Dual-pronged CryptoWall 3.0 ransomware twice as successful in ANZ as elsewhere

Companies in Australia and New Zealand are proving to be the world's most susceptible to the latest version of CryptoWall, security vendor Trend Micro has warned as analysis of the new ransomware strain found that victims now face having their data stolen as well as their systems locked.

Discussing their analysis of the new malware in a recent blog, Trend Micro security researchers found that CryptoWall 3.0 – which debuted in January after a two-month hiatus – appears to incorporate the FAREIT data-theft malware, using it to steal potentially valuable data from infected systems whether or not the owner pays the specified ransom.

“Perhaps people are refusing to pay the ransom or they have become more savvy in protecting their files,” the blog's authors speculate. “Regardless of the reason, the threat actors are using an 'old business model' as their back-up plan.”

“Even if the victim refuses to pay the Bitcoin ransom, the cybercriminals can still get money by stealing existing Bitcoin wallets and by selling/using any stolen information.”

Australia and New Zealand users accounted for 50.38 percent of all infections by CryptoWall to date, according to figures derived from analysis of data from the company's Smart Protection Network.

That put local infection rates at twice those of North American users, who accounted for just 24.18 percent of all CryptoWall 3.0 infections, and Europeans, at 14.27 percent. The Middle East and Africa (5.88 percent), Asia (4.53 percent) and South America (0.76 percent) were still relatively free of the malware.

Australians have long been punching well above their weight when it comes to being hit by ransomware, with more than 9000 PCs in this country hit by the successful TorrentLocker ransomware.

Judging by its success to date, the latest version of CryptoWall could be on track to set records of its own. Architectural refinements – for example, replacing the previous version's use of Tor to anonymise its command-and-control servers with hardcoded and encrypted URLs – have made it harder to block while its move to delete the target system's previous 'shadow copy' backups prevents users from restoring to a previous state.

While it is more virulent than its predecessors, the new version of CryptoWall has ironically been noted to be more user-friendly, guiding victims through the process of paying the ransom.

Ransomware has been consistently identified as a growing threat to Australia in particular, with Kaspersky Labs and WatchGuard Technologies among those warning of a looming ransomware explosion given the apparent success of CryptoLocker.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags malwaretrend microsecurity vendorsANZCSO AustraliaTorrentLockerdata-theft malwareBitcoin ransomCryptoWall 3.0FAREIT

Show Comments