Cryptowall 3.0 is the most successful ransomware of all time, a new report by security firm Imperva says. Ransomware is a type of malware which, once active on a device, encrypts all the data and demands payment from the victim, typically through Bitcoin.
In its report on the dangers of ransomware, and the impotent attitude of the FBI, which usually advises victims to pay the ransom, Imperva says Cryptowall 3.0 has caused $325 million (£225.7m) in damages so far.
Commenting on the news, Jonathan Sander, VP of product strategy at security firm Lieberman Software says it’s not that the police isn’t doing anything — it’s that they can’t do much in the first place:
“It’s not that local law enforcement doesn’t want to help with Cryptowall, they can’t. A friend works with cybercrime efforts of local police here in the States, and recently told me that since Cryptowall most often crosses international boundaries there’s not much the police can do. They know this already. So when they are told about it they mostly give condolences and move on to investigations where they can have an impact”.
Sander also said Cryptowall is easily avoided with a good backup policy: “The other problem is that reporting Cryptowall issues to more savvy law enforcement sounds like reporting your bike was stolen when you didn’t bother to lock it up. Since a good back up strategy can be almost 100 percent effective to combat Cryptowall, police may simply feel the real crime was your own lack of preventative measures”.
Even though the advice to back up a computer sounds simple, many companies don’t do it. Sander compares it to the health and fitness advice we hear all the time.
“So much good security advice sounds like health advice. Everyone knows they should eat right and exercise, but so many simply shrug at this advice as they return to chips in front of the television. Every organization knows they need to back up, monitor file activity, protect admin privileges, and run basic perimeter defenses like antivirus and firewalls. Since none of that security seems to contribute to the bottom line and takes a modicum of effort, people’s laziness kicks in and they skip the basics”.