In a little more than a year, consumers affected by the Cryptowall ransomware have reported to the FBI more than $18 million in losses related to infections from the malware.
Cryptowall is among the group of ransomware families that encrypt the files on victims’ computers and then demands a ransom in order to obtain the decryption key. The infections typically begin with either a phishing email or when the victim goes to a site hosting an exploit kit. Some of the infections rely on exploiting vulnerabilities in software on users’ machines, but just as often the malware is delivered when a user clicks on a malicious link and downloads the malware.
The Cryptowall family has gone through a number of iterations during its roughly 16-month lifespan. One of the key change the attackers behind this malware have made is the use of Tor in order to hide its command-and-control infrastructure. Other ransomware, such as Critroni, have employed the same tactic.
Ransomware typically demands that users pay ransom in Bitcoin or other electronic payment method, and the FBI said in an alert issued Tuesday that the financial effect on victims has been extensive.
“CryptoWall and its variants have been used actively to target U.S. victims since April 2014. The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000,” the alert from the FBI’s Internet Crime Complaint Center says.
“Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.”
The FBI and other law-enforcement agencies have had some notable success in disrupting ransomware operations. Last year, authorities from several countries executed a takedown of the GameOver Zeus operation, an event that also disrupted the CryptoLocker infrastructure. The GOZ Trojan often was used to distribute CryptoLocker, and the FBI and Europol were able to take down the GOZ botnet in June 2014.