Security

Java vulnerability Log4Shell

Last edit 2021-12-14

The Java vulnerability came to our attention on Sunday, Dec 12. While we do not use Java in our applications we have been thoroughly checking all our systems if any subsystems may have used the affected Log4J library.
Today we can state that Gokhale Method is not affected by the vulnerability Log4Shell.

We are in the process of getting the same confirmation from all other 3rd party services that are connected to our systems.

Past issues

Last edit 2018-10-31

Unfortunately in September 2018 some email accounts of our company were hacked. Our investigations show all databases containing student information are safe. Additionally we do not store any plain user passwords. However, attackers had access to some emails we sent out in the past.

We sent out a mail to all potentially affected users informing them about the threat.
If you did not receive an email from us, we found no evidence that your email address was potentially affected.

It seems the attackers are using the emails they were able to get a hold of to send emails with a Word document containing a virus.

What does the suspicious email look like?

Currently, we observed all the fake emails follow the same pattern:

• They seem to be a reply to an email you received from us in the past
• They contain the text

Morning.
Please see attached and confirm.

• They contain an attached word document named 'GokhaleMethod.doc'
  • This document contains a virus
• We have seen fake emails sent from the following email addresses:
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
• Some of the emails contain a faked footer:

What should I do?

If I received a suspicious email

We do not send out customer communications in Word or other Microsoft Office file formats. 

• DO NOT OPEN THE ATTACHMENT

Instead, please forward the email to [email protected]. 

If I opened the attachment

To our knowledge, the virus hides inside a macro in the Word document. We have identified the virus that has been sent as being a trojan downloader called O97M/Powdow. You can find more information about this virus on the Microsoft Defender page describing it.

• Please use a virus scanner and/or malware scanner to protect and scan your system
  • Currently, Avast is one of the most commonly used antivirus software solutions
  • In addition, MalwareBytes is highly ranked to clean already infected systems

In general

Several email providers and email clients scan all incoming mails automatically and remove or mark them if they contain malware. Nevertheless, it is always important to be cautious in the digital world. We recommend strongly to use additional antivirus software and to also regularly change passwords.

What did Gokhale Method do?

• We received first reports of emails being sent in our name over the weekend of Sept 28-Sep 30.
• We spent Monday, Oct 1 investigating what happened and securing our system.
• On Oct 2 and Oct 3 we sent out a mail to all potentially affected users informing them about the threat.
  If you did not receive an email from us, we found no evidence that your email address was potentially affected.
• On Oct 4 we informed all our newsletter recipients about the incident.

We are truly sorry to have to bother you with this and are not proud to have become a member of the long list of companies that have been the victim of a cyberattack. We will keep you updated and inform you when we learn something new.