Story image

CryptoWall nets US$325 million; Is your business secure?

03 Nov 2015

A single cybercrime group may be collecting all the revenue from CryptoWall 3 according to a new report from the Cyber Threat Alliance, which has issued its recommendations to businesses on how to keep secure.

The Cyber Threat Alliance is an industry group whose co-founders include Fortinet, Intel Security, Palo Alto Networks and Symantec.

Their report, Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat, says more than US$325 million was gained from CryptoWall 3, which appeared earlier this year, including ransoms paid by victims to decrypt and access their files.

The report says 406,887 attempted CryptoWall infections were recorded, with the hundreds of millions of dollars damage wrought by the ransomware spanning hundreds of thousands of victims across the globe.

Earlier this week, virtual private network and managed services provider BCT reported that an increasing number of Australian companies have fallen victim to the new strain of Cryptolocker in recent months.

The Cyber Threat Alliance says there are steps organisations can take to lessen their risk of falling victim to CryptoWall v3 and other forms of advanced malware.

It recommends:

- Ensuring your operating systems, applications and firmware are updated with the latest versions of the software.

- Understanding typical phishing techniques and how to thwart them, such as by not opening email from unknown email addresses or attachments of certain file types. 

- Keeping web browsers updated, and turning on settings to disable browser plugins, such as Java, Flash and Silverlight, preventing them from running automatically. 

- Reviewing access and security policies within corporate networks to limit access to critical infrastructure from systems and users who don’t need it.

Joe Chen, Symantec vice president of engineering, says the Cyber Threat Alliance’s first major target is ransomware threats like CryptoWall which are growing at an alarming rate and holding critical business and consumer data hostage.

Derek Manky, Fortinet global security strategist, says the explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks.

“Managing this risk is a shared responsibility,” Manky says. “We need to step forward and not wait for the adversary to make the move first.

“When we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organisations.”

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.