Cryptowall Updates, New Families of Ransomware Found

The ransomware threat isn't just growing—it's expanding as well. There has been a recent surge of reports on updates for existing crypto-ransomware variants, as well as discoveries of three new ransomware families with completely new routines. This coincides with our predictions concerning this growing threat, and how it could become a bigger problem as cybercriminals update their toolboxes with new technologies (such as the use of the Deep Web).

The most recent ransomware updates:

  • Crytowall 4.0: Discovered November 5, the new update to Cryptowall gives the crypto-ransomware variant improved communication capabilities and updated code that allows it to exploit more vulnerabilities. It’s also reported that the update also includes a modified protocol that enhances its stealth capabilities.
  • Power Worm: A new variant of the Power Worm ransomware was discovered to have a flawed encrypting process, due to an error of the creator’s programming. The flaw essentially ‘throws away’ the encryption key that the cybercriminal would hold hostage for the user to pay ransom for—which means that the encrypted files are permanently encrypted and impossible to recover. Paying the ransom is out of the question, so backups are the only solution.
  • Offline Ransomware: Discovered to be targeting users in Russia as early as last year, this ransomware has the ability to perform its routines offline, without the need to connect to a C&C server. It does this by storing the RSA public key made in the encryption process in the metadata of the encrypted files. Then, when the user decides to pay up, they need to send at least one encrypted file to the attacker’s email address, so that the attacker can create a decryption program based on the public key stored in the sent file.
  • Chimera: A completely new strain of ransomware, Chimera adds blackmail to the extortion operation. Instead of just holding the user’s files hostage, it also threatens to publish them online if the ransom is not paid. However, analysis of the malware itself reveals that the malware isn’t capable of stealing anything or sending any of the encrypted files onto the cloud—which means that this is more likely to be a scare tactic.
  • Linux Webserver Ransomware: Finally, a completely new ransomware variant was discovered to be targeting websites instead of users’ hard drives. Injected into web sites via known vulnerabilities in site plugins or third-party software, this malware then infects the host machine and encrypts all the files in the “home” directories of the system. It also encrypts backup directories and most of the system folders typically associated with the website itself. Currently, the ransom costs 1 BTC, or US$420.

Ransomware may be the biggest threat the security industry is facing in today’s threat landscape. Thus we need to shore up more efforts to combat or prevent it, or else we may be looking at an arms race – not only for security vendors to protect against ransomware, but also for cybercriminals to put out more dangerous and elusive variants.

We will continue to look into these new discoveries and deliver updates on ransomware as we find them.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.