by Joseph Young
The world’s most popular anti-virus service providers, Symantec Corp, Intel Security, Palo Alto Networks and Fortinet, have formed a cyber-security group named Cyber Threat Alliance (CTA) to explore the evolution and impact of aggressive CryptoWall ransomware.
The first published report of the CTA entitled “Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat” provides financial institutions and tech organizations worldwide with a detailed insight into the notorious ransomware attacks launched by the founders of CryptoWall, a malicious hacking tool which has earned its founders over US$325 million in revenue, mostly in bitcoin.
The reported revenue from the anonymous hacking group behind CryptoWall derives from more than 400,000 successful CryptoWall infections, which have led to around 4,000 malware samples, disruption of 839 command and control URLs for servers and hundreds of millions of dollars in damages.
“Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage,” stated Symantec Vice President of Engineering Joe Chen. “By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually.”
Since early 2015, the number of reported ransomware attacks has substantially increased, targeting a wide range of victims from banks and social media platforms to personal computers. “Crypto” ransomware such as CryptoWall grants hackers full-access to servers and local databases, enabling the cyber criminals to either encrypt or steal the data.
In most cases, ransomware attacks are avoidable by limiting access to critical server infrastructure, updating operating systems and restricting plugins such as Java and Flash. The CTA publication recommends users to follow all security measures and protocols stated in the report to avoid potential hacking attacks.
“The explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks,” said Fortinet Global Security Strategist Derek Manky.
“Managing this risk is a shared responsibility. We need to step forward, and not wait for the adversary to make the move first. This research demonstrates the power of the CTA partnership; when we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organizations,” he added.
The FBI and various enforcement agencies of the U.S. notified its residents that once data is encrypted by crypto ransomware, it is not possible to bring back the data unless the hacker decides decrypt it. If personal and sensitive data becomes compromised, the FBI recommends people to pay the ransom to the hacker and recover the data.