KnowBe4 Cautions IT: Second Generation Ransomware In The Wild

KnowBe4 Cautions IT: Second Generation Ransomware In The Wild

Ransomware's Second Wave. We know one company that opted to delay training its users, only to get hit with ransomware the next day, costing them $250,000.

System administrators aren’t likely to get much rest this summer. KnowBe4 CEO Stu Sjouwerman issued a “second-gen malware alert” to warn IT managers of new threats bursting on the scene. This confirms IT fears of an increase in ransomware from a survey done at the end of June by KnowBe4.

Kaspersky recently reported a new second-generation type of ransomware marketed as CTB-Locker (aka Critroni), calling it "Onion", named after use of the anonymous TOR network. Trend Micro reported another wave of ransomware called Crytoblocker, described as the potential successor to CryptoLocker and Synology customers are now experiencing a targeted customized ransomware attack.

According to KnowBe4’s CEO Stu Sjouwerman, “Security Awareness Training is needed now more than ever. This new generation of CTB-Locker ransomware is likely originating from an eastern European country like Romania or the Ukraine as some of the first infections were seen in Russia. Russian cybercrime never hacks in Russia itself due to the likelihood of immediate arrests by Russian security services.“

The five reasons that make this new wave of ransomware more dangerous:

  • CTB-Locker is the very first Windows ransomware that uses the TOR network for its command & control (c&c) servers which makes it much harder to shut down.
  • Traffic between the malware that lives on the infected machine and its c&c servers is much harder to intercept.
  • CTB-Locker encrypts files using little-used and super strong Elliptic Curve Diffie-Hellman cryptography which makes decrypting it yourself impossible.
  • Compresses files before encrypting them
  • It was built as commercial crimeware, so it can be sold globally to other cybercriminals. The Bitcoin ransom can be specified, as can the extensions of the files that will be encrypted.

Sjouwerman recommends setting up a human firewall with educated users as this can help prevent the near catastrophic data loss ransomware can cause. Said Sjouwerman, “We know one company that opted to delay training its users, only to get hit with ransomware the next day costing them $250,000. Training would have cost them 1/50th of the price.”

KnowBe4 advocates multi-layered, defense-in-depth security including thorough testing of backups as they are prone to failure. The company guarantees once users are trained and receive a simulated phishing attack once a month, they will pay your crypto-ransom if you get hit.

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnic

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Related News

Author of ‘Locker’ Crypto Ransomware Decrypts All Infected Files and Apologizes

On May 30, the author of thecrypto-ransomware known as Locker posted an apology on Pastebin and claimed that he “never intended to release” the malware program. According to, the author says he terminated distribution as of June 2 and that he has decrypted all infected files. The author said on Pastebin: Security firm KnowBe4 explains Locker ransomware is a “sleeper campaign” that is installed through a social engineering attack and then sits silently on computers and encrypts files upon the activation of the malware creator. " I am the author of the Locker ransomware and....

Want to weed out ransomware? Regulate crypto exchanges

Ransomware will remain a major threat moving into 2022, and to counter it, the crypto ecosystem must come to terms with more regulation. Just between July 2020 and June 2021, ransomware activity soared by a whopping 1,070%, according to a recent Fortinet report, with other researchers confirming the proliferation of this mode of extortion. Mimicking the prevalent business model of the legitimate tech world, ransomware-as-a-service portals popped up in the darker corners of the web, institutionalizing the shadow industry and slashing the skill ceiling for wannabe-criminals. The trend should....

Developer Creates Solution for Bitcoin Ransomware

Over the course of 2015, many individuals and companies have been affected by ransomware. While this may have nothing to do with Bitcoin at first glance, there have been a few cases where the ransomware could only be removed by paying a certain fee in Bitcoin. But those days may be over now, as a decryption toolkit for various types of ransomware has been made publicly available, free of charge. CryptoLocker and CoinVault Ransomware. Two types of ransomware making headlines all across the world in recent months are called CryptoLocker and CoinVault. Both types of ransomware operate, in the....

What Came First, Bitcoin or Ransomware?

In a ransomware attack, it is assumed that the hackers prefer the ransom being paid in bitcoin due to the anonymous nature of its transactions. It might not be true as the hackers are probably interested in bitcoin for entirely different reasons. Bitcoin and Ransomware, these words appear more frequently in a single sentence these days than we wish for. Ransomware attacks have become a common occurrence these days. We had earlier reported the use of Advertising network by cyber criminals to propagate ransomware to the computers belonging to the readers of some of the leading news websites.....

GoldenEye Ransomware Poses as a CV to Target HR Departments

The new GoldenEye ransomware poses as a resume to infect computers belonging to HR departments. James Bond, the fictional spy, has met his match when it comes to deception. A new ransomware named after one of the Bond movies, GoldenEye infects work computers by posing as a job application. According to cybersecurity researchers, the GoldenEye ransomware is a variant of previously known Petya ransomware. The ransomware targets the HR departments of the companies as they receive hundreds if not thousands of emails from unknown people applying for job positions. A well-crafted mail delivers....