Cyber Threat Alliance strips down and studies Cryptowall V3
Cryptowall V3 ransomware has caused an estimated $325 million in damage worldwide with more than 400,000 attempted infections, according to a research paper completed by the Cyber Threat Alliance (CTA).
The CTA, which is comprised of several companies including, Fortinet, Intel Security, Palo Alto Networks and Symantec, looked at 4,046 malware samples and 49 campaign code identifiers during a 90-day long research effort to look into the impact and build a complete profile of this type of ransomware.
“The Cyber Threat Alliance chose to focus their efforts on CryptoWall, given the prevalence of the threat, introduction of the new version, and potential impact to individuals and organizations around the world,” the CTA wrote.
One of the primary takeaways as that Cryptowall V3 is delivered through phishing campaigns 67.3 percent of the time, while exploit kits, primarily Angler, are used during 30.7 percent of the attempts. The phishing email will contain a zipped document to help avoid detection and a generic statement geared toward having the file opened.
The CTA also found that most of the phishing attempts took place shortly after version 3 of Cryptowall was introduced into the wild in January 2015. Then in April the attackers shifted tactics and began relying on exploit kits.
While the CTA considers the report results important, the organization emphasized the importance of companies banding together to fight a common foe.
“The Cyber Threat Alliance believes that research of this nature and scale is most successfully accomplished by targeted sharing and collaborative analytics of threat intelligence data from various sources and locations, both geographically and within the network security stack. No one company can see everything, but together we can ensure we cast as wide a net as possible and put together a more complete picture of the activity we are pursuing,” the group wrote.