KnowBe4’s Ransomware “We Pay if You’re Hit” Protection Gives Businesses a Safety Net
Even with the recent international law enforcement "Operation Tovar" shutting down Cryptolocker operations, it appears the number one ransomware Trojan is back in business. A new strain of the infamous CryptoLocker has been found. The new Trojan does not rely on the 2048-bit RSA encryption and does not need any communication with a Command & Control server to work. It operates stand-alone, and the extensions of affected files are switched to .cryptolocker after encryption.
According to KnowBe4 CEO Stu Sjouwerman, “It looks like the Russian evil genius behind CryptoLocker, Evgeniy Mikhailovich Bogachev, has not been sitting still since the recent international law enforcement ‘Operation Tovar’. We predicted this would not keep ransomware variants from proliferating. This is why we are offering our customers payment of their ransom if they get hit after doing our Kevin Mitnick Security Awareness training. It may very well be the most effective safety net against ransomware.”
A post at the Fakebit blog shows the Trojan encrypts data on the affected computer, but uses an encryption method that is weaker than the original. If you are a malware expert and know how to reverse engineer code, it that can possibly be broken. In order to regain access to the locked files, analysis of this CryptoLocker spin-off instructs the victim to access a location in the Tor network to receive details about the ransom payment.
Judging by the choice of the encryption algorithm and the method for receiving payment, this CryptoLocker variant does encrypt all the files it can get its hands on, and by preying on assumptions regarding the CryptoLocker brand name, these miscreants could still make a profit as not many users will know how to decrypt their files.
Sjouwerman also said, “More ransomware copycats will show their ugly heads this year. Law enforcement recommends not paying any ransom for two reasons: first to discourage the criminal practices, and second it’s uncertain if they will keep their end of the bargain and provide the decryption. While we agree, many companies may be forced to pay ransom if their backups failed rather than experience months or years of lost work. A great way to prevent files taken ransom is effective security awareness training.
About Stu Sjouwerman And KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses. For more information, visit www.KnowBe4.com
About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.