KnowBe4 Issues CryptoDefense Warning - Ransomware is Worse than CryptoLocker

KnowBe4 Issues CryptoDefense Warning - Ransomware is Worse than CryptoLocker

KnowBe4 CEO Stu Sjouwerman issued an alert today warning computer users of a new but very nasty ransomware named CryptoDefense. A copycat competitor to CryptoLocker, CryptoDefense was released in late February, 2014 and is much worse than the original.

The ransomware targets text, picture, video, PDF and MS Office files and encrypts these with a strong RSA-2048 key which is hard to undo. It also wipes out Shadow Copies which are used by many backup programs.

The potential for damage is vast, generating tens of thousands per month, according to reports from Symantec. If an end-user opens the infected attachment, the ransomware encrypts its target files, and the criminals charge $500 in Bitcoin to decrypt the files. If their four-day deadline passes by, the amount goes up to $1,000. After a month, the keys are destroyed.

“There is furious competition between cybergangs,” said Sjouwerman (pronounced ‘shower-man’). “They did their test-marketing in countries like the UK, Canada and Australia and are now targeting the US.”

Sjouwerman further stated, “CryptoDefense doesn’t seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang.”

It appears that this infection initially was installed through programs that pretend to be flash updates or video players required to view an online video. Then it moved on to a variety of different phishing attacks that show an email with a zip file directing to "open the attached document" that was supposed to have been "scanned and sent to you".

According to Sjouwerman, “It is obvious that this is a social engineering ploy and that effective security awareness training will prevent someone from opening these infected attachments when they make it through the filters (which they regularly do). Training your end-users to prevent fires like this is a must these days. Once infected, the only way to fix this relatively fast is to make sure you have a recent backup of the files which actually can be restored. Even then, it can take several hours to restore the data.”

Recent ransomware infections were users opening an attachment with a "voice mail message" from AT&T, but there are variants from other Telco companies. Users then admit to opening the attachment but saying it did nothing, however they could not open their files afterward.

This new CryptoDefense ransomware Malware has bugs too, and Symantec researchers stated:

"Due to the attackers poor implementation of the cryptographic functionality they have, quite literally, left their hostages a key to escape". But by the time you read this, that bug has probably (and unfortunately) been fixed.

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

To learn about Stu Sjouwerman and KnowBe4 more visit http://www.knowbe4.com/

To prevent being “ransomwared” go to Don't Get Hit with Ransomware: https://info.knowbe4.com/dont-get-hit-with-ransomware

Tags: cyber crime, Phishing, Spear phishing, Malware, CryptoDefense, CryptoLocker


Related News

Developer Creates Solution for Bitcoin Ransomware

Over the course of 2015, many individuals and companies have been affected by ransomware. While this may have nothing to do with Bitcoin at first glance, there have been a few cases where the ransomware could only be removed by paying a certain fee in Bitcoin. But those days may be over now, as a decryption toolkit for various types of ransomware has been made publicly available, free of charge. CryptoLocker and CoinVault Ransomware. Two types of ransomware making headlines all across the world in recent months are called CryptoLocker and CoinVault. Both types of ransomware operate, in the....

Tens of Millions in the UK May Be Targeted by CryptoLocker Bitcoin Ransomware

The UK's crime agency released an alert today after a flood of spam swept the country promoting bitcoin ransomware scourge CryptoLocker. The National Cyber Crime Unit predicted that emails would hit tens of millions of UK customers, and that they were targeting small to medium-sized businesses in particular. "This spamming event is assessed as a significant risk," it said. Discovered last month, CryptoLocker is distributed by email. It includes a ZIP file attachment that infects a victim's computer, encrypting their files, and them demanding a ransom of 2 bitcoins. That will see people....

FBI Advises Victims Pay Ransom on Ransomware

Ransomware is becoming increasingly popular with hackers and cyber criminals. The ability to lock down an entire system and render it useless until a ransom has been met is quite powerful. Ransomware often requires payment in a method that is irreversible, allowing the criminals to keep any payments they received unless they are caught of course. The FBI has warned that companies might not be able to get their data back unless they pay the ransom or have backups in which they can restore the system to. Cryptolocker was incredibly prevalent for a year but was replaced by Cryptowall, a very....

How to Protect Yourself From Ransomware

The ransomware industry has exploded recently. Often, hackers demand bitcoin payments in order to restore computer systems. Bitcoin.com investigates what to do to prevent ransomware attacks. 2016 ‘The Year of Ransomware’. A report by McAfee Labs published in December revealed that the number of new ransomware samples totaled 3,860,603 in the third....

FBI: Malware Victims Should Pay Bitcoin Ransoms

Victims of malware, such as bitcoin ransomware Cryptolocker, should just pay off the perpetrators if they want to see their data again, an FBI agent has advised. According to Security Ledger, Acting Special Agent Joseph Bonavolonta, who oversees the bureau's Boston office, told C-level executives at Wednesday's Cyber Security Summit they'd be better off stumping up the ransom. According to an FBI report from June, this sum can be anywhere from $200 to $10,000. Bonavolonta said: "The amount of money made by these criminals is enormous and that's because the overwhelming majority of....