CryptoWall 3.0 Cost Victims $325 Million – Report

Notorious ransomware variant CryptoWall 3.0 has caused a staggering $325 million in damages so far, according to a major new report backed by some of America’s biggest cybersecurity companies.

As part of its first major project, the Cyber Threat Alliance discovered over 4,000 malware samples relating to CryptoWall 3.0, 839 C&C URLs and five second tier IP addresses used for command and control.

North America was most heavily targeted, most likely because of its affluence, accounting for around half of all victims. Over 406,000 attempted infections were discovered by the team—primarily via phishing emails (67.3%) and exploit kits (30.7%).

Most phishing emails were sent in the January-April 2015 time frame, with the attackers seeming to change tactics thereafter to concentrate on exploit kits, the report claimed.

Angler EK was the most popular exploit kit used.

Interestingly, the alliance also believes that those behind CryptoWall 3.0 could be a single group.

The report noted:

“It was discovered that a number of primary wallets were shared between campaigns, further supporting the notion that all of the campaigns, regardless of the campaign ID, are being operated by the same entity."

Unfortunately for those unlucky enough to get infected by CryptoWall 3.0, the report paints the picture of a highly efficient operation running solid encryption, meaning victims usually do have to pay up to get their files back.

Even an FBI Special Agent was quoted as saying last week that it might be better for infected businesses to just pay the ransom.

The Cyber Threat Alliance was founded last year by Intel Security, Fortinet, Palo Alto Networks and Symantec and has since added to its membership.

The group’s aim was to see if a more open approach to information sharing among nominal rivals in the cybersecurity space could advance research.

To that end, each member must share at least 1,000 samples of new Portable Executable (PE) malware per day that are not observed on VirusTotal over the preceding 48 hours at the time of sharing, as well as other criteria.

Information sharing has become a controversial topic in the US after much criticized info-sharing legislation CISA was passed despite opposition from some major tech firms. 

What’s Hot on Infosecurity Magazine?