Menu
Banking Exchange Magazine Logo
Menu

Ransomware plague continues

CryptoWall enables $18 million in thefts over 14 months

 
 
Ransomware plague continues

The FBI’s Internet Crime Complaint Center—known as IC3—warns that a virulent form of ransomware, dubbed CryptoWall, continues to target U.S. individuals and businesses.

CryptoWall and variants have been used actively to target U.S. victims since April 2014. (See “Ransomware rising, FBI says”) The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.

Commenting on the recent warning, KnowBe4’s CEO Stu Sjouwerman says: “CryptoWall 3.0 is the most advanced cryptoransom malware at the moment. The $18 million in losses is likely much more, as many companies do not report their infections to the FBI and the downtime caused by these infections is much higher.”

How CryptoWall attacks

These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware variant, the victim’s files become encrypted and unavailable to the victim.

“Additional damage is caused when a workstation is infected and has a mapped drive to a shared file server,” says Sjouwerman. “At that point all the files are encrypted and a whole department is sitting on their hands. The impact to a business can be devastating.”

Sjouwerman noted that the current social engineering tactic is to attach a zip file that claims to be the resume of a girl. Opening the zip file shows a page that then downloads another zip file—which bypasses all antivirus software that may be installed on the local workstation.

In most cases, once the victim pays a ransom fee, access to the encrypted files is regained.

Most criminals involved in ransomware schemes demand payment in Bitcoin. Criminals prefer Bitcoin because it's easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

How to not be a victim

The FBI offers these tips to protect yourself:

Always use antivirus software and a firewall. Obtain and use antivirus software and firewalls from reputable companies. Continually maintain both of these through automatic updates.

Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, prevent them from appearing in the first place.

Always back up your computer’s content. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, simply have your system wiped clean and then reload your files.

Be skeptical. Don’t click on any emails or attachments you don't recognize, and avoid suspicious websites altogether. [See “You are the weakest link.”) Please use DanLINK to that article.

If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the internet to avoid any additional infections or data losses. Alert your local law enforcement personnel and file a complaint at www.IC3.gov.

Sjouwerman adds: “This clearly shows the employee is the weak link in IT security and there is a dire need for effective security awareness training as the first line of defense in preventing ransomware infections with the potential to shut down a business.”

[Note: KnowBe4 LLC hosts an integrated security awareness training and simulated phishing platform.]

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected].

back to top

Sections

About Us

Connect With Us

Resources

WEBINAR

Mitigating loss: Understanding the fraud triangle

Time/Date: Wednesday, December 11th, 2024, 2:00 ET

Fraud continues to be top of mind for bank executives, with hard dollar losses growing at an all-time high.

In this session, we will discuss the fraud triangle and gain valuable insights into the psychology behind fraud, and the tangible and intangible losses incurred due to fraud schemes.

You will come away with a comprehensive understanding of how the fraud triangle applies to your customers, various types of fraud affecting community banks, and actionable steps to mitigate their impact.

REGISTER NOW!

This webinar is brought to you by:

Abrigo logo

Banking Exchange logo