back to article Lone wolves could be behind multi-million dollar Cryptowall ransomware racket

A single group could be behind the monstrous Cryptowall 3.0 ransomware, widely considered to be one of the most menacing threats to end users that has fleeced victims of millions of dollars. Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the …

  1. Your alien overlord - fear me

    How do you track Bitcoins transactions? The whole point is anonimity. Not that I have to cover any tracks, just out of scientific curiousity.

    1. Grikath

      afaik you follow the blockchain. This'll tell you *where* a particular bitcoin has been, but of course not who owns the wallets. It's not unlike following the serial number of a bank note, if you could reliably track it as it passes from hand to hand.

      Of course , with bitcoin it's a lot easier to do things like the many-hands shuffle, intermediate laundering, crossing streams, and all the other tricks that for cash would require a handy army of accomplices.

  2. Anonymous Coward
    Anonymous Coward

    What's the vector, Victor?

    Is your average anti-virus able to deal with prevention?

    1. Paul_Murphy
      Linux

      Re: What's the vector, Victor?

      No.

      If it were that straight-forward we wouldn't be hearing about it.

      A quick trawl found this site which has some information about the attack.

      http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/

      Backup your important files onto a couple of types of media - DVDs and USB flash drives and assume that at some point, when you get attacked, your backups will also hold your files in encrypted form, hence something like DVDs that are written once and then left alone.

      Oh and moving to Linux would also be a good idea.

      :-)

      1. Anonymous Coward
        Anonymous Coward

        Re: What's the vector, Victor?

        "Oh and moving to Linux would also be a good idea."

        If that happened in any significant numbers then they would simply target Linux instead.

        There are after all historically lots more holes to chose from in an average Linux distribution compared to a current Windows version. For instance, just look at the on-going malware fest on Android - popular and Linux based.

  3. Anonymous Coward
    Anonymous Coward

    Re: What's the vector, Victor?

    It still amazes me that anyone would pay to have their files "recovered" without any guarantee that the system works (which in some cases it does not/fails in the middle, see the forums).

    This should be used as a standard test to see if someone is smart enough to work in IT, if they pay the ransom then they should be working elsewhere.

    1. Mayhem

      Re: What's the vector, Victor?

      If you have no backup of the data - you have no choice - your business goes down the toilet.

      £20K worth of business or £500 ransom, you decide.

      This particular attack disproportionately hits small businesses the worst, probably because they are the most likely to be vulnerable. It also charges a very specific sum - large enough to make lotsa money, but small enough that it isn't worth Interpol chasing them down.

      Large corporates have the technical skill to segregate the network traffic and restore from backup while cleaning back up the line.

      Small businesses generally have one guy who knows how to reboot the router, and a sales contact for more hard disk space. Since this thing knows to traverse network drive mappings, it encrypts all the usual backups as well as what is on the system.

      1. Alan Brown Silver badge

        Re: What's the vector, Victor?

        "If you have no backup of the data"

        Then you probably deserve to go down the toilet.

  4. Anonymous Coward
    Anonymous Coward

    Just pay up? how idiotic.

    We got hit twice with cryptowall this year. After the initial incident response, we just restored backups - voila.

    The reason these things exist is because people pay - if you don't have backups and your business depends on the data that just got locked up - then maybe you should pay, but this should be a last resort.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just pay up? how idiotic.

      Without breaking your anonymous coward cover, can you tell us how you got it in the first place?

  5. Anonymous Coward
    Anonymous Coward

    Don't pay the ransom

    I work for a large educational institution, and we've been hit so many times (in the low teens) that the recovery process is pretty smooth now.

    The vector is malvertising for all the cases we've seen - the users visit mostly normal sites and a video advert attacks through a vulnerable version of Flash. Notably, properly managed desktops have not been hit - it's all unmanaged systems someone in a department has attached to the network.

    We disconnect the network shares, or make read-only if possible. User desktops are re-imaged while the share is restored and scanned, then access is restored.

    We have no intention of paying these scum, but we have the luxury of large IT teams and good backups.

  6. Unep Eurobats

    How many lone wolves do there have to be...

    before they're just ... wolves?

    1. emmanuel goldstein

      Re: How many lone wolves do there have to be...

      read the most helpful customer reviews. basically, when it comes to wolves, three is always better than one

  7. teknopaul Silver badge

    lone Wolf

    Every time I hear that I presume state intervention. It makes it easier when the shit hits the fan to rustle up just one 'culprit'. Who exactly was it recommending we just pay up?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019