Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


Crypto-jacker Leaves ICO In Its Wake

Crypto-jacker Leaves ICO In Its Wake

posted in Cyber-Security ● 15 Feb 2018

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all reparations and ensure organisations had data protection standards at a high level. Early 2018, however, has seen the ICO and a host of government websites, both UK and abroad, fall victim to a cyber-attack in the form of Crypto-jacker.


What is crypto-jacking?

A Crypto-jacker is a strain of malware which can silently mine cryptocurrency via an internet connected device, without knowledge or permission of the owner.

As with many strains of malware, a programme must be accessed or downloaded, typically from a browser, which will then begin to mine cryptocurrency in the background. This will use up resources, CPU and power, and more often than not, will give no benefit to the user whose machine is being utilised. User’s computers are likely to slow down while the mining operation is taking place, and general operations may be affected.


Hands up, this is a crypto-jacking!

It has been revealed that government websites in multiple countries have been compromised by the cryptojacker strain of code. Government sites affected include many British government sites including UK Student Loans, the ICO and also NHS services; US governmental sites were also affected, as was the Australian Queensland Government Portal.

Security researcher Scott Helme was able to trace the code found in the ICO website to a third-party plugin, Browsealoud, which is designed to assist visually impaired visitors on website domains. The plugin’s developers, Texthelp, confirmed that the plugin had been compromised to mine cryptocurrency. Following the attack Texthelp have launched an investigation into what occurred – releasing the following statement:

At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber-attack. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act.

Martin McKay, CTO and Data Security Officer went on to say, “In light of other recent cyber-attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.” Continuing to say, “Texthelp has in place continuous automated security tests for Browsealoud – these tests detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”

Raising the alarm

Following the crypto-jacking Helme, raised the alarm about the malware after he received a message from a friend whose antivirus software had detected an issue after visiting a UK government website.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” Helme told Sky News. “Someone just messaged me to say their local government website in Australia is using the software as well.”

“If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the one website that they all load content from,” Helme noted. “In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”

For a period of time the ICO website was unavailable. This only goes to show that cyber Threats are everywhere, with everyone at risk of an attack – even the governing body of the soon to be introduced GDPR legislation.


To learn more about cybersecurity and data protection regulations, such as the upcoming GDPR, get in touch with Redstor today.

What is data immutability and can it be achieved for backups?

Something that is ‘immutable’ will by definition never change or cannot be changed.


Continue reading

Redstor named Hosted Cloud Vendor of the Year

Redstor was named Hosted Cloud Vendor of the Year at the 2022 Technology Reseller Awards. Andy Kerr, Redstor’s head of marketing in Europe, is pictured receiving the award with colleagues Harpal Chima, Tom Walker, Kim Reddy and Alan Manicom at the London Hilton Bankside Hotel.

Continue reading

Redstor wins IT Europa Channel Award

Redstor was named Connected Technologies Vendor of the Year at the IT Europa Channel Awards. Gareth Case, Redstor’s Chief Marketing Officer, is pictured receiving the award with Brian Evans, Adele Quinn and Lara Sibley at the Royal Lancaster Hotel, London.

Continue reading

Download The Ultimate MSP Growth Guide

  • This field is for validation purposes and should be left unchanged.