CryptoWall ransom attacks net huge haul of Bitcoins from victims

Stealthy malware still making easy money

The criminal gang behind the CryptoWall extortion malware has recently raked in a haul of Bitcoins worth hundreds of thousands of dollars from its unknown victims, security firm PhishMe has revealed.

The true scale of the gang's campaign will probably run to millions in ransoms, but the firm gained an eye-opening insight into its success after taking a look at just two of the Bitcoin wallets traced to the attacks.

The first used by 'Leo1' contained 710 Bitcoins worth around $710,000 (£420,000 as of 19 July), while another traced to a phishing campaign detected by one of its customers had within it 38 Bitcoins, or $22,000 worth of takings.

CryptoWall was now attacking victims using phishing emails embedded with shortened Google URLs, PhishMe said.

"Through the power of user reporting, we received the report, discovered the malicious nature of the shortened URL, and reported the issue to Google, all within a span of 30 minutes. Google reacted quickly and took the link down shortly after our report," wrote PhishMe's researchers in a blog describing the attack.

The short URL had been clicked on 281 times which meant that all of these people would have downloaded a malicious zip file containing a new variant of CryptoWall. After running this through VirusTotal, as of last week, only a small minority of antivirus products could detect the new variant, PhishMe said.

CryptoWall's victims are not only SMEs and home users; two weeks ago US brokerage Benjamin F. Edwards & Co admitted that suffered a potential data breach in May after an employee's PC was infected by the malware.

In June a New Hampshire police department said it had no plans to pay the Bitcoin ransom after a CryptoWall infection briefly caused chaos inside its network.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags GooglephishmePersonal Tech

More about Google

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts