Fortinet, Intel Security, Palo Alto Networks and Symantec have united in a bid to combat cyber crime, co-founding the Cyber Threat Alliance examining the evolution and global impact of the aggressive CryptoWall ransomware.
Billed as the first-of-its-kind, the collaborative effort is designed to showcase the power of threat information sharing in a bid to make the internet safer.
“Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat”, is the first published report using combined threat research and intelligence from the founding and contributing members of the CTA.
According to all parties, the collaboration aims to provide organisations worldwide greater insight into the attack lifecycle of this lucrative ransomware family, which is associated with over $US325 million in revenue for the malicious actors behind it, as well as recommendations for prevention and mitigation.
“This type of collaborative research by security vendors reflects the power of effective threat information sharing and the positive effect it can have on helping maintain trust in our digital world,” says Rick Howard, chief security officer, Palo Alto Networks.
“As a founding CTA member, we are committed to the idea that this new way of working together - of combining intelligence on a common adversary and sharing cyberthreat information as a public good - is to the benefit of all organisations in the battle against cybercrime.”
So far, the CTA further discovered that the $US325 million in revenue that went to the attackers included ransoms paid by victims to decrypt and access their files.
In addition, the research found 406,887 attempted CryptoWall infections, extracting 4,046 malware samples and identifying 839 command and control URLs for servers used by cybercriminals to send commands and receive data.
The hundreds of millions in damages spans hundreds of thousands of victims across the globe with North America a particular target for most campaigns.
“The explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks,” adds Derek Manky, global security strategist, Fortinet.
“Managing this risk is a shared responsibility. We need to step forward, and not wait for the adversary to make the move first.
“This research demonstrates the power of the CTA partnership; when we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organisations.”
All of the key findings and intelligence in the report are based on the collective visibility the members of the CTA have into the CryptoWall v3 threat; potential impact may extend beyond this view.
“When we joined the Cyber Threat Alliance, we dedicated ourselves to working closely with our partners in industry and law enforcement to detect and disrupt cybercrime campaigns,” adds Vincent Weafer, vice president, McAfee Labs, Intel Security.
For Weafer, this research demonstrates an ability for the tech giants to leverage its collective threat expertise and intelligence to provide enhanced protection for customers, and help to more effectively collaborate with law enforcement.
“Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage,” adds Joe Chen, vice president of engineering, Symantec.
“By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually.”