KnowBe4 Issues Alert: CryptoWall 2.0 Ransomware Moves to TOR Network

KnowBe4 Issues Alert: CryptoWall 2.0 Ransomware Moves to TOR Network

This is the next generation of ransomware and you can expect this new version to spread like wildfire.

KnowBe4 issued an alert to IT Managers that a new version of the world's most widespread ransomware CryptoWall has migrated to the TOR network. It has been upgraded to version 2.0, and continues to encrypt files so that a ransom can be extracted if there are no backups or if the backup process fails, often a common occurrence.

KnowBe4 received a panic call from an IT admin who was hit this week with CryptoWall. The admin’s workstation became infected with the malware. The workstation was mapped to 7 servers and within an hour, the entire server farm was shut down. The admin explained he had backups but it would take days to recover the data and get them back up and running. The company’s operations would be severely impacted.

“The cyber criminals hit pay dirt with this one and the admin ended up paying the ransom, 1.3 Bitcoin, rather than face the serious costs caused by days of downtime, said Stu Sjouwerman, KnowBe4’s CEO. “This is the next generation of ransomware and you can expect this new version to spread like wildfire.”

CryptoWall 2.0 went live October 1st and is now using the anonymous TOR network, making it very difficult to analyze or take down. Earlier versions of CryptoWall were not using TOR but HTTP, which allowed researchers to analyze the communication between the infected machine and the command & control server so they could take down the servers that delivered the malware. This version of CryptoWall has been tested for months and the malware uses innovative ways to propagate itself, like using ads on websites that take advantage of vulnerabilities in browsers and unpatched plug-ins.

Sjouwerman advises these three steps as something IT admins have to do:

1." Make regular backups, and have a backup off-site as well. TEST your restore function regularly to make sure your backups actually work.
2. Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can. This diminishes your attack surface.
3. Step all users through effective training on security such as Kevin Mitnick Security Awareness Training to prevent malware infections to start with."

For end users, Sjouwerman advises, “Think before you click. Don’t open anything from someone unless you are expecting it. Hover over an email address to make sure its from a valid domain, one you know and recognize.”

KnowBe4 offers a free Phishing Security Test(PST) to find out just how many of your users are Phish-prone. KnowBe4 also offers a Crypto-Ransom guarantee and is confident its training works so well, they will pay your ransom if you get hit with ransomware while you are a customer.

For more information on KnowBe4 visit
For more information on ransomware, download the whitepaper: Your Money or Your Files!

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Related News

Bitcoin Ransomware CryptoWall is Back With Improvements

Bitcoin ransomware has been a new type of malware attacking computers and networks all over the world. By decrypting all important file extensions, and forcing the device owner to pay a ransom in bitcoin to decrypt the files, assailants have found a new way to abuse the popular digital currency for nefarious acts. Even though it looked like this threat was “under control” for a brief while, a new version of CryptoWall is making the rounds. Unfortunately, the latest version of the CryptoWall ransomware has not removed the option for infected users to pay in Bitcoin. In fact, several....

Bitcoin Ransomware Attacks Involving Cryptowall Originated from the Same Place - Report

Ransomware and Bitcoin make a great combination, but for all the wrong reasons. There was a sudden increase in the number of ransomware attacks earlier in this year which continued into the last few months. While these attacks continue even today, most of them usually go unreported in the media. Cryptowall is one of the widely used malware to launch ransomware attacks. The malware has been so good at doing its job that even the FBI has given up on it. What the guys behind it are using it for is a completely different story though. Who is behind all these ransomware attacks involving....

Losses in Bitcoin Ransomware Cryptowall Reach $18M

The Federal Bureau of Investigation reported that the the total losses generated by the bitcoin ransomware called Cryptowall have reached $18 million. The FBI's Internet Crime Complaint Center stated that the agency received 992 complaints related to Cryptowall between April 2014 and June 2015. Bitcoin has typically been used by hackers as their means of demanding ransom from companies they've attacked with their malware. In Brisbane, a company has reportedly paid this bitcoin ransom but the hackers refused to back down with their demands. Bitcoin Ransomware Attacks. Typically these....

FBI: Recent Bitcoin Ransomware Losses Top $18 Million

The US Federal Bureau of Investigation (FBI) has received reports of more than $18m in losses in the past year stemming from the spread of the bitcoin ransomware Cryptowall and its related variants. A 23rd June advisory from the FBI's Internet Crime Complaint Center stated that the agency received 992 complaints related to Cryptowall between April 2014 and June 2015. Cyberattacks involving Cryptowall and other types of ransomware encrypt data on the target's computer, holding that information hostage unless a ransom - generally in bitcoin - is paid. Targets in the past have ranged from law....

Bitcoin Ransomware Hits Sheriff's Office

Dickson County Sheriff's Office said they had to pay a ransom - $500 in Bitcoin - to regain access to thousands of their case files which has been encrypted by a computer virus, News Channel 5 Network reports. IT Director Detective Jeff McCliss said: "Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files." The computer virus, Cryptowall, is a variant of the infamous CryptoLocker. In August, PC World reported that CryptoWall infected over 600,000 computer systems in the past six months and held 5 billion files hostage,....