Cybercriminals have made hundreds of millions of dollars during the last year off of CryptoWall, a sophisticated type of malware which makes the contents of an infected computer off limits until an attacker is compensated by the affected owner, security experts say.
A first-of-its-kind report published last week by the Cyber Threat Alliance, a coalition of digital security companies including Symantec and Intel, concluded that the CryptoWall ransomware has netted its users $325 million in revenue just from victims who agreed to pay hackers in order to have access to their data restored.
Like other forms of ransomware, CryptoWall makes use of unpatched vulnerabilities on targeted computers, then encrypts the machine’s contents until its rightful owner pays a nominal fee. The CTA says that this particular type of malware has exploded on the web in the past year, however, and its most recent iteration, CryptoWall 3, has managed to become quite profitable by claiming hundreds of thousands of victims across the globe in a span of just several months, according to the report.
Joe Chen, the vice president of engineering at Symantec, said ransomware threats such as CryptoWall “are growing at an alarming rate and holding critical business and consumer data hostage.”
In June, the FBI said it had been aware of only $18 million in losses from 992 American victims who had been targeted with CryptoWall since April 2014.
“By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually,” said Mr. Chen.
The agency’s latest whitepaper — Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat — acknowledges that security experts have spotted 4,046 different CryptoWall variants used over the course of roughly 406,000 attempted infections waged against organizations and individuals, most often through email phishing campaigns in which targets are tricked into opening malicious attachments that allow attackers to control a compromised computer.
“This research demonstrates an ability to leverage our collective threat expertise and intelligence to provide enhanced protection for customers, and help us more effectively collaborate with law enforcement in order to disrupt criminal ecosystems and ultimately help bring more cybercriminals to justice,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs office.
Joseph Bonavolonta, an assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program in the bureau’s Boston office, said at a computer security summit last month that ransomware spotted in recent months has been so hard to beat that authorities have told victims to pay up if they want to reclaim hacked data.
“To be honest, we often advise people just to pay the ransom,” he said.
The CTA’s recommendations, meanwhile, are a bit more thorough than the FBI’s: The security experts behind the latest report suggest computer users keep their operating systems, applications and firmware updated to the latest versions, and avoid opening emails from unknown senders.