FBI Malware Warning Issued over CryptoWall Ransomware

The FBI has issued a warning to all U.S Companies – and individuals – over the growing threat of ransomware, with a version called CryptoWall singled out as representing the biggest threat. The malware is not just a problem in the United States: The infection has spread globally. Once infected, victims are often left with little choice but to pay up or lose everything.

The warning has come via the Internet Crime Complaint Center (IC3). IC3 is a joint initiative operated by the FBI and the National White Collar Crime Center, and since April of last year it has received 992 complaints about CryptoWall infections. The total cost from the malware infections is estimated to have exceeded $18 million.

The malware may be complex, but its mode of operation is simple. When a PC becomes infected with the malware the device is locked and the data encrypted. No data can be obtained from the device, it cannot be used, and everything on it will be permanently erased – or remain permanently locked – unless a ransom is paid. Since the data is encrypted, there is no way to retrieve any information unless the ransom is paid and the security key obtained. The ransom must be paid without any guarantee that the computer will be unlocked.

System Locked Until Ransom Paid


The ransom varies based on the individual affected. The fee could be as low as $200; however for companies and high net worth individuals who have inadvertently been affected – or have been targeted – the fee to unlock could be as high as $10,000 or more. The cost does not end there, especially if a company is affected. An attack of this nature triggers a full security audit and the implementation of new cybersecurity measures; which can have a huge financial impact on organizations’ budgets.

Ransomware can be broadcast or used in highly targeted campaigns, often referred to as spear phishing. This is a technique often used to gain access to healthcare and other industry computer networks. Highly targeted campaigns are conducted on victims who have been singled out and their lives researched to allow convincing campaigns to be conducted to get individuals to download malware or visit an infected webpage. In the case of ransomware, individuals or companies can be targeted that are likely to pay high prices to recover their data.

How is CryptoWall Ransomware Installed?


The malware needs to be downloaded and installed on a computer, often by first downloading a form of malware called a dropper. This is a program which once installed, can execute a number of commands and can download other malware onto a computer, unbeknown to the user.

In some cases, hackers are breaking into networks, are stealing data and then installing malware. The perpetrators can then use or sell the data and obtain a payment from the victim to unlock their systems. Since payment is taken by Bitcoin, and is often an automated process, tracking the criminals behind the schemes is a highly complex task.

In the majority of cases the attacks are possible due to the victims being convinced to double click on an email attachment or visit an infected webpage.

How to Protect Against Ransomware and Malware


There are a number of simple best practices to follow to significantly reduce the risk of being affected by CryptoWall ransomware and other types of malware:

  1. Regular bulletins should be sent from the compliance officer, or IT department, warning staff of current risks and reminding employees of the ways hackers gain access to networks and how malware is installed.
  2. Ensure all Antivirus software updates are conducted automatically. Regular scans should be scheduled, along with periodic deeper scans. Anti-malware scans should also be conducted regularly.
  3. Ensure backups of all data are performed regularly; on a daily, weekly and monthly basis. Backup tapes must be encrypted and stored off site – or in the cloud – and data restoration procedures must be tested to ensure data is actually recoverable from the backups in the event of data loss.
  4. A risk analysis should be conducted at an absolute minimum of 12 month intervals and following any material change in industry regulations.
  5. Ensure all PCs have security controls installed to limit the websites that can be visited. As a minimum security standard, have pop ups and cookies blocked.
  6. Be watchful and security conscious and ensure all staff adopt security best practices.
  7. If you believe you have been infected with a computer virus, malware or ransomware it is important not to panic. Do not switch off the computer. Disconnect from the internet and contact your IT department or an IT professional for advice.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.