CryptoWall More Pervasive, Less Profitable Than CryptoLocker

  /     /     /  
Publicated : 22/11/2024   Category : security


CryptoWall More Pervasive, Less Profitable Than CryptoLocker


The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms.



CryptoWall might have been just a CryptoLocker wannabe a few months ago, but since
CryptoLocker went down with the GameOver ZeuS
ship in June, CryptoWall has taken its place as the top
ransomware
on the market, according to a new report.
Like similar ransomware, CryptoWall infects an endpoint, encrypts users files, and demands payment from those who want access to those files. CryptoWall can get its hands on hard disks, removable drives, network drives, and even cloud storage services that are mapped to a targeted file system.
CryptoWall is neither as technologically sophisticated nor as profitable as CryptoLocker, but it has infected more systems, and its earned a cool million for its operators so far. Dell SecureWorks Counter Threat Unit says in a new
threat intelligence report
that its researchers consider CryptoWall to be the largest and most destructive ransomware threat on the Internet as of this publication, and they expect this threat to continue growing.
CryptoWall has infected approximately 625,000 systems worldwide -- 80,000 more than CryptoLocker. According to Dell SecureWorks, every nation in the world has at least one victim, but more than 250,000 are in the United States.
CryptoWall has encrypted 5.25 billion files. To retrieve their files, victims generally pay ransoms ranging from $200 to $2,000 apiece, but one unfortunate person paid $10,000. Over the course of six months, the CryptoWall operators convinced 1,683 victims to pay up and made $1,101,900 in ransoms.
This is rather a small haul when compared to CryptoLocker, which made $27 million in its first two months. Researchers have a few theories as to why CryptoWall is less profitable.
For one thing, it does not provide enough payment options. CryptoLocker accepted bitcoins and MoneyPak, but CryptoWall takes only bitcoins, so its more difficult for victims to hand over the dough.
CryptoWall may have the price point wrong. It asks for a higher average price from each individual than CryptoLocker did. Also, CryptoWall isnt as well connected as CryptoLocker, which had access to the GameOver ZeuS gangs cashout and laundering services.
It is also not as technologically sophisticated. Before it can encrypt any files on or mapped to the machine its infected, CryptoWall must call back to its command-and-control server to retrieve a RSA public key. Therefore, blocking that initial communication with the C2 server will prevent the ransomware from ever holding anything for ransom -- and this C2 system is unremarkable, according to SecureWorks.
Unlike other prevalent malware families, CryptoWall does not use advanced techniques such as domain generation algorithms or fast-flux DNS, the report said. Nevertheless, while neither the malware nor infrastructure of CryptoWall is as sophisticated as that of CryptoLocker, the threat actors have demonstrated both longevity and proficiency in distribution.
CryptoWall has used the Cutwail botnet to spread through malicious email attachments and malicious download links -- sometimes to the Upatre downloader and other times to legitimiate cloud hosting providers like DropBox and MediaFire. Its also spread through the Angler, RIG, and Infinity exploit kits.
Researchers have seen similarities between CryptoWall and the Tobfy ransomware family. This suggests that the threat actors for both are the same or are related.
The threat actors behind this malware have several years of successful cybercrime experience and have demonstrated a diversity of distribution methods, the report said. As a result, CTU researchers expect this threat will continue to grow.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CryptoWall More Pervasive, Less Profitable Than CryptoLocker