Cyber Threat Alliance Cracks The Code On CryptoWall Crimeware Associated With $325 Million In Payments

SANTA CLARA, Calif., SUNNYVALE, Calif., and MOUNTAIN VIEW, Calif. October 29, 2015 –– Fortinet (NASDAQ: FTNT), Intel Security (NASDAQ: INTC), Palo Alto Networks (NYSE: PANW) and Symantec Corp. (NASDAQ: SYMC), co-founders of the Cyber Threat Alliance (CTA), today announced the publication of research examining the evolution and global impact of the aggressive CryptoWall ransomware.

Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat,” is the first published report using combined threat research and intelligence from the founding and contributing members of the CTA. This whitepaper provides organizations worldwide valuable insight into the attack lifecycle of this lucrative ransomware family, which is associated with over US$325 million in revenue for the malicious actors behind it, as well as recommendations for prevention and mitigation. The CTA further discovered:

  • The $325 million in revenue that went to the attackers included ransoms paid by victims to decrypt and access their files.
  • 406,887 attempted CryptoWall infections.
  • 4,046 malware samples.
  • 839 command and control URLs for servers used by cybercriminals to send commands and receive data.
  • The hundreds of millions in damages spans hundreds of thousands of victims across the globe. North America was a particular target for most campaigns.

All of the key findings and intelligence in the report are based on the collective visibility the members of the CTA have into the CryptoWall v3 threat; potential impact may extend beyond this view.


  • "The explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks. Managing this risk is a shared responsibility. We need to step forward, and not wait for the adversary to make the move first. This research demonstrates the power of the CTA partnership; when we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organizations."
    - Derek Manky, global security strategist, Fortinet

  • "When we joined the Cyber Threat Alliance, we dedicated ourselves to working closely with our partners in industry and law enforcement to detect and disrupt cybercrime campaigns. This research demonstrates an ability to leverage our collective threat expertise and intelligence to provide enhanced protection for customers, and help us more effectively collaborate with law enforcement in order to disrupt criminal ecosystems and ultimately help bring more cybercriminals to justice."
    - Vincent Weafer, vice president, McAfee Labs, Intel Security

  • "This type of collaborative research by security vendors reflects the power of effective threat information sharing and the positive effect it can have on helping maintain trust in our digital world. As a founding CTA member, we are committed to the idea that this new way of working together - of combining intelligence on a common adversary and sharing cyberthreat information as a public good - is to the benefit of all organizations in the battle against cybercrime."
    - Rick Howard, chief security officer, Palo Alto Networks

  • "Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage. By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually."
    - Joe Chen, vice president of engineering, Symantec

The report also highlights key recommendations by the CTA to aid users and organizations in not falling victim to CryptoWall v3 and other forms of advanced malware:

  • Ensure that your operating systems, applications and firmware are updated with the latest versions of the software.
  • Understand typical phishing techniques and how to thwart them, such as by not opening email from unknown email addresses or attachments of certain file types.
  • Keep web browsers updated, and turn on settings to disable browser plugins, such as Java, Flash and Silverlight, preventing them from running automatically.
  • Review access and security policies within corporate networks to limit access to critical infrastructure from systems and users who don’t need it.

To discuss this research and how threat information sharing can help in the battle against cyberattacks, the founding CTA member CEOs will participate in a Churchill Club panel tonight titled: "Hacks and Déjà vu: As the ‘Another Day, Another Hack’ Mantra Becomes Reality, is an End to Cyber Threats in Sight?"

To learn more about the Churchill Club event, visit:
To download a copy of the report or learn more about the CTA, visit:

To attend a webinar on December 1, 2015 discussing the findings of this report, led by members of the Cyber Threat Alliance, register here:

Ransomware: A Global And Pervasive Threat
Ransomware is malware that encrypts a victims’ data so that a cybercriminal can hold it for ransom. When the victims pay, usually through an electronic currency like bitcoin, they receive a key from the cybercriminal to unlock their data. If the victims don’t pay and haven’t backed up their data, it can be lost permanently.

About the Cyber Threat Alliance (CTA)
Co-founded by Fortinet (NASDAQ: FTNT), Intel Security (formerly McAfee), Palo Alto Networks (NYSE: PANW) and Symantec (NASDAQ: SYMC), the Cyber Threat Alliance (CTA) is the industry’s first group of cybersecurity solution providers who have come together in the interest of their collective customers to share threat information. The end goal for the information sharing is to raise the situational awareness about advanced cyberthreats and enable members and organizations worldwide to use the latest threat intelligence information to improve defenses against advanced cyber adversaries. For more information about the CTA, please visit:

© October 2015 by the Cyber Threat Alliance Founding Companies. All Rights Reserved.

Fortinet's trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCloud, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners.

Intel, Intel Security, the Intel logo, McAfee and the McAfee logo are trademarks or registered trademarks of Intel Corporation in the United States and other countries.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

About Fortinet

Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the globe. The company's fast, secure and global cyber security solutions provide broad, high-performance protection against dynamic security threats while simplifying the IT infrastructure. They are strengthened by the industry's highest level of threat research, intelligence and analytics. Unlike pure-play network security providers, Fortinet can solve organizations' most important security challenges, whether in networked, application or mobile environments - be it virtualized/cloud or physical. More than 210,000 customers worldwide, including some of the largest and most complex organizations, trust Fortinet to protect their brands. Learn more at, the Fortinet Blog or FortiGuard Labs.

Copyright © 2015 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions, such as statements regarding product releases. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.