Menu
Cryptowall ransomware revenue may flow to one group

Cryptowall ransomware revenue may flow to one group

The latest version alone may have generated US$325 million in revenue for the attackers

Just one cybercriminal group may be collecting the revenue from Cryptowall 3.0, a malicious program that infects computers, encrypts files and demands a ransom, according to a new study released on Thursday.

The finding comes from the Cyber Threat Alliance (CTA), an industry group formed last year to study emerging threats, with members including Intel Security, Palo Alto Networks, Fortinet and Symantec.

Cryptowall is among several families of "ransomware" that have posed a growing danger to businesses and consumers. If a computer is infected, its files are scrambled with strong encryption.

There is little recourse for those affected. The best defense is to ensure files are backed up and that the backup can't be reached by the attackers. Otherwise, the only option is to accept the loss or pay the ransom, which can range from US$500 to as much as $10,000.

CTA studied Cryptowall 3.0, the latest version of the malware, which appeared earlier this year. Victims are instructed to pay in bitcoin and are supplied with an address for the bitcoin wallet controlled by the attackers.

Since bitcoin transactions are recorded in a public ledger known as the blockchain, it's possible to analyze transactions.

But to make it harder for security researchers, a different bitcoin wallet address is given to each victim, and the funds are then dispersed among many other wallets in a sometimes confounding trail.

The attacks directed at people's computers come in waves, and the cybercriminals identify those waves by assigning campaign IDs to them, similar to how digital marketing campaigns are tracked.

Although following the flow of bitcoins through a complicated web of wallets was difficult, "it was discovered that a number of primary wallets were shared between campaigns, further supporting the notion that all of the campaigns, regardless of the campaign ID, are being operated by the same entity," CTA wrote.

A single campaign identified as "crypt100" infected as many as 15,000 computers worldwide, netting at least $5 million in revenue. All told, CTA estimates that Cryptowall 3.0 may have generated as much as $325 million.

"When looking at the number of victims providing payment for the Cryptowall 3.0 ransomware, it becomes clear that this business model is extremely successful and continues to provide significant income for this group," CTA wrote.

The report doesn't speculate on where members of the group may be located. But Cryptowall 3.0 has a clue coded into itself: If it detects that it is running on a computer in Belarus, Ukraine, Russia, Kazakhstan, Armenia or Serbia, it will uninstall itself.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments