Dell SecureWorks has updated its figures on the number of PCs infected by the awful CryptoWall ransom malware and the news isn’t good – the number of systems has spiked suddenly to 830,000.
The firm’s last statistic in late August was 625,000, itself a large number of infected systems, which means that CryptoWall has boosted its haul of victims by 25 percent in a matter of weeks.
Looking at the UK statistics, Dell SecureWorks estimates that CryptoWall has affacted 40,000 PCs, with 75 victims handing over ransoms to the tune of $47,250 (£29,000), a stark figure that arrives in time for the UK’s Get Safe Online week.
A few days back, the National Fraud and Intelligence Bureau (NFIB) estimated that online fraud is costing UK citizens £670 million a year. Given that very few of the ransoms paid in the hope of getting rid of CryptoWall were probably reported to the national fraud reporting service Action Fraud, this figure is surely an underestimate.
CryptoWall remains a global problem with Australia recording 20,000 infections and Japan 2,000, Dell SecureWorks said.
The increase in infections is disturbing because security programs should have got on top of CryptoWall by now. Alternatively, CryptoWall is simply being better distributed and is finding more unprotected victims.
There is some evidence for this. It is clear that from Dell SecureWorks’ UK infection rates that CryptoWall’s conversion rate is absolutely miniscule. That might explain why it is being more aggressively marketed.
The latest example is from security firm Proofpoint which this week published research showing that the malware is being pushed at millions of consumers using ‘malvertising’ (rogue advertising leading to infected links) embedded on legitimate and popular websites, including Yahoo's Finance and Fantasy Sports sites, realestate.aol.com, theatlantic.com, 9gag.com and match.com.
The firms said that the sites had taken action to stop the malvertising but the fact that they had to be told by a third party shows how complacent they are about the threat posed by this kind of malware to their readers.
Although less famous than the Trojan that pioneered the market for mass ransomware infection, CryptoLocker, CryptoWall is proving harder to combat. The long tail of infections just sems to spawn and re-spawn, seemingly without end. This will likely continue until either its Russian creators are arrested or the command and control is fatally compomised.