Ransomware plague continues

The FBI’s Internet Crime Complaint Center—known as IC3—warns that a virulent form of ransomware, dubbed CryptoWall, continues to target U.S. individuals and businesses.

CryptoWall and variants have been used actively to target U.S. victims since April 2014. (See “Ransomware rising, FBI says”) The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.

Commenting on the recent warning, KnowBe4’s CEO Stu Sjouwerman says: “CryptoWall 3.0 is the most advanced cryptoransom malware at the moment. The $18 million in losses is likely much more, as many companies do not report their infections to the FBI and the downtime caused by these infections is much higher.”

How CryptoWall attacks

These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware variant, the victim’s files become encrypted and unavailable to the victim.

“Additional damage is caused when a workstation is infected and has a mapped drive to a shared file server,” says Sjouwerman. “At that point all the files are encrypted and a whole department is sitting on their hands. The impact to a business can be devastating.”

Sjouwerman noted that the current social engineering tactic is to attach a zip file that claims to be the resume of a girl. Opening the zip file shows a page that then downloads another zip file—which bypasses all antivirus software that may be installed on the local workstation.

In most cases, once the victim pays a ransom fee, access to the encrypted files is regained.

Most criminals involved in ransomware schemes demand payment in Bitcoin. Criminals prefer Bitcoin because it's easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

How to not be a victim

The FBI offers these tips to protect yourself:

• Always use antivirus software and a firewall. Obtain and use antivirus software and firewalls from reputable companies. Continually maintain both of these through automatic updates.

• Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, prevent them from appearing in the first place.

• Always back up your computer’s content. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, simply have your system wiped clean and then reload your files.

• Be skeptical. Don’t click on any emails or attachments you don't recognize, and avoid suspicious websites altogether. [See “You are the weakest link.”) Please use DanLINK to that article.

If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the internet to avoid any additional infections or data losses. Alert your local law enforcement personnel and file a complaint at www.IC3.gov.

Sjouwerman adds: “This clearly shows the employee is the weak link in IT security and there is a dire need for effective security awareness training as the first line of defense in preventing ransomware infections with the potential to shut down a business.”

[Note: KnowBe4 LLC hosts an integrated security awareness training and simulated phishing platform.]