Wi-Fi access points (or Wi-Fi access points where the password is widely known, e.g. printed on the menu or handed out by the barista), you are already living in a world where at least some of your network traffic could be sniffed out at will by anyone. The precautions that you take in those cases – why not take them all the time? If you always encrypt everything yourself, in a way that you get to choose and can control, you never have to worry what you might have forgotten about.

 

Unifi Networks were one of the first to release patches for their routers and firewalls – if you are interested in upgrading your wireless network to Unifi Enterprise grade – speak to me http://prpcs.co.uk/services/wifi-optimisation

Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak

By Catalin Cimpanu at www.bleepingcomputer.com
June 27, 2017 05:46 PM 63

Cybereason security researcher Amit Serper has found a way to prevent the Petya (NotPetya/SortaPetya/Petna) ransomware from infecting computers.

The ransomware has been wreaking havoc across the globe today, locking hard drive MFT and MBR sections and preventing computers from booting. Unless victims opted to pay a ransom (which is now pointless and not recommended), there was no way to recover their systems.

In the first hours of the attack, researchers believed this new ransomware was a new version of an older threat called Petya, but they later discovered that this was a new strain altogether, which borrowed some code from Petya, hence the reason why they recently started it calling it NotPetya, Petna, or as we like to call it SortaPetya.

Researchers flocked to find killswitch mechanism

Because of the ransomware’s global outreach, many researchers flocked to analyze it, hoping to find a loophole in its encryption or a killswitch domain that would stop it from spreading, similar to WannaCry.

While analyzing the ransomware’s inner workings, Serper was the first to discover that NotPetya would search for a local file and would exit its encryption routine if that file already existed on disk.

The researcher’s initial findings have been later confirmed by other security researchers, such as PT Security, TrustedSec, and Emsisoft.

This means victims can create that file on their PCs, set it to read-only, and block the NotPetya ransomware from executing.

While this does prevent the ransomware from running, this method is more of a vaccination than a kill switch. This is because each computer user must independently create this file, compared to a “switch” that the ransomware developer could turn on to globally prevent all ransomware infections.

How to Enable the NotPetya/Petna/Petya Vaccine

To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna (yeah, this naming is annoying), simply create a file called perfc in the C:\Windows folder and make it read only. For those who want a quick and easy way to perform this task, Lawrence Abrams has created a batch file that performs this step for you.

Please note that he batch file will also create two addition vaccination files called perfc.dat and perfc.dll. While my tests did not indicate that these additional files are needed, I added them for thoroughness based on the replies to this tweet.

This batch file can be found at: https://download.bleepingcomputer.com/bats/nopetyavac.bat (PR PC Support takes no responsibility for use of this batch file – although it has been checked out )

For those who wish to vaccinate their computer manually, you can do so using the following steps. Please note that these steps are being created to make it as easy as possible for those with little computer experience. For those who have greater experience, you can do it in quite a few, and probably better, ways.

First, configure Windows to show file extensions. For those who do not know how to do this, you can use this guide. Just make sure the Folder Options setting for Hide extensions for known file types is unchecked like below.

Once you have enabled the viewing of extensions, which you should always have enabled, open up the C:\Windows folder. Once the folder is open, scroll down till you see the notepad.exe program.

Once you see the notepad.exe program, left-click on it once so it is highlighted. Then press the Ctrl+C ( Ctrl+C Button) to copy and then Ctrl+V ( Ctrl+V Button) to paste it. When you paste it, you will receive a prompt asking you to grant permission to copy the file.

Press the Continue button and the file will be created as notepad – Copy.exe. Left click on this file and press the F2 key on your keyboard and now erase the notepad – Copy.exe file name and type perfc as shown below.

Once the filename has been changed to perfc, press Enter on your keyboard. You will now receive a prompt asking if you are sure you wish to rename it.

Click on the Yes button. Windows will once again ask for permission to rename a file in that folder. Click on the Continue button.

Now that the perfc file has been created, we now need to make it read only. To do that, right-click on the file and select Properties as shown below.

The properties menu for this file will now open. At the bottom will be a checkbox labeled Read-only. Put a checkmark in it as shown in the image below.

Now click on the Apply button and then the OK button. The properties Window should now close. While in my tests, the C:\windows\perfc file is all I needed to vaccinate my computer, it has also been suggested that you create C:\Windows\perfc.dat and C:\Windows\perfc.dll to be thorough. You can redo these steps for those vaccination files as well.

Your computer should now be vaccinated against the NotPetya/SortaPetya/Petya Ransomware.

Beware new WhatsApp Scam

A scam text message has been doing the rounds stating that WhatsApp is about to start charging people to use the service. It is not true.

The text message invites people to click on a link and pay 99p for a lifetime subscription to the service because their current subscription has come to an end.

However, it is a scam and anyone who receives it should delete it immediately, do not click in the link and certainly don’t hand over your bank details.

If you have clicked the link then you’re probably wise to run antivirus software.

When it was launched, WhatsApp did charge 99p after the first year but that was later scrapped.

It was not immediately clear where the scammers had got people’s telephone numbers from.