Co-founders of the Cyber Threat Alliance (CTA) – Fortinet, Intel Security, Palo Alto Networks and Symantec Corp. – have announced that their research into the evolution and global impact of aggressive CryptoWall ransomware is to be published.
Titled “Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat“, it uses combined threat research and intelligence from the founding and contributing members of the CTA to provide insight to the attack lifecycle of the ransomware, and how to protect against it, to organizations across the globe. CryptoWall is associated with over US$325 million for the malicious instigators behind it, from instances such as victims paying ransom to decrypt and access files. Also discovered were 406,887 attempted infections, 4,406 malware samples, 839 command and control URLs for servers used by cybercriminals to send commands and receive data and hundreds of thousands of targets across the world.
Joe Chen, vice president of engineering at Symantec, said: “Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage. By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually.”
Provided in the report was a list of recommendations in order to protect users of technology from advanced malware, which involved the following:
- Ensuring that operating systems, applications and firmware are updated with the latest versions of the software.
- Understanding typical phishing techniques and how to thwart them, such as by not opening email from unknown email addresses or attachments of certain file types.
- Keeping web browsers updated, and turning on settings to disable browser plugins, such as Java, Flash and Silverlight, preventing them from running automatically.
- Reviewing access and security policies within corporate networks to limit access to critical infrastructure from systems and users who don’t need it.
“When we joined the Cyber Threat Alliance, we dedicated ourselves to working closely with our partners in industry and law enforcement to detect and disrupt cybercrime campaigns,”states vice president of McAfee Labs, Intel Security, Vincent Weafer. “This research demonstrates an ability to leverage our collective threat expertise and intelligence to provide enhanced protection for customers, and help us more effectively collaborate with law enforcement in order to disrupt criminal ecosystems and ultimately help bring more cybercriminals to justice.”
In addition to the report, founding CTA member CEOs will participate in a Churchill Club panel to discuss this research and how threat information sharing can help in the battle against cyberattacks. The discussion will be entitled: “Hacks and Deja vu: As the ‘Another Day, Another Hack’ Mantra Becomes Reality, is an End to Cyber Threats in Sight?”