Lone wolves could be behind multi-million dollar Cryptowall ransomware racket A single group could be behind the monstrous Cryptowall 3.0 ransomware, widely considered to be one of the most menacing threats to end users that has fleeced victims of millions of dollars. Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the …
afaik you follow the blockchain. This'll tell you *where* a particular bitcoin has been, but of course not who owns the wallets. It's not unlike following the serial number of a bank note, if you could reliably track it as it passes from hand to hand.
Of course , with bitcoin it's a lot easier to do things like the many-hands shuffle, intermediate laundering, crossing streams, and all the other tricks that for cash would require a handy army of accomplices.
No.
If it were that straight-forward we wouldn't be hearing about it.
A quick trawl found this site which has some information about the attack.
http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/
Backup your important files onto a couple of types of media - DVDs and USB flash drives and assume that at some point, when you get attacked, your backups will also hold your files in encrypted form, hence something like DVDs that are written once and then left alone.
Oh and moving to Linux would also be a good idea.
:-)
"Oh and moving to Linux would also be a good idea."
If that happened in any significant numbers then they would simply target Linux instead.
There are after all historically lots more holes to chose from in an average Linux distribution compared to a current Windows version. For instance, just look at the on-going malware fest on Android - popular and Linux based.
It still amazes me that anyone would pay to have their files "recovered" without any guarantee that the system works (which in some cases it does not/fails in the middle, see the forums).
This should be used as a standard test to see if someone is smart enough to work in IT, if they pay the ransom then they should be working elsewhere.
If you have no backup of the data - you have no choice - your business goes down the toilet.
£20K worth of business or £500 ransom, you decide.
This particular attack disproportionately hits small businesses the worst, probably because they are the most likely to be vulnerable. It also charges a very specific sum - large enough to make lotsa money, but small enough that it isn't worth Interpol chasing them down.
Large corporates have the technical skill to segregate the network traffic and restore from backup while cleaning back up the line.
Small businesses generally have one guy who knows how to reboot the router, and a sales contact for more hard disk space. Since this thing knows to traverse network drive mappings, it encrypts all the usual backups as well as what is on the system.
We got hit twice with cryptowall this year. After the initial incident response, we just restored backups - voila.
The reason these things exist is because people pay - if you don't have backups and your business depends on the data that just got locked up - then maybe you should pay, but this should be a last resort.
I work for a large educational institution, and we've been hit so many times (in the low teens) that the recovery process is pretty smooth now.
The vector is malvertising for all the cases we've seen - the users visit mostly normal sites and a video advert attacks through a vulnerable version of Flash. Notably, properly managed desktops have not been hit - it's all unmanaged systems someone in a department has attached to the network.
We disconnect the network shares, or make read-only if possible. User desktops are re-imaged while the share is restored and scanned, then access is restored.
We have no intention of paying these scum, but we have the luxury of large IT teams and good backups.
read the most helpful customer reviews. basically, when it comes to wolves, three is always better than one
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
