The massive success of CryptoLocker starting September 2013 has spawned a number of rapidly growing ransomware families. More recent versions of this malware have learned a number of lessons, specifically CryptoWall V3.0. The malware delivery and encryption key management infrastructure are professionally developed and highly scalable. Moreover, this development team also realized that the weakest link in their architecture is the Command and Control (C&C) infrastructure which might be taken down by international law enforcement working together (for a change).
Cryptowall has a few other criminal innovations to hide how much money it is making. Paid ransom money is being split over a number of single, random generated Bitcoin wallets so that investigators no longer can determine the millions of dollars generated.
Version 3 of CryptoWall's C&C infrastructure is using the anonymous TOR network routing protocol making it very hard to estimate the magnitude of the botnet.
Nobody Is Safe
CryptoWall is very sophisticated and represent many years of experience designing criminal malware. One feature that stands out is the polymorphic builder that is used to create undetectable malware that bypasses every antivirus product.
Another tactic that hackers use to bypass antispyware vendors by creating and uploading thousands of ransomware samples only to test how many antiviruses detect it. If none detect a specific sample, that one is used to send to millions of unsuspecting end-users.
It's only a matter of time until ransomware evolves into being able to accept micropayments and start to hold hostage anything connected to the Internet.
It really is a must these days that end-users are stepped through effective security awareness training. Find out how affordable this is for your organization today.
(Hat Tip to Bogdan Botezatu from Bitdefender)
