CryptoWall Ransomware Infects 600k PCs: Report

Brandon Dimmel's picture

A new form of ransomware has reportedly infected more than half a million computers in the past six months, making its creators an estimated $1 million. Ransomware is a type of malicious software (or "malware") that takes control of a computer system and then holds it for ransom. In many cases, if victims do not pay the ransom, the data on the computer is encrypted and rendered unusable.

The ransomware program in question is known as CryptoWall. According to Dell SecureWorks' Counter Threat Unit (CTU), CryptoWall has been spreading rapidly since late last year. In fact, in just the past five months it's estimated that roughly 600,000 computer systems have been infected by CryptoWall.

More Than Five Billion Files Encrypted by CryptoWall

"Between mid-March and August 24, 2014, nearly 625,000 systems were infected with CryptoWall," the CTU team recently noted. "In that same timeframe, CryptoWall encrypted more than 5.25 billion files." (Source: secureworks.com)

Security experts say that CryptoWall infections usually take place when a victim unknowlingly clicks on a malicious link in or opens an infected file attached to an email. However, there have also been reports of CryptoWall infections taking place through drive-by-download attacks using websites infected using exploit kits.

The CTU research team says that, once an infection has taken place, CryptoWall demands victims pay a ransom in order to recover control of their systems, including important files and folders. To do this, victims must pay the ransom in Bitcoins, a form of currency that's difficult for law enforcement officials to track. The CTU team says that most ransom payments have been in the $500 range, with the highest payment being about $10,000.

Of course, few of the victims targeted have been willing to pay up. Nevertheless, the cybercrooks behind CryptoWall have been able to make an impressive profit using the scheme. "Of nearly 625,000 infections, 1,683 victims (0.27%) paid the ransom, for a total take of $1,101,900 over the course of six months," the CTU team said.

Nearly Half of All CryptoWall Victims Based in U.S.

Just under half (40.6 per cent) of the recent CryptoWall infections have taken place in the United States. Surprisingly, Vietnam is the second-most targeted country, with over 66,500 computers infected there. Britain, Canada, and India round out the top five most-targeted nations. (Source: pcworld.com)

What's Your Opinion?

Have you ever encountered a ransomware scheme? Did you pay the ransom or not, and what was the result? What kind of punishment do you think cybercriminals should face if they're convicted of carrying out this kind of scheme?

Rate this article: 
Average: 4.3 (6 votes)

Comments

stekcapofni's picture

Yes, one of the PCs at our office was hit with ransomware. No we did not pay the ransom. Luckily we were able to remove it without having to resort to backups. Good virus detection is the best front line defense. But backups is your best last line of defense.

What should be done to cybercriminals? They should not be given the money they seek. And they certainly should not receive any fanfare. They should be treated the same as any bank robber. In fact make that any armed bank robber. By the time their software has taken control of a PC, the victim is already suffering a loss. The victim must spend time and money to eradicate the ransomware. If the ransomware has spread through an office the time and money to eradicate the problem can be significant. You can call this a "cyber" crime if you wish. Ransomware is extortion. Because a hacker uses electronic trickery does not change the fact that this is extortion.

A cybercriminal's actions are no different than any other low-life thieving scumbag. Even though an armed robber hides behind a gun and a mask, at lease they have the guts to confront their victims face-to-face.

When a cybercriminal is caught, they should be locked up without access to any electronic devices. They should not be allowed access to any source of information that will allow them to continue to hone their cyber skills. They should also receive a monetary punishment large enough to deter future activities.