Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cryptolocker ransom Trojan infected 250,000 PCs, Dell SecureWorks estimates

At least 0.4 percent of victims paid up

Article comments

The feared Cryptolocker ransom Trojan has infected at least a quarter of a million PCs worldwide, a success rate probably generating somewhere in the low millions of dollars in ransom payments, a new analysis by Dell SecureWorks has estimated.

Alarming reports of the chaos sown by Cryptolocker have been easy to come by, less so hard numbers about the scale of what has surely been the malware story of 2013.

Offering some of the first data, Dell SecureWorks recorded 31,866 infected PCs contacting sinkholed command and control servers between 22 October and 1 November alone, over 22,000 of which were in the US with around 1,700 in the UK.

Carrying out the same exercise between 9 and 16 December, the number of infected PCs had fallen to only 6,459, a fall attributed mainly to a lower level of activity by the botnets pushing the malware.

From these numbers, the firm calculated that in the first 100 days of its activity from mid-September, Cryptolocker managed to infect between 200,000 and 250,000 PCs globally, disproportionately in English-speaking countries.

This brings Dell SecureWorks to the issue of how much money the criminals have made from Cryptolocker.

Based on Bitcoin payments connected to ransoms, Dell Secureworks estimates that between September and December the sums extorted were between $380,000 and $980,000 in value, depending on how long the virtual currency was held for.  

Because this excludes ransoms paid using other channels such as MoneyPak – most of the sums extorted Dell believes – the real damage had to be much higher than this, the firm said.

“These figures represent a conservative estimate of the number of ransoms collected by the CryptoLocker gang,” said Dell SecureWorks’ researchers.

“Based on this information and measurements of infection rates, CTU researchers estimate a minimum of 0.4%, and very likely many times that, of CryptoLocker victims are electing to pay the ransom.”

Many of the victims of Cryptolocker’s shakedown have been small businesses rather than consumers; from its first appearance the malware targeted SMEs using subject lines such as ‘consumer complaint’ to engineer employees into opening attachments, the firm said.

One high-profile example of this was a US police department that not only found itself infected by Cryptolocker but quite incredibly agreed to pay its Bitcoin ransom demand.

As this target field became exhausted, the criminals had shifted, probably reluctantly, to less profitable home users. Today, the waxing and waning of Cryptolocker corresponded to activity on botnets used to distribute it, such as Cutwail.

According to Dell, its creators were almost certainly seasoned in malware campaigns that appear to have made sound design decisions that complicate efforts to mitigate this threat and have demonstrated a capable distribution system based on the Cutwail and Gameover Zeus botnets.”


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *