Friday, 30 October 2015

Ransomware Provides Criminals Possibly $325 Million

The newest variant of CryptoWall-ransomware the creators possibly $ 325 million delivered, say Fortinet, Intel Security, Palo Alto Networks and Symantec (pdf). Concrete evidence that the criminals that amount actually earned their ransomware lacking.

CryptoWall is a form of ransomware that appeared almost a year ago for the first time. Like other ransomware encrypts files on the computer and pay victims for decryption. For their study looked at the security to version 3 of CryptoWall. This version is spread mainly via e-mail, according to analysis of 70,000. 67% use email as an infection vector, while 31% spread through vulnerabilities in popular software such as Adobe Flash Player and Internet Explorer.

The infection vector of the remaining percentage is not disclosed. In the case of the e-mails are mostly zipped attachments sent with it .scr files. Scr is the file for Windows screensavers, but acts the same as a normal .exe file. To leave nothing suspecting victims were adjusted as the icons of the files. In addition, in Windows by default not show the file extension, allowing users not to realize that it was an executable file.


According to the security CryptoWall version 3 would have caused an estimated damage of $ 325 million, but this is not clearly substantiated in the report. For example, it pointed to the bitcoin-wallets where victims had to make money at it, but the construction of the $ 325 million is not explained. The gang used according to the kinds of security-bitcoin wallets to funnel money and so to cover their tracks, which hampered the investigation.

Further inside, the report pointed to a campaign that made ​​15.000 victims, but it is unclear whether all of these victims have been paid, as researchers use the words "would account" and "associated".


The security companies know that the damage is based on a large bitcoin wallet which reportedly all payments of the victims eventually ended up. With an average ransom amount of $ 500 which would involve some 650,000 victims CryptoWall version 3 paid the ransom. Earlier research at Dell SecureWorks showed another variant of CryptoWall that only 0.27% of the paid victims. If this percentage would apply to version 3 would mean that hundreds of millions of people have been infected worldwide, which seems unlikely. We have companies therefore requested further explanation.

No comments:

Post a Comment