Sunday , November 24, 2024

They May Be Extortionists, But Ransomware Developers Are Alert to Victims’ Struggles

Some cybercrooks are nothing if not accommodating. A new version of the so-called ransomware called CyberWall, for example, has made it easier for victims to make payments and get their data back.

CyberWall 3.0, released early this week, includes new gateways for reaching the decryption site. The ransom note file also features detailed instructions on how to reach the payment site, and file names have been made easier to read. Also, the deadline to pay up has been extended by two days to a full week. That’s according to KnowBe4 LLC, a Clearwater, Fla.-based firm that specializes in security-awareness training.

In a perverse kind of way, the party behind CryptoWall is responding to its victims’ travails. “Believe it or not, a lot of these guys have tech support,” says a KnowBe4 spokesperson.

Of course, the new version also responds to the cybercrooks’ interest in getting paid quickly and efficiently. “Ironically, as cybercriminals get more sophisticated, so do their efforts to improve their extortion methods,” said Stu Sjouwerman, KnowBe4’s chief executive, in a statement. “While a hard-working criminal is an oxymoron, CryptoWall 3.0 shows they are working diligently to make the ransom payment and decryption process easier.”

Ransomware can be distributed in a number of ways, including phishing attacks and through infected email and malicious pdf files. After infecting a server, the malware encrypts data kept on it, triggering a demand for money to have the data decrypted.

Typically, the demand will include a so-called countdown clock that winds down the days stipulated by the cybercrooks. If not paid in time, the ransom doubles, If still not paid, the data simply disappears.

A number of factors can complicate payment of the ransom, besides the defects the new CryptoWall version “fixes.” One of these is that the malware often demands Bitcoin, which can be time-consuming to obtain.

With ransomware having infected more than 700,000 data sites so far, according to KnowBe4, it has become a growing headache for corporate IT managers. North America is a popular target for the cybercrooks who develop the malicious code, accounting for about three quarters of the incidents.

CryptoWall is “the most rampant” of a number of variants, the KnowBe4 spokesperson says, having succeeded an earlier version called CryptoLocker. That version was finally taken down by the Federal Bureau of Investigation and other law-enforcement officials after a long investigation.

To combat ransomware, Sjouwerman advises IT managers to run frequent backups and to test the backups to guard against backup failures. Still, the crooks may have the upper hand. “Without a working backup, your options are really pay the ransom or lose your data,” Sjouwerman said. “Even with a backup, it may be cheaper to pay the ransom.”

Check Also

Flywire Teams With Blackbaud to Enable Cross Border Tuition Payments in the U.S.

Flywire Corp., a specialist in payments for higher education, has partnered with Blackbaud Inc., a …

Digital Transactions