Crypto-ransomware is quickly becoming cybercrooks’ favorite tool to extort money from computer users.
Some victims, like the police department of Durham, New Hampshire, explicitly and unequivocally stated that they won’t be paying the ransom even though a considerable number of its computers have been affected by Cryptowall ransomware. They have decided to rely on their backups to restore all the files that have been encrypted by the malware.
But others are paying – and the pay-off for the crooks is considerable. PhishMe’s Ronnie Tokazowski did some research and some calculations and has come to the conclusion that the Cryptowall attackers have earned roughly $62,000 so far, just through one specific spam campaign.
By analyzing the malware that is delivered via phishing emails containing a malicious Dropbox link, and the “personal” TOR links victims are required to visit to receive instructions on how to save their files, he calculated the number of potentially infected hosts: 348,610.
“Keep in mind this number will include researchers, malware analysts, sandboxes, and infected users, and a few non-existent numbers scattered in between. Assuming half of this are sandboxes and researchers, half of 348,637 is still a very large number,” he commented.
Victims are instructed to pay the ransom in bitcoins to three different bitcoin addresses, and their current total balance is around 95 bitcoins (currently around $62,000).
Around the same time, Cisco researchers have revealed that the recently created RIG exploit kit has been used to distribute Cryptowall. Victims were redirected to website hosting the exploit kit via malicious ads served on legitimate and popular websites such as Facebook and The Guardian.
If the victims used a vulnerable Java, Silverlight or Flash version, they were saddled with the ransomware.
“When it comes to dealing with ransomware the best advice is to be proactive: maintain regular and full backups incase the worst should happen,” the researchers advise. “But it bears remembering that however malicious the payload an EK happens to be armed with, it is still only as good as its exploits. Regularly updated and patched machines which do not have rich media platforms such as Flash and Silverlight enabled remain relatively immune from these kinds of attacks.”
Recently released results of a research into how many UK users have actually paid the ransom requested by Cryptolocker and other ransomware have revealed that 35 percent of ransomware targets end up paying.