FBI’s Internet Crime Complaint Center (IC3) issued an alert warning that U.S. individuals and businesses are still at risk of CryptoWall ransomware fraud. Scam perpetuators demand ransoms ranging from $200 to $10,000.
Between April 2014 and June 2015, IC3 reported receiving 992 complaints about CryptoWall resulting in $18 million in losses. Many victims also spend additional money on such things as legal fees, tech help and credit-monitoring services following the intrusion.
“CryptoWall 3.0 is the most advanced crypto-ransom malware at the moment. The $18 million in losses is highly likely much more, the downtime causes by these infections is a multiple of that.” Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based security awareness training provider Knowbe4, warned.
“Ransomware is a very profitable business. Ransomware attacks are going to continue to be very successful, since they attack how humans interact and use technology – in simple form, such as emails with malicious attachments,” Ondrej Krehel, founder/principal of cybersecurity intelligence firm LIFARS stated.
Victims usually end up with the ransomware by clicking on either an attachment to an email or an infected advertisement or by visiting a contaminated website. The ransomware encrypts the victim’s device, preventing its use.
“The ransom is usually demanded with a tight deadline,” Krehel explained. “If victims fail to meet the deadline, the crooks will increase the price for restoring access to files.” He added, ransomware payments are very common and prices are set on the lower end so victims do not engage professional firms, since the cost of their services would be higher than the ransom.” Ransom payment usually releases the device.
Starting out as an imitation (in both appearance and behavior) of the notorious CryptoLocker since at least November 2013, the ransomware threat received the name CryptoDefense in mid-March 2014, its authors settling for the CryptoWall moniker in early May 2014.
Sjouwerman explained that the current social engineering tactic is attaching a zip file that claims to be the resume. Opening the zip file shows a page that then downloads another zip file, which bypasses all antivirus software that sit on the workstation. “The employee is the weak link in IT security and effective security awareness training is the first line of defense in preventing ransomware infections.”
Additional damage results when an infected workstation is mapped drive to a shared file server, Sjouwerman points out. “At that point all the files are encrypted and a whole department is sitting on their hands.”
“The sad reality is that the only way to stop this from happening is by not paying the ransom, if victims continue paying it, the crooks will continue to do it,” Krehel suggested, adding, end user protection can help, since some vendors do not allow the process to run, even if user already clicks or open malicious attachment .”
Here are some tips from IC3 to help protect against CryptoWall:
- Use a firewall and antivirus software from a reputable company and allow automatic updates.
- Use popup blockers.
- Back up your device’s content elsewhere.
- Don’t click on emails or attachments from sources you don’t recognize, and stay away from sketchy websites.
- Immediately disconnect from the Internet when alerted to an infection on a device.