Cyber Threat Alliance ‘cracks’ Cryptowall ransomware

Corporate co-op claims it has handle on malware blamed for $325m in extorted funds

Tags: Cyber crimeFortinet IncorporationIntel Security Group ( Alto Networks ( CorporationUSA
  • E-Mail
Cyber Threat Alliance ‘cracks’ Cryptowall ransomware
By  Stephen McBride Published  November 2, 2015

The corporate co-op Cyber Threat Alliance (CTA) today released a report outlining prevention and mitigation steps for the infamous CryptoWall ransomware.

CTA was co-founded by Fortinet, Intel Security (formerly McAfee), Palo Alto Networks and Symantec, as means to pool research efforts and data on cyber-attacks.

The CryptoWall family is estimated to have netted its creators $325m, by locking down machines and demanding payment, usually through bitcoin, in return for a key that unlocks the target system.

In the course of its research, CTA identified 406,887 attempted CryptoWall infections; 4,046 malware samples; and 839 command and control URLs for servers used by perpetrators to control the ransomware. CTA also made reference to "hundreds of millions in damages [spanning] hundreds of thousands of victims across the globe".

The alliance's report also gave protection and mitigation advice for users, such as promoting awareness of phishing techniques to dissuade the opening of unsolicited emails; keeping Web browsers updated; and disabling plugins such as Java, Flash and Silverlight.

"Managing this risk is a shared responsibility," said Derek Manky, global security strategist, Fortinet. "We need to step forward, and not wait for the adversary to make the move first.  This research demonstrates the power of the CTA partnership; when we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organisations."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code