While there are many types of malware, including viruses, worms, Trojans, Spyware, Adware, and others, ransomware has gained the most notoriety over the last few years in part due to the popularity of crypto currency such as Bitcoin, as well its brazen ability to grind productivity to a complete halt.
Simply put, ransomware is a considerable revenue generator. For example, CryptoWall v3 reported $325 million in global profit alone. Furthermore, the FBI claims that in just the first three months of 2016 ransomware cost victims in the United States a whopping $209M. At its current pace, this criminal malware could easily generate $1 billion or more for the criminal syndicates using it by the end of 2016.
Given these numbers, it’s not surprising that ransomware appeals to a broader set of cybercriminal organizations looking for massive financial gains that can be realized with complete anonymity. Recent developments of Malware-as-a-Service, which have traditionally included phishing as a service (PHaaS), have expanded to the leasing of compromised servers. Recent developments of Ransomware-as-a-Service (RaaS) have now made malware distribution and ransom collection even easier than before. Which helps show why $1 billion doesn’t seem so far-fetched any more.
So far in 2016 we have seen a variety of new or improved ransomware variants gaining increasing notoriety, including CryptXXX, Locky, Fsociety Locker, Cerber and CryptoWall. This trend is unlikely slow down due to its lucrative nature, and only serves to benefit those cybercriminal organizations with the flexibility and patience required for a long term cybercampaign. Unfortunately, there are very few in-depth threat exposéz into the trends, prevalence, and characteristics of these ransomware on a global basis.
In another interesting trend, we are now seeing that cybercriminals motivated by the same financial goal tend to band together to increase their rate of success. Therefore, it is imperative for security vendors to do the same. Case in point, the challenge of providing comprehensive coverage and analysis of malware having a global impact is that it requires massive amounts of intelligence and human resources to analyze the sheer volume of data. To overcome this immense hurdle, the cofounding members of the security industry’s first security cooperative, the Cyber Threat Alliance - Fortinet, Intel Security, Palo Alto Networks, and Symantec - pooled their threat intelligence and collaborated on research efforts to protect their customers and open community against these threats. They delivered on that promise by publishing the CryptoWall version 3 Threat Report, and have just now announced a follow-up report on CryptoWall’s latest variant, CryptoWall version 4.
Here are a few key highlights from the report on this fourth variant of CryptoWall:
• US$18 million ransomed
• 7,194,840 attempted infections
• 36,118 confirmed victims
• 15 campaign code identifiers
To read the full CryptoWall version 4 Threat Report, click here
Be proactive. Follow these three steps to secure against ransomware attacks:
- Continue to refine and build a resilient security architecture that ensures every security element works cooperatively, and can act as a single entity when responding to real-time cyberthreats. Fortinet recommends its Security Fabric architecture to meet tomorrow’s cyberthreats.
- Protect against unknown malware and exploits by deploying Advanced Threat Protection, such as FortiSandbox, to complement your existing security posture.
- Stay on top of the latest threats, including ransomware. Fortinet researchers provide insight to the latest trend of cyber threats in a weekly FortiGuard newsletter