We‘ll tell you how to prevent this vicious malware so it won’t cost yours a dime.

Beware of this piece of malware that’s especially damaging for any data-driven organization.

It disguises itself as an email from a legitimate company, but attached is a file that will cost your business money and downtime.

What’s most dangerous about this malware is its legitimate appearance.

You may think that you’re opening an email from your boss, but you’re actually allowing malware to hold certain types of files hostage.

And that means you cannot access your files until you pay the ransom.

We’re talking about CryptoLocker.

And because of its plan of attack to collect funds, it’s also known as “ransomware.”

How it All Began

So before we dive into how to prevent this vicious malware, let us tell you about it’s history.

The first CryptoLocker ransomware attack occurred in September 2013.  Then, for eight months, the malware utilized a Trojan horse to target and encrypt files on computers running Microsoft Windows.

You may be aware of this costly, dangerous cyber-attacker, but do you know how much damage it’s caused?

It’s believed that the operators of CryptoLocker successfully extorted a total of about $3 million from victims of the Trojan.

The operation was disrupted in June 2014, but other versions of the malware continue to make large sums of money at the expense of businesses.


Average Business Recovery Cost in 2017


Extorted from Trojan Victims in 2013

$1.3 - 6.6 Million

Cost for 5% of Businesses in 2017

In fact…

The average cost per ransomware attack to businesses was $133,000 in recovery costs in 2017, according to The State of Endpoint Security Today report published by Sophos.

But this cost doesn’t include only recovery fees – it also includes ransom, lost hours, downtime, device and network costs and lost opportunities.

  • Ransom

  • Lost Hours

  • Downtime

  • Device & Network Costs

  • Lost Opportunities

And for some businesses, the monetary loss was much higher. In fact, 5 percent of respondents reported ransomware attacks that costed $1.3 to $6.6 million.

How can CryptoLocker Access Your Files?

  • Phishing

  • Drive-by-Downloading

  • Social Media

You could be infected by CryptoLocker through phishing, which is an email that contains dangerous ransomware. In addition to email, it can also spread if you unknowingly visit a website that’s been infected and their malware is downloaded and installed without your knowledge. This method is known as drive-by-downloading.

CryptoLocker has also spread through social media, such as Web-based instant messaging applications. Newer methods, such as utilizing vulnerable web servers to gain access to an organization’s network, are currently taking shape.

Commodity Groups: Criminals of Destruction

So you may be wondering how cyber-attackers are still making money from this incriminating business if CryptoLocker was shut down in 2014.

You see, the answer to that is a big problem for businesses.

So the problem is commodity groups.

You can think of commodity groups as the criminal masterminds behind ransomware companies.

Their main goal is to infect as many victims, or RaaS platforms, as possible. Then, they pass the torch onto other criminals who infect more victims.

Because Commodity groups are pouring out new malware samples so fast, it’s difficult for traditional signature-matching security solutions to keep up.

And these groups are so good at what they do that the criminals don’t even bother confirming that their samples are savvy enough to slip past antivirus products.

New RaaS Operations in 2018

  • January 26


  • February 18


    February 18

  • February 20

    Data Keeper

Commodity groups are considered ransomware-as-a-service operations. In other words, there’s a team of criminals who work together to spread ransomware to as many victims as possible.

First, ransomware authors develop a new or updated strain. Then, they invite commodity groups to use it in exchange for a cut of each successful ransom payment.

Some of the most recent operations that were found this year are GandCrab, Saturn and Data Keeper.

If commodity groups aren’t dangerous enough for your RaaS, their partner in crime is even craftier when it comes to choosing their victims.

Targeted Groups: Zeroing in on the Big Bucks

Next, we have targeted groups.

Targeted groups zero in on organizations that they believe are willing to pay big money to get their files in a hurry, such as businesses, healthcare organizations and local governments.

This group’s attack plot is stealthier and requires a great amount of hands-on setup and investigation.

Targeted groups usually lay low for a while after they make initial compromise. Then, it could be weeks or even months before the user is aware of the attack.

But while all is quiet, the targeted groups are preparing for the attack, ensuring that once deployed, the ransomware will have maximum impact on the business.

Due to the stealthy nature of the group’s preparations, the chances of ransomware payloads being detected and blocked prior to deployment are becoming increasingly low.

This destructive form of malware is just too cunning for even some of the most vigilant security software.

As a result, 75 percent of organizations infected with ransomware were running up-to-date endpoint protection, according to a Sophos report.

Professional Services

Ransomware Chooses Victims by Industry

As we mentioned before, ransomware targeted groups choose their victims wisely. And these groups tend to choose organizations that are willing to pay large sums. As a result, the unfortunate victims of their attacks are healthcare organizations.

