First-of-its-kind Collaborative Effort Showcases the Power of Threat Information Sharing to Make the Internet Safer

SANTA CLARA, Calif., SUNNYVALE, Calif., and MOUNTAIN VIEW, Calif. October 29, 2015 — Fortinet (NASDAQ: FTNT), Intel Security (NASDAQ: INTC), Palo Alto Networks (NYSE: PANW) and Symantec Corp. (NASDAQ: SYMC), co-founders of the Cyber Threat Alliance (CTA), today announced the publication of research examining the evolution and global impact of the aggressive CryptoWall ransomware.

"Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat," is the first published report using combined threat research and intelligence from the founding and contributing members of the CTA. This whitepaper provides organizations worldwide valuable insight into the attack lifecycle of this lucrative ransomware family, which is associated with over US$325 million in revenue for the malicious actors behind it, as well as recommendations for prevention and mitigation. The CTA further discovered:

  • The $325 million in revenue that went to the attackers included ransoms paid by victims to decrypt and access their files.
  • 406,887 attempted CryptoWall infections.
  • 4,046 malware samples.
  • 839 command and control URLs for servers used by cybercriminals to send commands and receive data.
  • The hundreds of millions in damages spans hundreds of thousands of victims across the globe. North America was a particular target for most campaigns.

All of the key findings and intelligence in the report are based on the collective visibility the members of the CTA have into the CryptoWall v3 threat; potential impact may extend beyond this view.


  • "The explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks. Managing this risk is a shared responsibility. We need to step forward, and not wait for the adversary to make the move first. This research demonstrates the power of the CTA partnership; when we grow our collective intelligence across all sectors, we can better combat advanced threats, deploy security controls to counteract the latest moves and deliver greater security for our customers and all organizations."
    Derek Manky, global security strategist, Fortinet

  • "When we joined the Cyber Threat Alliance, we dedicated ourselves to working closely with our partners in industry and law enforcement to detect and disrupt cybercrime campaigns. This research demonstrates an ability to leverage our collective threat expertise and intelligence to provide enhanced protection for customers, and help us more effectively collaborate with law enforcement in order to disrupt criminal ecosystems and ultimately help bring more cybercriminals to justice."
    Vincent Weafer, vice president, McAfee Labs, Intel Security

  • "This type of collaborative research by security vendors reflects the power of effective threat information sharing and the positive effect it can have on helping maintain trust in our digital world. As a founding CTA member, we are committed to the idea that this new way of working together - of combining intelligence on a common adversary and sharing cyberthreat information as a public good - is to the benefit of all organizations in the battle against cybercrime."
    Rick Howard, chief security officer, Palo Alto Networks

  • "Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage. By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually."
    Joe Chen, vice president of engineering, Symantec


The report also highlights key recommendations by the CTA to aid users and organizations in not falling victim to CryptoWall v3 and other forms of advanced malware:

  • Ensure that your operating systems, applications and firmware are updated with the latest versions of the software.
  • Understand typical phishing techniques and how to thwart them, such as by not opening email from unknown email addresses or attachments of certain file types.
  • Keep web browsers updated, and turn on settings to disable browser plugins, such as Java, Flash and Silverlight, preventing them from running automatically.
  • Review access and security policies within corporate networks to limit access to critical infrastructure from systems and users who don’t need it.

To discuss this research and how threat information sharing can help in the battle against cyberattacks, the founding CTA member CEOs will participate in a Churchill Club panel tonight titled: "Hacks and Déjà vu: As the 'Another Day, Another Hack' Mantra Becomes Reality, is an End to Cyber Threats in Sight?"

To learn more about the Churchill Club event, visit:

To download a copy of the report or learn more about the CTA, visit:

To attend a webinar on December 1, 2015 discussing the findings of this report, led by members of the Cyber Threat Alliance, register here:

Ransomware is malware that encrypts a victims’ data so that a cybercriminal can hold it for ransom. When the victims pay, usually through an electronic currency like bitcoin, they receive a key from the cybercriminal to unlock their data. If the victims don’t pay and haven’t backed up their data, it can be lost permanently.

About the Cyber Threat Alliance (CTA)
Co-founded by Fortinet (NASDAQ: FTNT), Intel Security (formerly McAfee), Palo Alto Networks (NYSE: PANW) and Symantec (NASDAQ: SYMC), the Cyber Threat Alliance (CTA) is the industry’s first group of cybersecurity solution providers who have come together in the interest of their collective customers to share threat information. The end goal for the information sharing is to raise the situational awareness about advanced cyberthreats and enable members and organizations worldwide to use the latest threat intelligence information to improve defenses against advanced cyber adversaries. For more information about the CTA, please visit:

© October 2015 by the Cyber Threat Alliance Founding Companies. All Rights Reserved.

Fortinet's trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCloud, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners.

Intel and the Intel and McAfee logos are trademarks of Intel Corporation or McAfee, Inc. in the US and/or other countries.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Media Contacts:

Sandra Wheatley
VP of Corporate Communications

Chris Palm
Director of Corporate Communications
Intel Security

Jennifer Jasper-Smith
Head of Corporate Communications
Palo Alto Networks

Kristen Batch
VP of Corporate Communications