We all thought that evil genius Evgeniy Bogachev had retired at the Black Sea with his tens of millions of ill-gotten gains after he became the FBI's #1 Most Wanted cybercriminal. Well, perhaps he ran out of money.
CryptoLocker is back big time. Researchers have spotted a sudden resurgence this year, specifically identifying clusters of attacks in Europe and the U.S.
For people new to the ransomware racket, Russian cybercrime gangs tend to test and debug their campaigns in Europe, and then attack America in full force. CryptoLocker is ransomware's still very potent granddaddy, and pioneered this highly successful criminal business model in September 2013, hundreds of copycats followed.
In a blog post our friend Larry Abrams from BleepingComputer wrote that the strain -- also known as Torrentlocker and Teerac -- started its comeback toward the end of January 2017, after being quiet the second half of 2016.
Larry pointed to stats from the ID-Ransomware website which show CryptoLocker infections jumped from a just handful to nearly 100 per day to more than 400 per day by February.
He also confirmed CryptoLocker's recent tsunami with Microsoft's Malware Protection Center, whose telemetry picked up on increased attacks against Europe, especially Italy. The phishing emails are designed to look secure and official because they are digitally signed, but it is all just social engineering to trick the recipient and get them to open attached .JS files that download and install CryptoLocker.
Check Point Software Technologies confirmed with SC Media that its researchers also observed a sudden rise in CryptoLocker attacks. The phishing emails attempt to trick recipients into opening a zipped HTML file. "The HTML contains JS file, which pulls a second JS file from an Amazon server, which executes the first one on memory," said Lotem
Finklesteen, threat intelligence researcher at Check Point.
"Then, after pulling two more JS files, CryptoLocker is served to the victim machine and being executed. The vast majority of the infections we observed this week were in the U.S. The second major target was Western Europe, especially Germany," said Finklesteen.
Ransomware as a global threat
Microsoft's Malware Protection Center blog stated: "Ransomware proved to be a truly global threat in 2016, having been observed in more than 200 territories. In the US alone, ransomware was encountered in more than 460,000 computers or 15% of global encounters. Italy and Russia follow with 252,000 and 192,000 ransomware encounters, respectively. Korea, Spain, Germany, Australia, and France all registered more than 100,000 encounters. Here is their geographic distribution chart.
Preventing Ransomware Infections
Which user will infect your network with ransomware? We've got something really cool for you: the new Phishing Security Test v2.0!
It's got several great new features, and sending simulated phishing emails to train your employees is a fun and an effective best practice to patch your last line of defense... your users.
The phish-prone percentage is usually higher than you expect and is great ammo to get budget. You can now find out the current Phish-prone percentage of your organization and who might infect your network with ransomware.
With Our Brand-New Phishing Test:
- You can customize the phishing test based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- Already did a phishing test in the past? For a limited time you can reset it yourself and do a new one.
Start phishing your users now. Fill out the form, and get started immediately. There is no cost.
Don't like to click on redirected buttons? Copy and paste this link in your browser:
Let's stay safe out there.
Founder and CEO, KnowBe4, Inc
(*) Allow 4-6 weeks for delivery.