Healthcare organizations experienced the highest number volume of ransomware in 2017, with its proportion of attacks at 45 percent, which is nearly four times that of the next most frequently targeted industries. Next in line are financial and professional services at 12 percent, according to the Beazley 2018 Breach Briefing.

Healthcare Takes the Brunt

The healthcare arena made up the majority of ransomware attacks last year.

As a result, 85 percent of healthcare malware in 2017 was ransomware, according to 2018 Data Breach Investigations report distributed by Verizon. The most recent example of a healthcare-targeted ransomware operation is SamSam. The operation began in January of this year and has infected a slew of healthcare organizations, such as AllScripts and LabCorp.


of Healthcare Malware was Ransomware
in 2017

So it seems that there’s no known requirement that an organization must have in order to become the victim of a targeted group ransomware attack, but healthcare systems are evident in the trend.

There are many theories as to why healthcare organizations are targeted, such as willingness to pay large sums quickly and being notorious for using out-of-date systems.

The first theory proved to be true in one case when SamSam authors collected $55,000 in ransom from Hancock Health, a regional hospital in Indiana, earlier this year.

Hospital officials said they paid the attackers because restoring from backups would’ve taken days or weeks, and the organization needed access to the files much sooner.

So after paying the ransom, it was determined that backup files were corrupted so restoring was unsuccessful.

Along with healthcare organizations, financial and professional services also tend to be targeted. Other businesses, such as retail, manufacturing, education and hospitality showed to be lower on the target list, according to Beazley 2018 Breach Briefing.

WannaCry makes Ransomware History

Another form of malware infected more than 400,000 machines in 2017, making it the biggest ransomware attack in history.

The ransomware, which was called WannaCry, started infecting computers early in the morning on May 12. The first two prominent victims were UK’s National Health Science Services, or NHS, and Telefónica, the largest telecom company in Spain.

Like a contagious disease, the outbreak quickly spread throughout Europe and the rest of the world. By late Friday, it spread to 150 countries, including the US, where FedEx was infected.

Unlike CryptoLocker, WannaCry utilized a server message block, or SMB, to attack victims rather than an incoming email.

So although the payout for WannaCry wasn’t close to astonishing, one element of this malware attack baffled business owners, Windows users and technology experts.

The troubling factor was the simplicity of the design.

In other words, it didn’t take a rocket scientist to build this ransomware. What many would call amateur, its components included an NSA-developed exploit, which was easily accessible to anyone who wanted to utilize it, a user friendly framework and a simple worm accessory.

The minds behind this malware weren’t brilliant or even sophisticated, which is what makes its impact so staggering.

150 Countries

400,000 Machines

Biggest Attack in History

The hacking tool, ETERNALBLUE, targeted the vulnerability in the SMB protocol that was specifically addressed by a critical Microsoft update, MS17-010.

It’s been revealed that nearly all of the computers that were attacked by WannaCry were running an outdated Windows OS that hadn’t been patched.

Fortunately, not many users were fooled by WannaCry.  Only 0.07 percent of victims paid the ransom, which was only 314 payments, making the net balance a little over $120,000, according to a statistic used in a blog post by Barkly.

Ransomware numbers Decline … for now

Over the past 12 months, ransomware attacks fell nearly 30 percent, according to Kaspersky’s Ransomware and Malicious Cryptominers 2016-2018 report.

As a result, ransomware wasn’t even the most prevalent payload in 2018. According to the Malwarebytes Cybercrime Tactics and Techniques Q2 2018 report, ransomware dropped down to No. 6 and accounted for less than 5 percent of prevalent payload malware in 2018.

A number of factors contributed to this decline, such as overexposure and increased awareness, cryptocurrency volatility and additional attention from law enforcement.

Due to the awareness, ransomware is on the decline, for now, but that doesn’t mean it didn’t cost companies a lot this year.

Some paid millions, according to a Symantec report.

The Colorado Department of Transportation was demanded an undisclosed ransom.

  • Overexposure

  • Increased Awareness

  • Cryptocurrency Volatility

  • Extra Attention from Law Enforcement

While it wasn’t reported if the CDOT paid the amount, the ransomware attack costed the company $1.5 million in recovery fees.

In addition to CDOT, the City of Atlanta received a ransom demand of $51,000. Although the city didn’t pay, the attack costed about $17 million in recovery fees.

As you can see, ransomware is still out there, attacking companies and costing millions.

And this vicious malware is predicted to do more damage in the future.

The global damage costs connected with ransomware attacks is expected to reach…

$11.5 billion

By 2019

Are your business files protected from Ransomware?

Click on the button below, and Acumen will show you how to make sure, step-by-step.