KnowBe4 Warns of Onslaught of New Ransomware Strains

SOURCE: KnowBe4

In a worrying trend, cybercriminals have launched another ransomware attack wave with several new malicious strains hitting both businesses and consumers alike. A new strain of CryptoWall has hit end users with phishing emails containing malicious .chm attachments (the extension used for help files) infecting networks with the most sophisticated ransomware to date. A newly discovered strain called CryptoFortress was discovered last week that has the look of TorrentLocker but is able to encrypt files over network shares even if they are not mapped to a drive letter. Law firm Ziprick and Cramer LLP of California began notifying clients on February 27th of a ransomware attack by a new “CryptoLocker-like” variant that infected one workstation and was spread to their server.

It doesn’t end there. Another new ransomware called TeslaCrypt attempts to cash in on the $81 billion gamer market by placing a strong emphasis on encrypting video game related files. Unlike other ransomware that typically target images, documents, videos, and application databases, TeslaCrypt also targets over 40 different video game related files such as RPG Maker, Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, and Steam.

Stu Sjouwerman, CEO of KnowBe4 stated; “These new capabilities of cryptoware change the threat landscape for all server and network administrators and it is even more important than ever to properly secure your shared folders with strong permissions. Between increasingly sophisticated phishing emails and exploit kits on compromised websites, users need to be trained to recognize threats with effective security awareness training. System administrators should also patch workstations religiously and tighten up proxy/firewall rules.”

CryptoWall 3.0 is the most recent version of CryptoLocker and hides its malicious payload as an attachment. The latest wrinkle is that the fake “incoming fax report” email looks to the user to come from a machine in their own domain. Discovered by BitDefender in late February 2015 with global targets, this version encrypts the files of all mapped drives and demands a $500 ransom in Bitcoin. Cybercriminals use .chm files to automatically execute malware once the file is accessed.

CryptoFortress includes the new and nasty feature of being able to encrypt files over network shares even if they are not mapped to a drive letter. Normally when ransomware encrypts data it does so by retrieving a list of drive letters on a computer and then encrypting any data on them. Therefore any network shares on the same network would be safe as long as they were not mapped to a drive letter. Unfortunately this all changes with CryptoFortress as this ransomware will also attempt to enumerate all open network Server Message Block (SMB) shares and encrypt any that are found.

Sjouwerman advised, “Security Awareness Training is really needed for every employee in any organization. Since employees often access their own personal email over company networks or surf the web over lunch, it is essential to put in place a more effective human firewall and protect your company assets.”

For more information or to get a free phishing test to see how “phish-prone” your employees are, visit www.knowbe4.com

Additional links:

CryptoFortress: http://blog.knowbe4.com/new-ransomware-cryptofortress-encrypts-unmapped-network-shares

Ziprick & Cramer: https://oag.ca.gov/system/files/LT%20Clients%20Sample%20w%20How%20To_1.pdf

TeslaCrypt: http://www.bleepingcomputer.com/forums/t/568525/new-teslacrypt-ransomware-sets-its-scope-on-video-gamers/

Security Awareness Training: http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.