Breaking News From KnowBe4: Two New Ransomware Strains

KnowBe4 CEO Stu Sjouwerman issued a warning today of two new strains of ransomware that have been discovered, giving IT security a heads up on how to spot and handle

December 15, 2014

4 Min Read


Tampa Bay, Fla., Dec. 15, 2014 --  KnowBe4 CEO Stu Sjouwerman has issued a warning to IT security folks to be on the lookout for two new strains of ransomware. The first is a new strain of ransomware named OphionLocker. It encrypts your data using strong open source Crypto++ Elliptical Curve Cryptography and then ransoms the files for about 1 Bitcoin. The infection vector is limited to hacked websites, utilizing exploit kits that hack into unpatched computers. The ransom amount varies between countries where the victim is located, with the U.S. having the highest rates.

Sjouwerman said, “The new wrinkle is that when a workstation is infected with OphionLocker, it will generate a unique hardware ID based on the serial number of the first hard drive, the motherboard's serial number, and other information. It will then contact the malware's Control & Command server via TOR site and check if this particular hardware ID has been encrypted already. When you go to the ransomware site, it will prompt you to enter your hardware id. Once entered it will display the amount of ransom you are required to pay and provide a bitcoin address that you should send the payment to.”

This ransomware does not (yet) securely delete your files or remove the shadow volume copies. Therefore it is possible to recover your files using a file recovery tool or a program like Shadow Explorer.

The other major threat now exploding is TorrentLocker. The cybercrime gang behind TorrentLocker has earned $40 million between March and December 2014. Researchers from IT security company ESET have tracked the Bitcoin wallet that received the ransom payments, and since March a whopping 82,000 Bitcoins have been paid to that wallet. TorrentLocker was first uncovered in August by iSight Partners and was seen to be using phishing attacks targeting the UK and Australia, but has since expanded its reach to target more countries including Italy, Czech Republic, Germany, and Turkey. It looks this is another eastern European cyber gang that is getting ready for their assault on the U.S.

From ESET's main office in Bratislava, malware researcher Robert Lipovsky said that the TorrentLocker was sophisticated with the cryptography aspect of the malware "done quite well", using AES with 256-bit keys, and those keys are stored on a remote sever meaning there is no way of decrypting the victim's files like CryptoWall. ESET plans to publish an extensive report on the development of TorrentLocker next week.

Sjouwerman advised; “The message is patch your systems diligently, and step your users through effective security awareness training to make sure they don't fall for social engineering tricks.”

Additional links:

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authoreIn cd three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights