CryptoWall Ransomware Still Running Rampant

Greg Edwards

 CryptoWall is a Trojan virus whose purpose is to lock your files and hold them for ransom. Money-in-the-caseFor cybercriminals, it is one of the most profitable tools they have at their disposal. According to US-Cert (Homeland Security’s cyber division), 2.9% of users infected with CryptoWall will pay the ransom.I started WatchPoint Data because I was tired of seeing clients of my offsite backup company hit with CryptoWall and other ransomware. While backups could always be restored, there was inevitably downtime, anxiety and loss of productivity. Over a 3 year period, 17.24% of my clients were hit.

Just this week, 6 backup clients have been infected and experienced some level of downtime because of the newest variants of CryptoWall. The bad actors creating these viruses will continue evolving their malicious code to stay ahead of traditional anti-virus and preventive measures.

2.9% will pay

People always ask, “Why are viruses and malware created?” Plain and simple, it’s for the money. Let’s do a little math exercise. If 2.9% of people will pay the ransom (according to the US Department of Homeland Security) and you can infect 5,700 per day at $200 per ransom that amounts $33,060 per day. That is almost a million dollars a month.

2.9% X 5,700 X $200 X 30 days = $991,800

Before finally being shut down, experts were seeing an average of 5,700 new infections of CryptoLocker (the precursor to CryptoWall) per day, with spikes as high as 8,000 per day.

So, what does CryptoWall do?

CryptoWall is known as a Trojan because it comes as a seemingly harmless email attachment or link that has a nasty payload inside. You get an email that for example says “Your package was delivered, click here for details” or “Your account is past due, attached is the overdue invoice.” You think, I’m not behind on any invoices – then click, boom, bang you are infected. The worst part is you don’t know it yet…

The PDF file you just opened was from Joe’s Repair Shop. You close it and decide that it must have been sent to the wrong person. Nope, it was sent to exactly the right person if you are a hacker from Russia. Behind the scenes, the Trojan is running its payload, and you won’t see any issues for a day or two.

When you finally find out that you are infected, it’s too late. When you go to open that Excel file you were working on yesterday, you get a message like this instead:CryptoLocker Pic

From the moment that you opened that bogus invoice attachment, your files have been being encrypted. Not just Microsoft office files, but any file type the hacker thought might be important. Now what? Panic sets in. Do I have good backups? When was the last backup? Should I pay the ransom? Who do I call first?

How did I get infected?

Most of the time after a malware infection when you try to figure out what happened, there are few answers. WatchPoint Data records the last 30 days of all network activity and can play it back to see the infection exactly as it occurred and where it originated.

Quick Wins to Combat Cybercrime

1) Patch Management - Make sure every piece of software on your network is up to date. If you are going to do one thing to help protect yourself start doing Patch Management.

2) Use a centralized Anti-Virus system. Even though AV is only about 47% effective you should still make sure it is up to date and running on all stations.

3) Educate your users to recognize potentially threatening emails and web links. Everyone should be wary about clicking on anything from within an email, even if it is from someone you know. If you don't trust it or aren't expecting it, don't open it.

Or simply hire professions that spend all day, everyday defending networks just like yours. WatchPoint Data can protect you from the criminals lurking in the shadows of the Internet. Contact us today for a free vulnerability assessment that will show you exactly where you are vulnerable and what to do about it.

Latest Crypto Behaviour

 

Share this: