ALERT: New Massive Wave of CryptoLocker Ransomware Infections

Those people who have been thinking there's too much talk about ransomware, and that the actual threat is overblown in the minds of security officers, may have to re-think their position, after the latest statistics released show a huge increase in ransomware attacks in the first two months of this year. Surprisingly, the sudden burst in numbers is largely attributed to the resurgence of a strain of ransomware thought to have been retired and long inactive - CryptoLocker.

Old Program, New Threat

The brain child of Russian mastermind Evgeniy Bogachev, CryptoLocker first appeared in 2013 and immediately spawned hundreds of copycat versions that rampaged throughout Europe and the U.S., extorting untold millions of dollars from unfortunate victims. In January of 2017, BleepingComputer blogger Larry Abrams identified the comeback of this grandfather ransomware program, noting its other aliases as well, Teerac and TorrentLocker.

Using information obtained from the ID-Ransomware website, his article announced that the occurrences of CryptoLocker attacks had risen from just a handful per day in the last half of 2016, to 100 per day early in this year, and now the number has blossomed out to be more than 400 per day. Other available information from Microsoft's Malware Protection Center confirmed the massive increase in attacks, and alerted users to the model still used by CryptoLocker with obvious success.

Be Proactive, Test Your Defense Today

The CryptoLocker Model

Official-looking emails are broadcast to a target audience, and because they include the apparent legitimacy of digital signatures, they are frequently opened and read by unsuspecting victims, who are encouraged to then open the attached HTML file. The HTML file contains a .JS file, which in turn pulls another .JS file from a server, and that file runs the original .JS file, which has been waiting in memory - and presto! CryptoLocker gets installed on the machine, and eventually enters the victim's network.

Global Ransomware Attacks

While the majority of 2017 attacks have centered on targets in the U.S., other countries have been hit as well, notably Germany, Italy, and some other countries in Europe. That pattern follows a trend which was in effect throughout last year, when the U.S. sustained the largest number of ransomware encounters, with a whopping total of more than 460,000 for the year. That total represented 15% of the entire number of ransomware attacks encountered all around the world for 2016, so it's safe to say that America was a big target for ransomware cybercriminals.

Italy registered 250,000 ransomware encounters for the past year, while Russian computers sustained 192,000 hits from ransomware attackers, and trailing those countries with more than 100,000 attacks each were Germany, Korea, Spain, Australia, and France.

Renewed Vigilance Is Called For

The statistics from last year as well as this potent new CryptoLocker threat early in 2017 make it clear that everyone in the business world needs to be even more vigilant than before. Cyberattackers are certainly not resting in their efforts to extort money from victims with their ransomware programs, and phishing attempts are even on the increase, as a means of duping employees into making a mistake which will compromise company security. Clearly, all the conversation about ransomware and cyberattacks is not an overstatement, and it should instead inspire an extra measure of vigilance and care in all concerned.

Preventing Ransomware Attacks

Which user is the weak link in your organization who will cause your network to be infected with ransomware? We can help you find out, in a way that's both fun and interesting: try our new Malware Attack Simulation (MAS). It has many terrific new features, and it can be used to send simulated phishing emails to your employees, to help train them and alert them to the fact that it's really themselves who are your last line of defense.

We think you'll be surprised at the high percentage of users who turn out to be vulnerable to phishing attempts, and this should give you plenty of fuel to take to management when you're trying to get budget for your security system requirements.

Where To Start

Start phishing your users now. There is no cost. Contact us today, and find out about the level of exposure your company has to malware - so you can start fighting back against cybercriminals!

Be Proactive, Test Your Defense Today

Leave a comment!

You must be logged in to post a comment.