Cryptowall Made Off With $18 million in 2014, FBI Reveals

The infamous Cryptowall ransomware has extorted around $18 million from its victims, the FBI reports.

Cryptowall is still the most active malware of the ransomware family, the bureau said in an alert meant to highlight the financial impact of ransomware. Between April 2014 and June 2015, the FBI`s Internet Crime Complaint Center received 992 complaints regarding Cryptowall.

Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses,” reads the message from IC3.

Financial losses come from the ransom itself, which can be up to $10,000, as well as from costs associated with data breach mitigation, legal fees, purchase of credit monitoring services, etc. That`s because ransomware doesn`t just impact home computers. Businesses, financial institutions, government agencies, academic institutions and other organizations have been infected with ransomware.

Not long ago, Bitdefender exposed Cryptowall-spreading campaigns that hit hundreds of mailboxes with malicious .chm attachments.

Apart from the FBI recommendations, here are some extra tips to stay ransomware-free.

1. Regularly back up your data in the cloud or on an external drive. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive that is connected to the PC for the duration of the backup only.
2. Keep UAC enabled. UAC notifies you when changes are going to be made to your computer that require administrator-level permission.
3. Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules that`s constantly updated and able to perform active scanning. Don`t override the optimal settings and update it regularly.
4. To secure your mobile device, avoid downloading apps from unfamiliar sites — only install apps from trusted sources. Also, install a mobile security solution to mitigate mobile threats.
5. Follow good internet practices. Avoid questionable websites, link and attachments in emails from uncertain sources. Alternatively, consider a browser extension that blocks JavaScript (such as NoScript).
6. Enable ad-blocking tools to reduce malicious ads.
7. Use a filter to reduce the number of infected spam emails that reach your Inbox.
8. When possible, virtualize or completely disable Flash, as it has been repeatedly used as an infection vector.
9. Increase your online protection by adjusting your web browser security settings.
10. Keep your Windows operating system and your vulnerable software- especially the browser and the browser plug-ins – up to date with the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.