Inside the Briefcase

Ironclad SaaS Security for Cloud-Forward Enterprises

Ironclad SaaS Security for Cloud-Forward Enterprises

The 2015 Anthem data breach was the result of...

The Key Benefits of Using Social Media for Business

The Key Benefits of Using Social Media for Business

Worldwide, there are more than 2.6 billion social media...

Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL

Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL

Register with code GARTITB and save $350 off the...

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

8,434 adults were surveyed to gauge consumer awareness of...

FICO Scales with Oracle Cloud

FICO Scales with Oracle Cloud

Doug Clare, Vice President at FICO, describes how Oracle...

KnowBe4 Issues CryptoDefense Warning – Ransomware is Worse than CryptoLocker

April 3, 2014 No Comments

SOURCE: KnowBe4

Tampa Bay – April 3, 2014  KnowBe4 CEO Stu Sjouwerman issued an alert today warning  computer users of a new but very nasty ransomware named CryptoDefense. A copycat  competitor to CryptoLocker, CryptoDefense was released in late February, 2014 and is much worse than the original. The ransomware targets text, picture, video, PDF and MS Office files and encrypts these with a strong RSA-2048 key which is hard to undo. It also wipes out Shadow Copies which are used by many backup programs.

The potential for damage is vast, generating tens of thousands per month, according to reports from Symantec. If an end-user opens the infected attachment, the ransomware encrypts its target files, and the criminals charge $500 in Bitcoin to decrypt the files. If their four-day deadline passes by, the amount goes up to $1,000. After a month, the keys are destroyed.

“There is furious competition between cybergangs,” said Sjouwerman (pronounced ‘shower-man’). “They did their test-marketing in countries like the UK, Canada and Australia and are now targeting the US.”  Sjouwerman further stated, “CryptoDefense doesn’t seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang.”

It appears that this infection initially was installed through programs that pretend to be flash updates or video players required to view an online video. Then it moved on to a variety of different phishing attacks that show an email with a zip file directing to “open the attached document” that was supposed to have been “scanned and sent to you”.

According to Sjouwerman, “It is obvious that this is a social engineering ploy and that effective security awareness training will prevent someone from opening these infected attachments when they make it through the filters (which they regularly do). Training your end-users to prevent fires like this is a must these days. Once infected, the only way to fix this relatively fast is to make sure you have a recent backup of the files which actually can be restored. Even then, it can take several hours to restore the data.”

Recent ransomware infections were users opening an attachment with a “voice mail message” from AT&T, but there are variants from other Telco companies. Users then admit to opening the attachment but saying it did nothing, however they could not open their files afterward.

This new CryptoDefense ransomware Malware has bugs too, and Symantec researchers stated : “Due to the attackers poor implementation of the cryptographic functionality they have, quite literally, left their hostages a key to escape”. But by the time you read this, that bug has probably (and unfortunately) been fixed.

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

 

SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner