Malware comes in waves. CryptoLocker was the first major, vicious ransomware, and set off a bunch of copycats. Recently 16 competing ransomware gangs were identified. After CryptoLocker got dinged by Operation Tovar in June, the new kid on the criminal block is CryptoWall.
The former CryptoLocker wannabe has netted 625,000 infected systems (80,000 more than CryptoLocker) and more than $1 million in ransom money up to now according to a new report by Dell SecureWorks' Counter Threat Unit (CTU).
They stated in a new threat intelligence report they "consider CryptoWall to be the largest and most destructive ransomware threat on the Internet as of this publication, and they expect this threat to continue growing."
CryptoWall social engineers an end-user, infects an endpoint, and encrypts what it can get access to: hard disks, removable drives, network drives, and even cloud storage services that are mapped to a targeted file system. Attack vectors include exploit kits, drive-by-downloads and infected email attachments.
CryptoWall has encrypted 5.25 billion files. Victims pay ransoms ranging from $200 to $2,000 apiece, however one victim paid $10,000. Over the course of six months CryptoWall criminals extorted 1,683 victims to pay up and made over $1 Mil in ransom money.
Compared to CryptoLocker's first 2 months ($27) Mil that's not all that much but they do not provide a lot of payment options compared to CryptoLocker which provided the much easier MoneyPak option. CryptoWall only allows Bitcoin which are hard to come by for people that have no wallet set up.
"The threat actors behind this malware have several years of successful cybercrime experience and have demonstrated a diversity of distribution methods," the report said. "As a result, CTU researchers expect this threat will continue to grow."
Remember that KnowBe4's Kevin Mitnick Security Awareness Training comes with a crypto-ransom guarantee. If an employee who has taken our training and received at least one phishing security test per month clicks on a link and infects their workstation, KnowBe4 pays your crypto-ransom. Find out how affordable this is for your organization now: