Ransomware Operation Racked Up $325M in Damages, Security Firms Say
A group of security firms known as the Cyber Threat Alliance analyzed CryptoWall, finding that it has caused at least $325 million in damages to hundreds of thousands of victims.The latest version of the CryptoWall ransomware program has raked in more than $325 million for the group behind the criminal operation, researchers from Cyber Threat Alliance stated in a report released on Oct. 29. The Cyber Threat Alliance (CTA), a group of security companies that have pledged to share threat data with each other, combined a variety of information from its members to identify more than 4,000 malware samples, 800 command-and-control sites and 400,000 attempted infections. The 90-day research effort identified 49 different CryptoWall campaigns that likely caused at least $325 million in damages, according to the companies. The operation used advanced malware, a complex command-and-control infrastructure and multiple layers of Bitcoin wallets to hide from researchers and law enforcement, Derek Manky, global security strategist for network security firm Fortinet, told eWEEK. Fortinet is a founding member of the CTA. "Clearly they are going through a lot of obfuscation layers," he said. "There are at least four or five layers of Bitcoin wallets; it has to go through all of them before it spits out to the final wallet."
While CryptoWall is not a new attack, the research builds the most complete picture of the criminal campaign to date. Researchers first discovered the CrytoWall ransomware program in June 2014. The group behind the malware has regularly updated the codebase and released version 3 in January 2015. The CTA report analyzes the infrastructure behind that version of the criminal operation.