CryptoWall compromises 40,000 UK citizens

News by Steve Gold

Research just published claims to show that ransomware - in the shape of CryptoWall - is still generating healthy volumes of income for the cyber-criminals behind the code.

According to Dell SecureWorks, as of the start of the month, 830,000 victims worldwide were infected with CryptoWall, a 25 percent increase in infections since August 24, when there were 625,000 victims.  

Delving into the figures reveals that CryptoWall has compromised around 40,000 UK citizens' data, with 75 people having paid the ransom and generating around £37,000 ($47,250).

Interestingly, the cyber-criminals behind the ransomware appear to be taking an escalating penalty approach with their activities, with requested ransoms of between £125 and £1,250 being requested - the larger ransoms, says Dell SecureWorks, are typically reserved for victims who do not pay within a period of four to seven days. In one instance, Dell SecureWorks' Counter Threat Unit (CTU) found that a victim had paid £6,250 for the release of their files.

Researchers also discovered that a total of £700,000 in ransoms were paid between March and August, but with another 205,000 new victims having been caught in the net since then, the revenues involved could be substantial.

Researchers found that the UK was one of the hardest hit regions with just over 40,000 victims, although Australia had almost 20,000 victims and 66 Australians paid out ransoms, while in Japan had only 2,000 people infected with CryptoWall and no Japanese paid any ransoms.

Keith Jarvis, Dell SecureWorks' CTU security researcher - and author of the CryptoWall ransomware threat analysis - said that he and his team hate to see anyone paying the criminals to get their files unlocked.

Because of this, he added that he encourages businesses to put pro-active and protective measures in place so their computers don't get infected with this malicious ransomware.

Aggressive attack

Keith Bird, UK managing director with Check Point, said that ransomware has become one of the most aggressive types of attack being deployed by cyber-criminals, since it uses scare tactics to apply psychological pressure on the victims.

"This pressure is a key reason for its successes as those held hostage by the attacker are desperate to retain control of their files," he said, adding that, unfortunately, the more frequently ransoms are paid, the greater the incentive there is for malware creators to launch more ransomware attacks.

Mike Plambeck of the Techsonian newswire, meanwhile, says that CryptoWall has infected more than 600,000 computers in the last nine months, holding five billion files hostage and generating around £600,000 (US$ 1 million) for its creators.

"With this kind of success you can fully expect creators of virus and hacking software around the world are looking into building more programs like this one," he said, adding that Cryptowall uses identifying keys to keep track of each infection and creates an RSA public-private key for all specific infections.

The Spamfighter news, says that an Australian rolling news channel was hastily taken off from air recently after a ransomware virus was accidentally let loose in the computer systems of the company.

The Australian Broadcasting Company (ABC), says the newswire, along with many other Australian public services, has been targeted lately by coordinated phishing emails.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews