A cyber-security industry group has published new research on the CryptoWall ransomware campaign, finding that the attacks have generated more than $300m in ransom income and stem from a single source or entity.
The report was published earlier this week by the Cyber Threat Alliance, founded by Intel Security, Symantec, Palo Alto Networks and Fortinet. Major takeaways from the organization’s research include evidence of as much as $325m worth of ransomware victim payments and more than 400,000 attempts to infect computers with the third variant of CryptoWall (CW3), many of which appear to have focused on targets in North America.
Backing the idea that the ransomware is sourced to a single entity is evidence found in both the code as well as the web of bitcoin payments trackable on the public blockchain. The report notes that Armenia, Belarus, Iran, Kazakhstan, Russia, Serbia and Ukraine are blacklisted, meaning the malware won’t operate in those regions and suggesting possible points of origin.
The report’s authors add that an analysis of bitcoin transactions tied to known ransom campaigns points to the common use of bitcoin wallets across those campaigns, stating:
“As a result of examining this financial network, it was discovered