KnowBe4 Warns: Third Ransomware Strain Called CryptorBit Attacks
Infections with this recent CryptorBit strain are on the rise, and once a user's files are encrypted, the fees are up to $500 ransom in bitcoin to decrypt the files.
Security Awareness Training expert KnowBe4 issued a warning of a third criminal ransomware gang ramping up their attacks. The malware is called CryptorBit, (also known as HowDecrypt), and follows a very similar attack process as CryptoLocker and CryptoDefense, but the malware corrupts the first 512 or 1024 bytes of -any- data file it finds, regardless of extension increasing its potential to wreak havoc. The cyber gang uses social engineering to get the end-user to install the ransomware using a fake Flash update, or install a rogue antivirus product.
“Infections with this recent CryptorBit strain are on the rise, and once a user's files are encrypted, the fees are up to $500 ransom in bitcoin to decrypt the files,” said Stu Sjouwerman, CEO of KnowBe4.
It was initially released December 2013, and after debugging their criminal infrastructure, attacks are now increasing. Moreover, users can’t rely on antivirus since it catches less than 50% and “antivirus is dead” according to Symantec.
The CryptorBit ransomware comes with extra features. It appears to bypass Group Policy settings that were put in place to defend against this type of ransomware infection. The cybercriminals are also installing so-called cryptocoin miner software which utilizes the victim's computer to mine digital coins such as Bitcoin, which will get deposited in the malware developer's digital wallet, making them even more money according to bleepingcomputer.com
When a workstation is infected, the bad guys want you to install the Tor Browser, enter your address, and follow instructions on their website how to pay. They leave a friendly reminder that the sooner you pay, the more chance you have to "recover the files". Once you pay, supposedly you get their CryptorBit Decryptor program. Based on the payments sent to known CryptorBit Bitcoin addresses, quite a few people appear to have paid the ransom. The price can double after the first 96 hours (4 days).
Sjouwerman gives these tips to prevent the loss of data;
1) Backup, backup, backup and test your restore procedure on a very regular basis.
2) Don’t rely on just antivirus as they normally run 6 hours behind attacks like this, enough for the bad guys to get in and wreak havoc. See Virus Bulletin’s testing info.
3) Don’t open anything suspicious. Use extra care to avoid phishing links and attachments. If you didn’t request it, don’t open it.
4) If you do fall prey to CryptorBit, wipe the infected machine(s), rebuild from the ground up, and restore the files from the most recent backup. If there are no backups, try to restore the files from Shadow Volume Copies. If these are not available, you can try a utility called DecrypterFixer written by Nathan Scott.
With malware like this out there, security education and behavior management is a must for any organization where users have access to email and the web.
To learn more visit http://www.knowbe4.com/
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
Tags: Ransomware, CryptoLocker, CryptorBit, Security Awareness Training, Phishing
Related News
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a warning that alerts financial institutions in the United States about increasing ransomware attacks against coronavirus vaccine research organizations. US Treasury Warns of Ransomware Attacks, Phishing Schemes Targeting Covid-19 Vaccine Research Institutions According to the alert, FinCEN says that fraud, ransomware attacks, and “similar types of criminal activity” target the distribution of Covid-19 vaccines, which could affect their supply chains if proper actions are not taken on....
In fact, 1% of attacks saw a demand of US$150,000 to be paid in Bitcoin. Ransomware developers are always one step ahead of security researchers these days. Not only in the way their software works, but also how they target potential victims. American businesses are seeing an influx in ransomware attacks all of a sudden. More particularly, company executives are a prime target for ransom are right now. While nearly nine in ten ransomware attacks are targeting hospitals these days, corporations are not out of the woods just yet. A new study unveiled how 40% of businesses investigated had....
Paying ransomware hackers to decrypt infected computers doesn't always work, and may even be a crime in some countries.
Over the course of this year, DarkSide, a group of Russian hackers got the attention of the U.S. Department of State. In May 2021, DarkSide was responsible for a ransomware attack on Colonial Pipeline, extorting $5M for not leaking data they had on the Pipeline’s network. This is considered to be one of the major ransomware attacks on the U.S. infrastructure to this date. What we know about the DarkSide is that they: Operate as Ransomware as a service (Raas) Get their ransom in Bitcoin The U.S. Department of State issued an award of $10M for information that would lead to finding the....
One thing seems certain: it will become harder to detect this malicious software in the future. One of the most popular trends in 2016 has been the surge in ransomware deployment. Over the coming 12 months, this situation will only get worse. Enterprises and users are advised to take the necessary precautions to nip these attacks in the bud. In the first week of the new year, new types of ransomware have made their presence known already. KillDisk is a type of malware that has been around for some time already. A new version of this ransomware strain has security researchers concerned,....