Ransomware Expands Crypto-Extortion from Adult Sites to HR Departments
May 20, 2014, Tampa Bay, FL — CryptoLocker is ratcheting up attack levels, according to new reports issued by KnowBe4, a Tampa Bay based security company. The latest infections are caused by emails sent to companies that have job postings on Craigslist. The bad guys look for job postings and send resumes carrying the CryptoLocker malware as a payload. The moment anyone opens these resumes, the ransomware kicks in and downtime is the result. People involved with hiring are very often the people with the most access: the owner, CEO, HR or department heads.
On the heels of CryptoLocker comes Kovter, a new strain of ransomware that targets visitors of adult porn sites. This malware scans your browser history and displays this content while locking your computer as “evidence.” If it doesn’t find any, it will invent it by redirecting your browser to a random adult site, log the history and display its content. Its prevalence has doubled in the past month, according to reports by threat researchers at Damballa, an Atlanta-based security firm.
According to Stu Sjowerman, CEO of KnowBe4, “these methods pose a high risk to companies looking to hire along with individual users. The cyber gangs running these Crypto-variants will try any number of things to outdo each other and take your hard-earned money. Since the weakest point in any security model is the person who touches the keyboard, it is vital to educate users [about] what to look for, and stepping them through security awareness training will make them think twice before clicking on a link.”
The online IT community Spiceworks and their forums are full of horror stories of companies getting hit with CryptoLocker and CryptoDefense malware. One thread that is incredibly popular has the title “We fought a cryptovirus (and the virus won).” The discussion goes on for many pages and indicates the level of worry about this new wave of ransomware.
According to Sjouwerman, “working backups are essential. How much of a danger these present can largely depend on how you have organized your backups. Mitigating the many ‘crypto’ infections can take a few hours to a few days, and can vary from an annoyance to significant losses.”
The United States Computer Emergency Readiness Team (US-CERT) has posted warnings about CryptoLocker, include steps for prevention: http://www.us-cert.gov/ncas/alerts/TA13-309A
For more information, visit www.KnowBe4.com