First-of-its-kind Collaborative Effort Showcases the Power of Threat Information Sharing to Make the Internet Safer
Fortinet, Intel Security (NASDAQ: INTC), Palo Alto Networks (NYSE: PANW) and Symantec Corp. (NASDAQ: SYMC), co-founders of the Cyber Threat Alliance (CTA), announced the publication of research examining the evolution and global impact of the aggressive CryptoWall ransomware.
“Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat,” is the first published report using combined threat research and intelligence from the founding and contributing members of the CTA. This whitepaper provides organizations worldwide valuable insight into the attack lifecycle of this lucrative ransomware family, which is associated with over US$325 million in revenue for the malicious actors behind it, as well as recommendations for prevention and mitigation. The CTA further discovered:
-
The $325 million in revenue that went to the attackers included ransoms paid by victims to decrypt and access their files.
-
406,887 attempted CryptoWall infections.
-
4,046 malware samples.
-
839 command and control URLs for servers used by cybercriminals to send commands and receive data.
-
The hundreds of millions in damages spans hundreds of thousands of victims across the globe. North America was a particular target for most campaigns.
All of the key findings and intelligence in the report are based on the collective visibility the members of the CTA have into the CryptoWall v3 threat; potential impact may extend beyond this view.
QUOTES
· “The explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks. Managing this risk is a shared responsibility. We need to step forward, and not wait for the adversary to make the move first. This research demonstrates the power of the CTA partnership; when we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organizations.”
– Derek Manky, global security strategist, Fortinet
· “When we joined the Cyber Threat Alliance, we dedicated ourselves to working closely with our partners in industry and law enforcement to detect and disrupt cybercrime campaigns. This research demonstrates an ability to leverage our collective threat expertise and intelligence to provide enhanced protection for customers, and help us more effectively collaborate with law enforcement in order to disrupt criminal ecosystems and ultimately help bring more cybercriminals to justice.”
– Vincent Weafer, vice president, McAfee Labs, Intel Security
· “This type of collaborative research by security vendors reflects the power of effective threat information sharing and the positive effect it can have on helping maintain trust in our digital world. As a founding CTA member, we are committed to the idea that this new way of working together – of combining intelligence on a common adversary and sharing cyberthreat information as a public good – is to the benefit of all organizations in the battle against cybercrime.”
– Rick Howard, chief security officer, Palo Alto Networks
· “Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage. By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually.”
– Joe Chen, vice president of engineering, Symantec
RECOMMENDATIONS
The report also highlights key recommendations by the CTA to aid users and organizations in not falling victim to CryptoWall v3 and other forms of advanced malware:
-
Ensure that your operating systems, applications and firmware are updated with the latest versions of the software.
-
Understand typical phishing techniques and how to thwart them, such as by not opening email from unknown email addresses or attachments of certain file types.
-
Keep web browsers updated, and turn on settings to disable browser plugins, such as Java, Flash and Silverlight, preventing them from running automatically.
-
Review access and security policies within corporate networks to limit access to critical infrastructure from systems and users who don’t need it.