KnowBe4 Says New CryptoWall 3.0 Ransomware Makes Paying Ransom

KnowBe4 Says New CryptoWall 3.0 Ransomware Makes Paying Ransom "Easier"

'Ironically, as cyber criminals get more sophisticated, so do their efforts to improve their extortion methods.'

If there was any doubt that CryptoWall ransomware is a successful business model for cybercriminals, infecting over 700,000 victims thus far, the latest version will attempt to improve those numbers. A new version of CryptoWall dubbed 3.0 has been released a few days ago with new gateways that are used to access the CryptoWall decryption site. The deadlines for ransomware payment have also been extended from 5 days to a full week and the ransom note file names have been made easier to read with detailed information on how to access the ransom payment site. In the name of improved “customer service," these new features make it even easier to pay up when files have been hijacked.

According to KnowBe4 CEO Stu Sjouwerman, “Ironically, as cyber criminals get more sophisticated, so do their efforts to improve their extortion methods. While a hard working criminal is an oxymoron, CryptoWall 3.0 shows they are working diligently to make the ransom payment and decryption process easier.”

While phishing attacks are the most common way ransomware hits an organization, infections occur through multiple attack vectors, including email attachments, malicious PDF files and like those before it, this new version is also being distributed through drive-by-download attacks or other malware already installed on the personal computer.

In a new analysis published by Cisco, their team reports that the new variant of CryptoWall is able to distinguish between 32- and 64-bit architectures and to execute different versions for each.The software also checks if the system it is infecting is in a Virtual Machine environment with anti-AM and anti-emulation checks to hamper identification via sandboxes. If it detects this is the case, it does not execute in that environment, making the malware analysis either impossible or much harder.

The additional gateways allow an infected user to access the CryptoWall decryption site without having to install the TOR browser software, a difficult task for a non-techie. It does this by routing the user to another anonymous network called I2P.

Sjouwerman stated, “IT managers should back up their servers and frequently test the backups to ensure they work, as backup failure rates can go as high as 60% at times. If you are using cloud backup, make sure you use versioning, as ransomware can attack other drives and cloud storage. Without a working backup, your options are really pay the ransom or lose your data. Even with a backup, it may be cheaper to pay the ransom. One of the most cost effective ways to avoid ransomware is to step your users through the Kevin Mitnick Security Awareness Training and follow up with frequent anti-phishing testing to keep security top of mind. We are so confident it works. If you’ve trained your users, send them simulated phishing attacks every month, and if you still get hit, we’ll pay your Bitcoin ransom.”

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.


Related News

Losses in Bitcoin Ransomware Cryptowall Reach $18M

The Federal Bureau of Investigation reported that the the total losses generated by the bitcoin ransomware called Cryptowall have reached $18 million. The FBI's Internet Crime Complaint Center stated that the agency received 992 complaints related to Cryptowall between April 2014 and June 2015. Bitcoin has typically been used by hackers as their means of demanding ransom from companies they've attacked with their malware. In Brisbane, a company has reportedly paid this bitcoin ransom but the hackers refused to back down with their demands. Bitcoin Ransomware Attacks. Typically these....

Meet a Robin Hood-Like Bitcoin Ransomware

Just when you think that you have seen it all, a ransomware demands money for charity by encrypting all files on the user's computer.' Doing something bad with good intentions don’t make it right! Maybe no one told this to the cybercriminals behind this new Bitcoin ransomware. CryptMix, the new ransomware doing rounds on the internet extorts money out of its victims, but forwards the ransom for charity. Like any other ransomware, CryptMix encrypts the files on the victim’s computer making it unusable. According to Heimdal Security, a well-known anti-malware and cyber security software....

FBI Advises Victims Pay Ransom on Ransomware

Ransomware is becoming increasingly popular with hackers and cyber criminals. The ability to lock down an entire system and render it useless until a ransom has been met is quite powerful. Ransomware often requires payment in a method that is irreversible, allowing the criminals to keep any payments they received unless they are caught of course. The FBI has warned that companies might not be able to get their data back unless they pay the ransom or have backups in which they can restore the system to. Cryptolocker was incredibly prevalent for a year but was replaced by Cryptowall, a very....

Ransomware Racket Nets Developers $325 Million in Bitcoin: Report

The malware authors making up the cyber gang behind the intrusive Cryptowall 3.0 ransomware, a strain of malware, have raked in an estimated $325 million from hundreds of thousands of victims around the world by demanding ransom payments in Bitcoin. The ransomware has been active since January, 2015. A cybercriminal group that develops and deploys Cryptowall 3.0 may have gathered millions of dollars of ransom in Bitcoin in this past year alone, a comprehensive study points out. Cryptowall version 3.0 the latest variant of a ransomware that is among the most effective tools used by....

Bitcoin Ransomware CryptoWall is Back With Improvements

Bitcoin ransomware has been a new type of malware attacking computers and networks all over the world. By decrypting all important file extensions, and forcing the device owner to pay a ransom in bitcoin to decrypt the files, assailants have found a new way to abuse the popular digital currency for nefarious acts. Even though it looked like this threat was “under control” for a brief while, a new version of CryptoWall is making the rounds. Unfortunately, the latest version of the CryptoWall ransomware has not removed the option for infected users to pay in Bitcoin. In fact, several....