Security Awareness Training Blog

    New Ransomware CryptoFortress Encrypts Unmapped Network Shares

    Used to be that ransomware only looked at hard drive C:, and then any other mapped drives like D:, E:, F: etc., but now a whole new malicious strain that has stolen the same look feel of TorrentLocker called CryptoFortress was discovered yesterday by security researcher Kafeine. It would be a bit much to call this a new generation, but it certainly is a powerful new feature.

    CryptoFortress is distributed by the Nuclear Pack exploit kit and includes the new and nasty feature of being able to encrypt files over network shares even if they are not mapped to a drive letter. Normally when ransomware encrypts your data it does so by retrieving a list of drive letters on a computer and then encrypting any data on them. There is a great post over at We Live Security that explains the differences between TorrentLocker and CryptoFortress.

    Therefore any network shares on the same network would be safe as long as they were not mapped to a drive letter. Unfortunately this all changes with CryptoFortress as this ransomware will also attempt to enumerate all open network Server Message Block (SMB) shares and encrypt any that are found.

    As you can see from the image below, CryptoFortress is successfully able to encrypt the file test.txt in an open share over SMB on a test network. This new ability changes the threat landscape for all server and network administrators and it is even more important than ever to properly secure your shared folders with strong permissions. 

    CryptoFortress Ransomware Encryption

    At the moment, it looks like the infection vector is Exploit Kits sitting on compromised websites, so that means patch workstations religiously, tighten up proxy and/or firewall rules, and possibly tell people to be careful out there (Maybe only Facebook?) if they surf the web on company workstations. TrendMicro has a good analysis of this new strain and also appears to have instructions for how to restore your files. 

    The full post with more detail is over at the BleepingComputer forum. More news to follow about this later I'm sure. 

    The best way to protect yourself is through high quality end user security awareness training.

    For more information click below to download our Security Awareness Training Effectiveness Report.

    Download Whitepaper

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews