A new form of ransomware is on the loose, filling the void left by CryptoLocker. Several security blogs are warning IT pros about “Cryptowall”, which leverages social engineering and security exploits to encrypt its victims’ files.
Ronnie Tokazowski at PhishMe.com wrote an analysis of Cryptowall, explaining how users around the world have lost access to thousands of files after failing to pay the ransom.
Cryptowall tricks users into downloading infected attachments or clicking infected advertisements, and then takes advantage of security gaps in Silverlight, Flash, and Java to make its way onto computers, according to an alert from SANS Internet Security Center.
Like CryptoLocker, Cryptowall encrypts your files and then presents a warning screen, which walks you through how to pay the ransom. The perpetrators are asking for a $500 ransom to start, and raise the price to $1,000 if you fail to pay by your assigned deadline.
According to Tokazowski, Cryptowall’s organizers have earned at least $80,000 in ransom payments so far.
How do you avoid a Cryptowall infection?
Ask your SMBs to keep an eye out for emails containing suspicious Dropbox links that inform the user of a new voicemail or incoming fax report. We’ve included a few screenshots of these emails, originally taken by Tokazowski, to the right.
And many of the security best practices we included in our Cryptolocker defense guide are also relevant here: Instruct your users to never open suspicious emails or attachments, and keep your antivirus and antimalware software updated.
Of course, we always suggest backing up your data on regular basis. If you have a clean backup you can easily restore an infected SMBs’ clean data without having to pay the ransom.
In a positive bit of news, it appears CryptoLocker may be on the ropes. The FBI said yesterday it’s targeting Russian national Evgeniy Mikhailovich Bogachev as the potential mastermind behind both CryptoLocker and Gameover Zeus, both of which have brought in more than $100 million in ransom.
The U.S. Justice Department launched “Operating Tovar” this spring, with the ultimate goal of shutting down the massive network of computers controlled by Zeus and finding the culprit behind both that malware and CryptoLocker. It appears their efforts worked – reports say CryptoLocker stopped working in early June, and that the FBI was able to free 300,000 computers from Zeus.
Paul Hanley is a Partner Support Engineer for Intronis.