News Feature | July 29, 2014

New Ransomware Strain Causes Data Breaches, KnowBe4 Warns

Christine Kern

By Christine Kern, contributing writer

2 New Strains Of Ransomware Reported

CryptoWall Leads To Data Breach At Brokerage House

Ransomware continues to proliferate, fulfilling the predictions of IT Pros and security experts. A new survey by IT Security company KnowBe4 shows the growing alarm among IT Pros about the threat of ransomware like the infamous CryptoLocker.

The KnowBe4 June 2014 survey over 300 IT Pros compared the levels of concern over ransomware to a similar survey by IT Security company Webroot in January this year. The study showed the rapidly growing apprehension over ransomware, rising to 73 percent from 48 percent of those who are very or extremely concerned about it.

Nearly half of the IT professionals surveyed know someone who has experienced a ransomware attack and it worries them more now with 88 percent expecting ransomware to increase for the remainder of the year compared to 66 percent at the start of this year.

The problem of ransomware was compounded recently by the data breach at a New Hampshire brokerage firm, Benjamin F. Edwards and Co. (BFE). The initial breach occurred on May 24, 2014, when the brokerage house had their computer systems compromised by an unauthorized third party. The breach was discovered three days later on May 27, 2014, and the company began issuing breach notification letters to their customers on June 27, 2014, offering affected customers free identity protection, fraud protection and credit monitoring for 12 months.

In a June 27 letter to the New Hampshire Attorney General, the brokerage house stated that they were “voluntarily notifying the office of the attorney general that BFE intends to notify 430 residents of New Hampshire of a malware incident” and that the letter was being “provided as a courtesy” since notification is note required under state law.

The letter stated: “In more detail, an employee of BFE was the victim of a CryptoWall malware infection (a variant of the more common Cryptolocker malware) that encrypted files on the employee’s computer and files on certain shared drives to which the user had access. As a result of the infection, data was transferred to a suspicious IP address. The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address.”

In the wake of the breach, BFE has taken steps to remove the malware and conduct an investigation into the events. Among other safeguards, BFE has further restricted the IP addresses that BFE employees can access, and it has supplemented its security infrastructure with additional devices and practices to circumvent future CryptoWall attacks.

Although there is no clear indication that sensitive client data was actually accessed, BFE sent notification letters to every  current and former client and employee in New Hampshire, providing one year of free credit monitoring, identity theft protection, and fraud resolution services,

According to Stu Sjouwerman, CEO of KnowBe4, “We are seeing a new wave of ransomware created by Russian cybercriminals, and our recent survey shows that IT pros expect it to get worse the rest of the year. To add insult to injury, apart from the confidential files being encrypted and ransom extorted, the ransomware sends unidentified data out of the victim’s network.”

He emphasized, “That means the malware infection needs to be treated as a data breach with accompanying very high costs. Educating users with effective security awareness training can proof companies against ransomware like CryptoLocker plus its copycats and protect against lost credibility with customers.”