A brand new report from the Cyber Threat Alliance (CTA) showed the staggering damage caused by a single Eastern European cyber mafia. The CTA is an industry group with big-name members like Intel, Palo Alto Networks, Fortinet and Symantec and was created last year to warn about emerging cyber threats.
We have warned here many times about the pervasiveness of CryptoWall, a new strain of ransomware which has Cryptolocker as its predecessor. CryptoWall poses a danger to both consumers and businesses. If a machine is infected and there is no recent backup, the files are lost forever. This is highly sophisticated code, with bullet proof encryption.
The CTA chose CryptoWall as its first major project, discovered over 4,000 malware samples relating to CryptoWall 3.0 and well over 800 URLs of Command & Control servers. The area most targeted was the USA, likely because it is a target-rich environment. Around half of all CryptoWall victims were American.
Over 406,000 attempted infections were discovered by the CTA researchers — primarily phishing emails which were 67.3% and Exploit Kits (EK) which were 30.7%. The majority of the phishing emails were sent in the January-April 2015 time frame, with the attackers changing their tactics in May when they concentrated more on exploit kits like the Angler EK.
The CTA did a thorough analysis of all the Bitcoin paid, and came to the conclusion that despite a complex scheme, all monies paid ultimately flowed to the same criminal gang.
The report paints a picture of a professionally-run operation with unbreakable encryption which means most businesses infected are forced to make a pragmatic decision to pay the ransom, normally around 500 dollars. The real cost is not the ransom, it is the downtime caused by data not being accessible and IT (overtime) hours to fix things, and sometimes whole departments sitting on their hands.
Even an FBI agent last week was quoted that if you had no backup, it was best to pay the ransom to get your files back.
“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, CryptoWall, and other strains.
SophosLabs threat researcher Anand Ajjan says CryptoWall has the same code as CryptoLocker, and only differs in the name. The evil genius behind both ransomware strains is FBI’s most wanted list of cybercriminals: Russian hacker Evgeniy Bogachev. Bogachev, the authorities believe, was responsible for operating both GameOver Zeus which captures banking credentials and then authorize transfers from their accounts and CryptoLocker which together have infected hundreds of thousands of machines.
You could almost see a ransomware infection as a security audit - or a shot across the bow if you will - that points to a painful deficiency in your defense-in-depth which needs urgent fixing. Relying on antivirus clearly does not cut it anymore.
Since one of the major CryptoWall infection vectors is email, it makes a lot of sense to step your end-users through effective security awareness training which can prevent potentially very expensive ransomware infections caused by phishing emails. Find out how affordable this is for your organization and be pleasantly surprised:
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
Join us on Thursday, November 5, 2015, at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:
- Get a baseline, send a phishing test to your users to get your Phish-prone percentage.
- Easily roll out training campaigns for all users (or groups).
- Automated enrollment and follow-up emails to “nudge” users who are incomplete on the training.
- Send frequent phishing tests to keep your users on their toes with security top of mind.
- Point-of-failure training auto-enrollment.
- Reporting to watch your organization's phish-prone percentage drop, with great ROI.
Find out how more than 2,000 organizations have mobilized their end-users as their first line of defense.
Register Now: https://info.knowbe4.com/webinar-kevin-mitnick-security-awareness-training