Threat Management

Cryptowall has been a cash bonanza for criminals, failure for cops

A lack of action on the part of law enforcement has helped Cryptowall to become the most financially successful piece of malware in history, according to a report.

The study, published by Imperva, found that the cyber-criminal gang behind Cryptowall 3.0 managed to blackmail £227,205 in ransom from 670 victims around the world.

The figures were derived from an analysis of Bitcoin wallets alleged to be connected to the criminals. The research showed that criminals demanded different amounts depending on their location in the world. Demands ranged from £480 in the US to £350 in Russia.

The firm found that the malware went to great lengths to remain anonymous by using Google Drive to deliver the malware and TOR to hide Bitcoin transactions.

One of the reasons that Cryptowall has become successful could be down to the lack of any action by police and other law enforcement agencies to close the gang and others down.

“We have clearly demonstrated that peeling the layers behind the financial infrastructure of ransomware is achievable and such investigations could be a powerful tool if undertaken by the appropriate authorities. We believe one of the reasons ransomware is thriving is the lack of action from law enforcement agencies,” the report said.

Mark James, a security specialist at ESET, told SC Magazine UK that Cryptowall or indeed any ransomware malware poses a very real threat to many computer users because of the potential damage to files that so many still fail to backup.

“Considering this is something that is so simple to defend against, it is still so widely used and often successfully.  The fact that it will adapt for the market area it is infecting shows that the malware writers do have an understanding of how important it is to tailor the ransom,” he said.

Jonathan Sander, VP of Product Strategy at Lieberman Software, told SC that it's not that local law enforcement doesn't want to help with Cryptowall, they can't.

“A friend works with cyber-crime efforts of local police here in the states, and recently told me that since Cryptowall most often crosses international boundaries there's not much the police can do. They know this already. So when they are told about it they mostly give condolences and move on to investigations where they can have an impact.”

He added that the other problem is that reporting Cryptowall issues to more savvy law enforcement sounds like reporting your bike was stolen when you didn't bother to lock it up.

“Since a good back-up strategy can be almost 100 percent effective to combat Cryptowall, police may simply feel the real crime was your own lack of preventative measures."

Chris Boyd, malware intelligence analyst at Malwarebytes, told SC Magazine that while law enforcement may well be investigating these cases, DIY builder kits have ensured almost anybody can make a fully functional Ransomware file.

“They're having to separate the homebrew crowd from the professional organisations, and that takes time,” he said.

“Everyone should strive to have a solid backup plan in place -- one of the plus points of Cryptowall-style infections becoming mainstream news is that more people are now aware of the dangers and, at the very least, looking into possible backup solutions,” he added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.