KnowBe4 Warns of Onslaught of New Ransomware Strains

KnowBe4 Warns of Onslaught of New Ransomware Strains

These new capabilities of cryptoware change the threat landscape for all server and network administrators and it is even more important than ever to properly secure your shared folders with strong permissions.

In a worrying trend, cybercriminals have launched another ransomware attack wave with several new malicious strains hitting both businesses and consumers alike. A new strain of CryptoWall has hit end users with phishing emails containing malicious .chm attachments (the extension used for help files) infecting networks with the most sophisticated ransomware to date. A newly discovered strain called CryptoFortress was discovered last week that has the look of TorrentLocker but is able to encrypt files over network shares even if they are not mapped to a drive letter. Law firm Ziprick and Cramer LLP of California began notifying clients on February 27th of a ransomware attack by a new “CryptoLocker-like” variant that infected one workstation and was spread to their server.

It doesn’t end there. Another new ransomware called TeslaCrypt attempts to cash in on the $81 billion gamer market by placing a strong emphasis on encrypting video game related files. Unlike other ransomware that typically target images, documents, videos, and application databases, TeslaCrypt also targets over 40 different video game related files such as RPG Maker, Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, and Steam.

Stu Sjouwerman, CEO of KnowBe4 stated, “These new capabilities of cryptoware change the threat landscape for all server and network administrators and it is even more important than ever to properly secure your shared folders with strong permissions. Between increasingly sophisticated phishing emails and exploit kits on compromised websites, users need to be trained to recognize threats with effective security awareness training. System administrators should also patch workstations religiously and tighten up proxy/firewall rules.”

CryptoWall 3.0 is the most recent version of CryptoLocker and hides its malicious payload as an attachment. The latest wrinkle is that the fake "incoming fax report" email looks to the user to come from a machine in their own domain. Discovered by BitDefender in late February 2015 with global targets, this version encrypts the files of all mapped drives and demands a $500 ransom in Bitcoin. Cybercriminals use .chm files to automatically execute malware once the file is accessed.

CryptoFortress includes the new and nasty feature of being able to encrypt files over network shares even if they are not mapped to a drive letter. Normally when ransomware encrypts data it does so by retrieving a list of drive letters on a computer and then encrypting any data on them. Therefore any network shares on the same network would be safe as long as they were not mapped to a drive letter. Unfortunately this all changes with CryptoFortress as this ransomware will also attempt to enumerate all open network Server Message Block (SMB) shares and encrypt any that are found.

Sjouwerman advised, “Security Awareness Training is really needed for every employee in any organization. Since employees often access their own personal email over company networks or surf the web over lunch, it is essential to put in place a more effective human firewall and protect your company assets.”

For more information or to get a free phishing test to see how “phish-prone” your employees are, visit:

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% last year alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Related News

Bitdefender Labs Unveils Bitcoin Ransomware Solution

Bitcoin ransomware has been a thorn in the eye of many digital currency enthusiasts, and security experts have had a hard time coming up with solutions. Throughout the years, there have been various ransomware strains, all of which brought something new to the table and making it harder to be removed from an infected computer. But the latest solution by Bitdefender may put an end to most of the misery. A Solution To Bitcoin Ransomware? It is hard to ignore the damage caused by Bitcoin ransomware over the past few years, as there have been so many attacks against individual users,....

Ransomware crypto payments hit at least $602M last year: Chainalysis

The total amount of value extracted through ransomware payments in 2021 is expected to rise above 2020 levels once all the data is sorted through. A new report estimates that ransomware payments tallied at least $602 million in 2021 — but the actual total could be much higher.Blockchain analysis firm Chainalysis released new data on Feb. 10  about ransomware activity related to cryptocurrency in 2021. However it stated that the total value is likely to end up surpassing the $692 million taken in 2020.“In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue....

Bitcoin-seeking Ransomware Scam Busted

Two ransomware strains, CoinVault and Bitcryptor have been put to bed due to the joint efforts of law enforcement in Netherland and an independent cybersecurity firm. The authors of the malware sought ransom payments from victims in Bitcoin. Ransomware thieves who took Bitcoin payments in return for victims to access their files freely after their rogue file-locking methods have been put out of work. Two authors who allegedly developed the ransomware were arrested in Netherlands and Kaspersky, a cybersecurity firm has confirmed that it has amassed 14,000 decryption keys that are required....

FBI Warns Ransomware Gangs Are Harassing Victims via Telephone Calls to Pay C...

The U.S. Federal Bureau of Investigation (FBI) has released an alert that warns private industry in the country about incidents of harassment of victims made by ransomware gangs, such as the well-known Doppelpaymer group. FBI Is Aware of Cold-Calling Tactics by Ransomware Gangs According to a PIN (private industry notification) alert regularly sent to U.S. companies to inform them about the latest updates in the cybersecurity sphere, shared by Zdnet, the FBI has been aware of incidents since February 2020, where Doppelpaymer has cold-called companies to intimidate victims by demanding them....

US Treasury Warns of Increasing Ransomware Campaigns Against Coronavirus Vacc...

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a warning that alerts financial institutions in the United States about increasing ransomware attacks against coronavirus vaccine research organizations. US Treasury Warns of Ransomware Attacks, Phishing Schemes Targeting Covid-19 Vaccine Research Institutions According to the alert, FinCEN says that fraud, ransomware attacks, and “similar types of criminal activity” target the distribution of Covid-19 vaccines, which could affect their supply chains if proper actions are not taken on....