Feds count Cryptowall cost: $18 million says FBI
Bad news Oz: you may have lost even more
Cryptowall authors have wrought some US$18 million in damages on US users and businesses alone, according to the FBI.
The Cryptolocker-imitation ransomware family has etched itself as one of the most prolific and capable since it was first detected in April 2014.
Global damage reported to the US agency are likely considerably higher; Australian victims account for about half of Cryptowall revenue, with North America accounting for only a quarter.
Feds say the US Internet Crime Complaints Commission has received 992 complaints from ransomware victims each extorted for between $US200 to $US10,000.
"Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers, " the FBI alert says.
"Between April 2014 and June 2015, the IC3 received 992 Cryptowall-related complaints, with victims reporting losses totaling over $18 million.
"These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims."
Trend Micro March stats
Cryptowall, like other ransomware families, is delivered through spam and exploit kits in order to encrypt what criminal affiliates hope are valuable files. Victims then have to pay to recover their files, and improvements to the code since it first emerged make mitigation difficult.
It has become more sophisticated with each iteration. The latest variant encryption implementation appears to have evaded cracking attempts, while features including the ability to destroy backups and encrypt cloud-synchronised files increases the chances victims will pay.
Those who refuse demands can still be fleeced of account login credentials siphoned by FAREIT trojan which was bundled with Cryptowall under the first partnership revealed in March. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust