Pierluigi Paganini June 24, 2015

Between April 2014 and June 2015, the IC3 received 992 CryptoWall related complaints, with victims reporting losses totaling over $18 million.

Cryptowall is one of the most nefarious ransomware in the wild, in twelve months the FBI has estimated that the overall losses were more than $18 million. Ransomware implements a classic extortion scheme typically demanding that victims pay ransom in Bitcoin or other virtual currency.

Early this month, the security expert Michael Fratello has analyzed a new malicious phishing campaign that is spreading the dreaded CryptoWall ransomware in the wild confirming that the malware is still considered a privileged instrument by criminal gangs.

The FBI recently issued an alert to highlight the possible financial impact on victims and confirmed that CryptoWall is still the most active malware belonging to the ransomware family.

“Data from the FBI’s Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses.” reads the alert from the FBI’s Internet Crime Complaint Center.

The Cryptowall ransomware is typically served through phishing email or by using exploit kit hosted on web sites visited by the victims..

Cryptowall encrypts the files on the infected computers and then demands a ransom in order to obtain the decryption key and restore them.

The security experts have observed several improvements for the Cryptowall ransomware, they have observed several strains of the malware over the last months.

In January 2015 Researchers at Cisco’s Talos group published an analysis of a variant (also called Cryptowall 2.0) that utilizes TOR to obfuscate the command and control channel, meanwhile a variant Cryptowall 3.0 was discovered by Microsoft and adopted I2P Anonymity Network for C&C Communications.

When experts analyze the financial impact to victims of Cryptowall must consider not only the ransomware itself by also additional costs, including loss of productivity and mitigation countermeasures.

“The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.” continues the alert.

Let me close with the tips provided by the FBI:

• Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies. It’s also important to continually maintain both of these through automatic updates.
• Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.
• Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
• Be skeptical. Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether.

Pierluigi Paganini

(Security Affairs – Cryptowall, ransomware)