CryptoWall Surpassing Expectations: Victims Paying Up to $2000 to Get Files Back

You might have heard about the infamous ransomware CryptoLocker. It was something of a prototype for the current wave of ransomware. The premise of the malware is simple. Once it gets onto a victim computer, it starts encrypting certain file types. It then demands ransom from the victim to get the files back. Once the victim pays the ransom, the files are decrypted (for most, but not all victims). It’s worth mentioning that there’s now a number of sites that help decrypt the files for you. The CryptoLocker has been tackled and restrained earlier this year. It’s estimated that the makers of it pocketed about $3,000,000 from ransoms.

As it seems to happen, once a threat is neutralized, many more new, modified, and improved versions tend to spawn up. The CryptoLocker case is no different. Security companies have been following the evolution of a close relative of CryptoLocker, named the CryptoWall. Dell SecureNetworks Senior Researcher Keith Jarvis pointed out back in early September that CryptoWall has  two design flaws that he predicted will prevent it from being as successful as his predecessor:

  • 2048-bit RSA key encryption VS the AES encryption the CryptoLocker was using
  • Payment structure only allowing payments in Bitcoin VS Bitcoin + Money Pak by CryptoLocker

Ironically, that is far from the truth. According to yesterday’s article at Forbes.com, it’s now estimated the creators of Cryptowall are making about $25000 a day from it (victims pay between $200-2000). Also, in the past few weeks, the ransomware increased in the number of infected computers by about 25% to the current 830,000 infected globally.

INFO: In an effort to better serve you, the reader, we’ll be conducting a survey for a few days at the end of each article. This way, we’ll have a better idea of what you like to read and will try to move in that direction. Feel free to add topics that are not listed. Thank you.

The LIFARS team