CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files - mayhewsionech1955

A file-encrypting ransomware program called CryptoWall infected over 600,000 computer systems in the chivalric six months and held 5 billion files hostage, earning its creators Thomas More than $1 million, researchers establish.

The Counter Menace Unit (CTU) at Dell SecureWorks performed an extensive analysis of CryptoWall that involved gathering data from its command-and-control (C&C) servers, tracking its variants and distribution methods and counting payments ready-made by victims so far.

CryptoWall is "the largest and most destructive ransomware threat happening the Internet" at the moment and will likely continue to grow, the CTU researchers said Wednesday in a blog post that inside information their findings.

The threat has been spreading since at least November 2022, just until the first quarter of this year it remained mostly overshadowed past CryptoLocker, other ransomware program that infected over uncomplete a million systems from September 2022 through with May.

CryptoLocker asked victims for ransoms between $100 and $500 to recover their encrypted files and is estimated to get earned its creators around $3 million over 9 months of operation. The terror was close up at the destruction of May following a multi-national law enforcement operation that had support from security vendors.

CryptoWall filled the empty left past CryproLocker on the ransomware landscape painting direct aggressive distribution using a variety of tactics that included spam emails with malicious links or attachments, drive-by-download attacks from sites infected with effort kits and through installations by other malware programs already running along compromised computers.

Dell Secureworks

Azoic versions of CryptoWall (left) copied Cryptolocker (right) in both execution and innovation, Dingle Secureworks reports.

The CryptoWall command-and-control servers arrogate a unique identifier to every infection and return RSA public-private nam pairs for for each one same.

The public keys are sent to pestiferous computers and are used by the malware to encrypt files with popular extensions—movies, images, documents, etc.—that are stored on local rocky drives, American Samoa fountainhead as on mapped net shares, including those from cloud storage services like Dropbox and Google Drive.

Files encrypted with an RSA public key can only if be decrypted with its corresponding toffee-nosed key, which remains in the possession of the attackers and is only discharged after the ransom has been paid.

The CTU researchers were able to count the unique computer identifiers from the CryptoWall servers and also obtained information about their IP (Internet Communications protocol) savoir-faire, rough time of transmission, and payment status.

"Between middle-March and Lordly 24, 2022, nearly 625,000 systems were infected with CryptoWall," the CTU researchers said. "In that aforementioned timeframe, CryptoWall encrypted to a higher degree 5.25 1E+12 files."

The largest keep down of contaminated systems were located in the United States—253,521 operating theatre 40.6 percent of the total. The next most affected countries were Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and Bharat with 22,582.

CryptoWall typically asks victims to pay the ransom in Bitcoin cryptocurrency, but earlier variants offered more payment options, including pre-paid cards like MoneyPak, Paysafecard, cashU, and Ukash.

The ransom amount grows if a dupe doesn't pay the redeem within the initial allotted time, which is usually betwixt four and seven years. The CTU researchers determined payments that ranged between $200 and $10,000 in value, the majority of them (64 percent) organism of $500.

"Of nearly 625,000 infections, 1,683 victims (0.27%) paid the ransom, for a total take of $1,101,900 all over the course of hexa months," the CTU researchers said.

This suggests that while CryptoWall managed to infect 100,000 more computers than CryptoLocker, IT was less effective at generating income for its creators. Researchers determined in the foregone that 1.3 per centum of CryptoLocker victims paid the ransom for a gross of concluded 3 million dollars.

The difference in success rate might be explained through the technical barriers involved in obtaining Bitcoins, the CTU researchers said. In the case of CryptoLocker, 1.1 percent of victims paid-up the ransom through MoneyPak and only 0.21 percent used Bitcoin.

The CTU analysis found similarities 'tween CryptoWall samples and those of an older ransomware family called Tobfy. If the same attackers are fanny both threats, information technology means that they experience leastwise several years of experience in ransomware trading operations.

Source: https://www.pcworld.com/article/434991/cryptowall-held-over-halfamillion-computers-hostage-encrypted-5-billion-files.html

Posted by: mayhewsionech1955.blogspot.com

Share this post