ByteTime Blog

Cryptowall: the Latest in Ransomware and Cyber Crime

Kimberli Bowman - Wednesday, November 05, 2014
Have you heard of it? Here are the dirty details…and YOU NEED TO KNOW! This can affect your office, your home, your life as you know it…and the threat is REAL. Very, very real.

 

WHAT IT IS:

Over the last year, authorities have been fighting a series of ransomware viruses — first CryptoLocker, then CryptoDefense, and now Cryptowall. CryptoLocker infected over 500,000 computers and although only 1.3% of the victims paid the ransom, the criminals are believed to have made about $3 million dollars….and that number grows every single day.

 

HOW YOU GET INFECTED:

The ransomware typically enters a system by masquerading as a legitimate program update. Usually these programs are well-known, such as Java, Flash Player, or Adobe Reader. CryptoWall can also infiltrate a system through an infected email attachment….from someone you know and trust!!

 

WHAT YOU CAN DO…NOW!!

 

DEFENSE AND PREVENTION:

First and foremost, users should have current anti-virus software on their computers. In general, all software programs should be kept up-to-date with the latest security enhancements. Do you have them? If you are not sure – call on the expert team at Byte Time Computing, Inc. 800.281.7611.

Suspicious websites should be avoided at all costs. Users should never open emails that appear suspect or were sent by entities that they don't trust. Similarly, users should never download attachments that they're not expecting – even if they come from someone they know and trust. These statements may seem intuitive, but the spread of ransomware is driven almost entirely by the behavior of careless and unsuspecting victims.

 

Additionally, files should be regularly backed up. Ideally, one backup copy should be stored through a cloud-based service that backs up daily and provides for access from anywhere. The second backup should be on an external hard drive. Users should update this copy on a weekly or monthly basis.

 

Once a computer has been infected, users should also be concerned about their networked devices. CryptoWall victims have found that the malware can infect connected drives through the network. Users should carefully examine these devices to see if they have been compromised as well.

 

Threats like CryptoWall pose serious challenges to businesses across the globe. Being aware of these issues is the first step in combating them. For assistance with the prevention of CryptoWall, or possible recovery, contact us today: 800.281.7611.

 

WANT THE DETAILS?

 

Here is our article in full:

Over the last year, authorities have been fighting a series of ransomware viruses — first CryptoLocker, then CryptoDefense, and now Cryptowall. CryptoLocker infected over 500,000 computers and although only 1.3% of the victims paid the ransom, the criminals are believed to have made about $3 million dollars.

 

In June 2014, the US Justice Department began a multinational campaign to eradicate CryptoLocker. Department officials then announced that they had managed to neutralize it. Unfortunately, their efforts may have been a case of too little, too late as two new versions appeared: CryptoDefense and the malware's newest iteration, CryptoWall.

 

CryptoWall appears to have been derived from CryptoDefense, a shortlived and unsuccessful version. Unlike CryptoDefense, CryptoWall infected around 625,000 systems in six months according to an August 2014 report from Dell researchers. The report revealed CryptoWall encrypted 5.25 billion files and netted criminals over $1.1 million from March to August. CryptoWall's reach is expected to grow. The analysts described it as the largest, most devastating ransomware threat on the Internet.

 

CRYPTOWALL’S MODUS OPERANDI:

The ransomware typically enters a system by masquerading as a legitimate program update. Usually these programs are well-known, such as Java, Flash Player, or Adobe Reader. CryptoWall can also infiltrate a system through an infected email attachment.

 

Cyber security professionals have also warned about the criminals using exploit kits. This term refers to web pages with pre-packaged methods for sending malware. This means that in some cases, an ill-advised download is not necessary in order to spread CryptoWall. Victims can instead become infected just by visiting a website with a hidden exploit kit.

 

Once the system is infected, CryptoWall will begin encrypting its files. These protocols use twin encryption keys. The public key locks the files and the private one unlocks it. While this method may sound simple, it has been touted as nearly uncrackable.

 

Digital criminals have also developed offshoots of the basic CryptoWall virus. These new versions can infect mobile devices as well as personal computers.

 

After CryptoWall encrypts the system's data, the ransomware will display a warning. This tells victims that their files have been "irrevocably changed," and that they will not be able to work with them or even see them.

 

The ransom note demands that people pay several hundred dollars in order to free their files. Victims are directed to the Tor network, where payment can be received anonymously. They also face a ticking clock, since the criminals generally threaten to double the ransom if they do not pay within a few days.

 

AUTHORITIES’ ONGOING WAR, AGAINST RANSOMWARE:

 

As part of law enforcement's crackdown on ransomware, the FBI in June 2014 put Evgeniy Mikhailovich Bogachev on its list of most wanted criminals. The authorities have accused him of committing bank fraud, wire fraud, computer fraud, money laundering, and aggravated identity theft. Bogachev is believed to be the man behind CryptoWall's predecessor, CryptoLocker.

 

While the US government was shutting down his criminal network, a group of private cyber security professionals was hard at work on recovering the stolen data. In August, they announced that they had uncovered the encryption keys used to hijack people's data. They also created a website where victims can receive the key needed to unlock their files.

 

While these efforts crippled CryptoLocker, they left CryptoWall unaffected. As of this publication, the ransomware is still at large and IT experts have yet to find a remedy for it. Thankfully, there are a number of ways that users can protect themselves.

 

DEFENSE AND PREVENTION:

 

First and foremost, users should have current anti-virus software on their computers. In general, all software programs should be kept up-to-date with the latest security enhancements.

 

Suspicious websites should be avoided at all costs. Users should never open emails that appear suspect or were sent by entities that they don't trust. Similarly, users should never download attachments that they're not expecting. These statements may seem intuitive, but the spread of ransomware is driven almost entirely by the behavior of careless and unsuspecting victims.

 

Additionally, files should be regularly backed up. Ideally, one backup copy should be stored through a cloud-based service that backs up daily and provides for access from anywhere. The second backup should be on an external hard drive. Users should update this copy on a weekly or monthly basis.

 

Once a computer has been infected, users should also be concerned about their networked devices. CryptoWall victims have found that the malware can infect connected drives through the network. Users should carefully examine these devices to see if they have been compromised as well.

 

Threats like CryptoWall pose serious challenges to businesses across the globe. Being aware of these issues is the first step in combating them. For assistance with the prevention of CryptoWall, or possible recovery, contact us today: 800.281.7611.

 

Does it all seem overwhelming? Don’t know how to do this – or – don’t have the time? Files too big for your current system to handle? Call Byte Time. Let us manage this FOR you! We will set up your network so that your files and data are managed – and protected – for you. You won’t have to add a single step to your work load. As a matter of fact…IT life will get easier as you will now have a whole team of experts at your fingertips for more than just safety from ransomware!

 

Call Byte Time Computing, Inc at 800.281.7611. Our experienced sales and technology team will do a complimentary on site assessment of your current IT systems.