CryptoLocker Goes Spear-phishing, Infections Soar, Warns KnowBe4

Ransomware Expands Crypto-Extortion, and Fourth Separate Ransomware Strain Discovered

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInShare on PinterestEmail a friend
Crypto-variant Kovter ransomware

New Kovter Ransomware

“These methods pose a high risk for companies looking to hire as well as for individual Internet users. The cybergangs running these Crypto-variants will try any number of things to outdo each other and extort your hard earned money. -Stu Sjouwerman

Tampa Bay, FL (PRWEB) May 20, 2014

CryptoLocker is ratcheting up attack levels, according to new reports issued by KnowBe4, a Tampa Bay, FL- based IT security company. The latest infections are caused by spear-phishing attacks sent to companies that have job postings at Craigs List. The bad guys look for job postings, and email resumes carrying the Cryptolocker malware as a payload. The moment anyone opens these resumes, the ransomware kicks in and downtime due to hijacked files is the result. People involved with hiring are very often the people with the most access; the owner, CEO, HR or department heads.

On the heels of CryptoLocker comes Kovter, a new strain of ransomware which is doubling in size. Researchers at Damballa Threat Research, an Atlanta-based security firm wrote on their blog that the number of Kovter infections doubled over the last month from 7,000 to 15,000. Kovter ransomware uses the worst kind of shock to make people pay, in the form of first displaying child pornography and copying it to the victim's drive before encrypting their system and holding it hostage.

According to Stu Sjouwerman, CEO of KnowBe4, “These methods pose a high risk for companies looking to hire as well as for individual Internet users. The cybergangs running these Crypto-variants will try any number of things to outdo each other and extort your hard earned money. Since the weakest point in any security model is the person who touches the keyboard, it is vital to educate users what to look for. Stepping them through effective Security Awareness Training will make them think twice before
clicking on a link, or open a possibly infected attachment.”

The online IT community Spiceworks and their forums are full of horror stories of companies getting hit with CryptoLocker and CryptoDefense. One thread that is highly popular has the title: "We fought a cryptovirus (and the virus won)." The discussion goes on for many pages and indicates the high level of worry about this new wave of ransomware.

According to Sjouwerman (pronounced “shower-man”), “Working backups are essential. How much of a danger these ransomware strains present largely depends on how you have organized your backups. Mitigating the many "crypto" infections can take a few hours to a few days, and can vary from an annoyance to significant losses.”

The United States Computer Emergency Readiness Team (US-CERT) has posted warnings about Cryptolocker and lists steps for prevention: http://www.us-cert.gov/ncas/alerts/TA13-309A

For more information, visit http://www.KnowBe4.com
About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4,
LLC, which provides web-based Security Awareness Training (employee security
education and behavior management) to small and medium-sized enterprises. A
data security expert with more than 30 years in the IT industry, Sjouwerman was the
co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware
software company that he and his partner sold to GFI Software in 2010. Realizing that
the human element of security was being seriously neglected, Sjouwerman decided
to help entrepreneurs tackle cybercrime tactics through advanced security awareness
training. KnowBe4 services hundreds of customers in a variety of industries, including
highly-regulated fields such as healthcare, finance and insurance and is experiencing
explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four
books, with his latest being Cyberheist: The Biggest Financial Threat Facing American
Businesses.


Contact

Attachments

CryptoLocker spearphish can be a zip file attachment Beware resume zip files

CryptoLocker spear-phishing attempt