On the heels of the latest version 4.0 CryptoWall ransomware, brand new crimeware called Chimera poses a triple threat of ransomware, extortion and a possible data breach. KnowBe4 encourages IT pros to train users with new school security awareness training as an essential line of defense.
(Tampa Bay, FL) November 10, 2015-- Recent reports have been blasting out news of CryptoWall 4.0 and the hundreds of millions of ill-gotten revenues generated by this type of ransomware. Now the ransomware strain known as CryptoWall has upped its game to avoid detection by antivirus and firewalls. But wait, there’s more. A new flavor of “extortionware” has surfaced, named Chimera,that combines ransomware with a threat to publish your files on the internet if they are not paid the ransom. The report of Chimera appeared at the German Anti-Botnet Advisory Centre.
“This nasty bit of crimeware is being beta-tested in Germany”, said Stu Sjouwerman, CEO of KnowBe4. “While it starts off as a regular ransomware infection, it throws up a ransom note for 2.5 Bitcoin, nearly $1000 (at the current rate of $388 per Bitcoin) and claims if they are not paid, they will publish files on the Internet. Whether the program can siphon off files has yet to be determined, however the threat itself may be enough to get businesses to pay up.”
According to Kaspersky Labs, the first six months of 2015 have met or exceeded 2014 totals, showing the increased level of threat ransomware presents. According a recent report from the Cyber Threat Alliance (CTA), CryptoWall alone has made $325 million, and that is before the most recent new version was released.
“Some ransomware sneaks in and lays dormant, encrypting files before notification, increasing the likelihood of backing up encrypted files and decreasing your chances of getting your files back without payment.”, said Sjouwerman. “While we do not advocate payment, it may come down to a pragmatic business decision for many companies to pay up, since their backup didn’t work, or lose their data forever.”
Ransomware continues to be a source of worry for U.S. regulatory agencies such as the Federal Financial Institutions Examination Council (FFIEC) who published a statement warning financial institutions about the increasing “frequency and severity of cyber attacks involving extortion.” The statement advised financial institutions to address this threat by implementing programs that “ensure the institutions are able to identify, protect, detect, respond to, and recover from these types of attacks.”
The FFIEC statement also reiterated previous guidance that financial institutions take precautions against ransomware attacks with security controls such as ongoing information security risk assessments, securely configure systems, protect against unauthorized access, perform security prevention and risk mitigation, and update cybersecurity awareness programs.
Sjouwerman pointed out, “Many threats like this which are not detected with security software can be stopped dead in their tracks by creating a strong security culture within an organization and giving employees the tools and training to become a human firewall. We are so confident our security awareness training program works, we’ll pay your ransom if you get hit with ransomware while you are a customer.”
Click here for a free Ransomware Hostage Rescue Manual, visit www.knowbe4.com for more information.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. KnowBe4 services over 2500 organizations in a variety of industries, including highly-regulated fields such as healthcare, finance, energy, government and insurance and is experiencing explosive yearly growth of 300%. Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”
About Kevin Mitnick
Kevin Mitnick, ‘the World’s Most Famous Hacker’, is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecom devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and keynote speaker and has authored four books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC as its Chief Hacking Officer.