Blog

Cryptowall Ransomware Revenue Going to One Group

One of the most prevalent ransomware programs, Cryptoware 3.0, has said to have generated as much as $325 million so far in revenue for its developers.  The malicious program works by encrypting files and demanding a ransom.  Cryptowall is among the several types of ransomware that poses a significant problem to businesses and consumers alike. Once a computer is infected, files are extremely difficult to recover, because they are scrambled with strong encryption.  Unfortunately, there is little recourse for those infected by such ransomware.  The smartest thing to do for protection is to make sure you back up your files and ensure the backup cannot be accessed by the program.  Failing to do so can consequently lead to accepting the loss or paying the ransom, which could range from $500 to as much as $10,000.

The business model implemented by the program authors has been extremely successful, continuing to provide millions of dollars of income to the attackers.  Although reports do not speculate on the location of the group, there is one clue: if the program detects that the computer is running in Belarus, Ukraine, Russia, Kazakhstan Armenia or Serbia, the program will uninstall itself.