CyberheistNews Vol #5 #47 CryptoWall Damage 325 Million - FBI says: "Just Pay the Ransom"

A brand new report from the Cyber Threat Alliance (CTA) showed the staggering damage caused by a single Eastern European cyber mafia. The CTA is an industry group with big-name members like Intel, Palo Alto Networks, Fortinet and Symantec and was created last year to warn about emerging cyber threats.

CyberHeist News CyberheistNews Vol #5 #47 Nov 3, 2015
CryptoWall Damage 325 Million - FBI says: "Just Pay the Ransom"
Stu Sjouwerman

A brand new report from the Cyber Threat Alliance (CTA) showed the staggering damage caused by a single Eastern European cyber mafia. The CTA is an industry group with big-name members like Intel, Palo Alto Networks, Fortinet and Symantec and was created last year to warn about emerging cyber threats.

We have warned here many times about the pervasiveness of CryptoWall, a new strain of ransomware which has Cryptolocker as its predecessor. CryptoWall poses a danger to both consumers and businesses. If a machine is infected and there is no recent backup, the files are lost forever. This is highly sophisticated code, with bullet proof encryption.

The CTA chose CryptoWall as its first major project, discovered over 4,000 malware samples relating to CryptoWall 3.0 and well over 800 URLs of Command & Control servers. The area most targeted was the USA, likely because it is a target-rich environment. Around half of all CryptoWall victims were American.

Over 406,000 attempted infections were discovered by the CTA researchers — primarily phishing emails which were 67.3% and Exploit Kits (EK) which were 30.7%. The majority of the phishing emails were sent in the January-April 2015 time frame, with the attackers changing their tactics in May when they concentrated more on exploit kits like the Angler EK.

The CTA did a thorough analysis of all the Bitcoin paid, and came to the conclusion that despite a complex scheme, all monies paid ultimately flowed to the same criminal gang.

The report paints a picture of a professionally-run operation with unbreakable encryption which means most businesses infected are forced to make a pragmatic decision to pay the ransom, normally around 500 dollars. The real cost is not the ransom, it is the downtime caused by data not being accessible and IT (overtime) hours to fix things, and sometimes whole departments sitting on their hands.

Even an FBI agent last week was quoted that if you had no backup, it was best to pay the ransom to get your files back.

“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”

Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, CryptoWall, and other strains.

SophosLabs threat researcher Anand Ajjan says CryptoWall has the same code as CryptoLocker, and only differs in the name. The evil genius behind both ransomware strains is FBI’s most wanted list of cybercriminals: Russian hacker Evgeniy Bogachev. Bogachev, the authorities believe, was responsible for operating both GameOver Zeus which captures banking credentials and then authorize transfers from their accounts and CryptoLocker which together have infected hundreds of thousands of machines.

You could almost see a ransomware infection as a security audit - or a shot across the bow if you will - that points to a painful deficiency in your defense-in-depth which needs urgent fixing. Relying on antivirus clearly does not cut it anymore.

Since one of the major CryptoWall infection vectors is email, it makes a lot of sense to step your end-users through effective security awareness training which can prevent potentially very expensive ransomware infections caused by phishing emails. Find out how affordable this is for your organization and be pleasantly surprised:

Don't Miss This Live Demo: New School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Thursday, November 5, 2015, at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

    • Get a baseline, send a phishing test to your users to get your Phish-prone percentage.

    • Easily roll out training campaigns for all users (or groups).
    • Automated enrollment and follow-up emails to “nudge” users who are incomplete on the training.
    • Send frequent phishing tests to keep your users on their toes with security top of mind.
    • Point-of-failure training auto-enrollment.

    • Reporting to watch your organization's phish-prone percentage drop, with great ROI.

Find out how more than 2,000 organizations have mobilized their end-users as their first line of defense.

Register Now:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Nine tenths of education is encouragement."- Anatole France, Novelist

"Education is the most powerful weapon which you can use to change the world."
- Nelson Mandela

Thanks for reading CyberheistNews

Security News
This Week's Five Most Popular HackBusters Posts
    1. EU Parliament Clears a Path to Give Snowden Asylum:

    2. Anonymous Vows To Leak Personal Information of 1,000 KKK Members:

    3. Biggest Complimentary Hosting Company Hacked; 13.5 Million Plaintext Passwords Leaked:

    4. Judge rules man had right to shoot down drone over his house:

    5. Jeremy Clarkson Fire TV Stick Commercial. Riot:
Survey: Most Employees Take Online Risks with Employers’ Safety

Some 93% of office workers engage in some form of risky online habits that could jeopardize their employer or customers, according to a survey by Intermedia.

Millennials are most likely to breach the personal and professional computing divide by installing apps without company approval, saving company files to personal cloud storage or engaging in other unsafe practices.

One in three IT pros has given out their credentials to other employees (compared to 19% across all respondents), while nearly 30 percent said they have accessed systems belonging to previous employers after they left the job (compared to only 13% among all respondents). A third said they would take data from their company if it would benefit them – nearly three times the rate of general business professionals.

And with a margin of error ±2.17% at a 95% confidence interval, the results fly in the face of conventional wisdom: it’s the workers that are most familiar with technology that often cause the biggest risks.

Read more about the new survey by Intermedia here:

A Hardware Wallet That Secures Your Virtual Money

Now this is something interesting. Dave Chapelle at Securebuzz wrote about a new way to protect your Bitcoins.

"Developers of the Bitcoin hardware wallet have celebrated its active use in 100 countries. TREZOR is designed to eliminate the need for 3rd party services to secure bitcoins, enabling security and simplicity for bitcoin users.

If you’re unfamiliar with Bitcoin, you can catch up with some history and check current Bitcoin value. As a virtual currency Bitcoin is a hacker target. In 2013 when the Bitcoin price rose to a 1,000 dollars, Kaspersky Labs began including Bitcoins in its research on financial cyber threats. That’s when SatoshiLabs began work on a hardware wallet.

'This is the first real end user solution to losing Bitcoins,' said SatoshiLabs CEO Alena Vranova. 'The concept comes from the premise that computers and phones are designed to share data. Hackers are always ahead. Whatever is valuable – your money, your data – has to go offline, where it’s not reachable by hackers.'" More at:

6 Tips For Your Security Awareness Training

CSO has a good short slide show with awareness tips. Security experts remind us that awareness is an ongoing effort. Here are some best practices for keeping your organization educated and aware year-round.

Social Experiment: 200 USB Flash Drives Left In Public Locations

Nearly one in five people who found a random USB stick in a public setting proceeded to use the drive in ways that posed cybersecurity risks to their personal devices and information and potentially, that of their employer, a recent experiment conducted on behalf of CompTIA revealed.

“We can’t expect employees to act securely without providing them with the knowledge and resources to do so,” said Todd Thibodeaux, president and CEO, CompTIA. “Employees are the first line of defense, so it's imperative that organizations make it a priority to train all employees on cybersecurity best practices.”

Yet according to a survey of 1,200 full-time workers across the U.S., 45 percent say they do not receive any form of cybersecurity training at work. Among companies that do administer cybersecurity training, 15 percent still rely on paper-based training manuals. More here:

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews