The FBI’s Internet Crime Complaint Center said between April 2014 and June 2015, it received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million. And its not just user PCs that are being targeted, a growing number of victims are being hit with ransomware that locks down mobile phones and demands payments to unlock them.
+More on Network World: FBI: Be wary about Web searches for federal information+
CryptoWall and CryptoWall 2.0 encrypts files on a computer’s hard drive and any external or shared drives to which the computer has access. It directs the user to a personalized victim ransom page that contains the initial ransom amount (anywhere from $200 to $5,000), detailed instructions about how to purchase Bitcoins, and typically a countdown clock to notify victims how much time they have before the ransom doubles. Victims are infected with CryptoWall by clicking on links in malicious e-mails that appear to be from legitimate businesses and through compromised advertisements on popular websites. According to the U.S. CERT, these infections can be devastating and recovery can be a difficult process that may require the services of a reputable data recovery specialist, the FBI stated.
“The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims,” the IC3 stated.
+More on Network World: Graphene is hot, hot, hot+
Most criminals involved in ransomware schemes now want payment in Bitcoins. Criminals prefer Bitcoin because it's easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity, the IC3 stated.
There has been some legal headway made against some of these ransomware criminals. The FBI notes for example:
- Reveton ransomware, delivered by malware known as Citadel, falsely warned victims that their computers had been identified by the FBI or Department of Justice as being associated with child pornography websites or other illegal online activity. In June 2013, Microsoft, the FBI, and their financial partners disrupted a massive criminal botnet built on the Citadel malware, putting the brakes on Reveton’s distribution.
- Cryptolocker is a highly sophisticated ransomware that used cryptographic key pairs to encrypt the computer files of its victims and demanded ransom for the encryption key. In June 2014, the FBI announced—in conjunction with the Gameover Zeus botnet disruption—that U.S. and foreign law enforcement officials had seized Cryptolocker command and control servers. The investigation into the criminals behind Cryptolocker continues, but the malware is unable to encrypt any additional computers.
Cryptolocker still rears its ugly head of course. In April a Massachusetts police department paid $500 to free up town files that had been encrypted by CryptoLocker, the ransomware that locks down hard drives until the owners pay up. Police in Tewksbury, Mass., came up with the ransom after four or five days when they realized they could not break the encryption and needed the attackers to send them the private key in order to access the data.
“It basically rendered us inoperational with respect to the software we use to run the Police Department,” Police Chief Timothy Sheehan told the Tewksbury Town Crier. The incident occurred last December, with the infection taking place Dec. 7 on a workstation.
+More on network World: Ransomware: Pay it or fight it?+
The FBI and IC3 have reminded users number times about how to fight ransomware and other cyber-schemes but they are worth repeating:
- It's important to obtain and use antivirus software and firewalls from reputable companies. It's also important to continually maintain both of these through automatic updates.
- Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it's best to prevent them from appearing in the first place. Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
- Skepticism rules. Don’t click on any emails or attachments you don't recognize, and avoid suspicious websites altogether.
- Enable automated patches for your operating system and web browser.
- Have strong passwords, and don’t use the same passwords for everything.
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
- To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.
- If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the Internet to avoid any additional infections or data losses. Alert your local law enforcement personnel and file a complaint at www.IC3.gov.
Check out these other hot stories: