KnowBe4 Cautions IT: Second Generation Ransomware In The Wild

Tampa Bay, FL  System administrators aren’t likely to get much rest this summer. KnowBe4 CEO Stu Sjouwerman issued a “second-gen malware alert” to warn IT managers of new threats bursting on the scene.

This confirms IT fears of an increase in ransomware from a survey done at the end of June by KnowBe4. Kaspersky recently reported a new second-generation type of ransomware marketed as CTB-Locker (aka Critroni), calling it “Onion”, named after use of the anonymous TOR network. Trend Micro reported another wave of ransomware called Crytoblocker, described as the potential successor to CryptoLocker and Synology customers are now experiencing a targeted customized ransomware attack.

According to KnowBe4’s CEO Stu Sjouwerman, “Security Awareness Training is needed now more than ever. This new generation of CTB-Locker ransomware is likely originating from an eastern European country like Romania or the Ukraine as some of the first infections were seen in Russia. Russian cybercrime never hacks in Russia itself due to the likelihood of immediate arrests by Russian security services.“

The five reasons that make this new wave of ransomware more dangerous:

CTB-Locker is the very first Windows ransomware that uses the TOR network for its command & control (c&c) servers which makes it much harder to shut down.
Traffic between the malware that lives on the infected machine and its c&c servers is much harder to intercept.
CTB-Locker encrypts files using little-used and super strong Elliptic Curve Diffie-Hellman cryptography which makes decrypting it yourself impossible.
Compresses files before encrypting them
It was built as commercial crimeware, so it can be sold globally to other cybercriminals. The Bitcoin ransom can be specified, as can the extensions of the files that will be encrypted.

Sjouwerman recommends setting up a human firewall with educated users as this can help prevent the near catastrophic data loss ransomware can cause. Said Sjouwerman, “We know one company that opted to delay training its users, only to get hit with ransomware the next day costing them $250,000. Training would have cost them 1/50th of the price.”

KnowBe4 advocates multi-layered, defense-in-depth security including thorough testing of backups as they are prone to failure. The company guarantees once users are trained and receive a simulated phishing attack once a month, they will pay your crypto-ransom if you get hit.

For more information visit