CryptoWall Ransomware Virus
What Businesses Need to Know
Similar to the Cryptolocker ransomware, CryptoWall will encrypt your files on your computer and any network servers you may be connected to. The 2.0 version of this virus uses more advanced methods of delivery than its previous versions.
As if Cryptowall 2.0, wasn’t bad enough, (released October 2014), attackers then released Cryptowall 3.0 two months later in January of 2015.
The criminal minds behind Cryptowall then cooked up the next generation of Cryptowall ransomware debuting Cryptowall 4.0, which is vastly improved so it can exploit more vulnerabilities.
What’s worse, in 4.0 you won’t even know what files are encrypted because the file names are now encrypted.
What Does CryptoWall 2.0 Do?
A dangerous computer virus has left millions of people vulnerable. It’s called Cryptowall 2.0 and it spread rapidly.
To date, more than 830,000 victims worldwide have been infected with the malware.
According to security researchers at Dell SecureWorks, this is a 25% increase since August when there were 625,000 victims. This malware has evolved since earlier versions that mimicked the behavior and appearance of the infamous CryptoLocker ransomware.
Below is a screenshot that appears on infected computers as a result of the CryptoWall 2.0 virus:
How is the Ransomware Spread?
CryptoWall 2.0 is transmitted by an executable file, untrustworthy internet sources, USB devices and email. Victims of this virus have contracted it while surfing the web, clicking on links or popups or retrieving files from unknown sources through reliable sites like DropBox.
Malicious Banner Ads
Unsuspecting web surfers ran the risk of contracting this ransomware by visiting one of the impacted websites. Among the sites were web properties like Yahoo!, Match.com and AOL domains, among others.
However, the websites themselves were not compromised, rather, the advertising networks they relied on for dynamic ad content were inadvertently serving malware. These sites have since been notified and have stopped this malvertising campaign, but the criminals behind the CryptoWall 2.0 virus may be spreading the ransomware by other means.
What Kind of Damage Can it Do?
CryptoWall 2.0 targets individual computers and all shared equipment such as shared drives. What this means, is a single user has the potential of corrupting the entire company’s shared network, should they contract the virus on their computer.
Once the virus is contracted, it encrypts (locks) not only all the data on the infected computer, but also any shared hardware (such as a server) and requests a ransom to release the data back to you.
IMPORTANT: If your company does not have a reliable backup system in place, the data is lost because there is no way to recover it at this time.
This scenario occurred when a company called KnowBe4 received a panicked phone call from an IT administrator who became victim to the CrytpoWall virus this week. In the span of just one hour, his computer was infected with the malware, his workstation was mapped to seven servers and the entire server farm was shut down.
Previously, earlier versions of CryptoWall were using HTTP which allowed researchers to analyze the connection between the infected computer and the command and control server so they could take down servers that delivered the malware. CryptoWall 2.0 uses innovative ways to spread the virus like website ads and vulnerabilities in browsers and unpatched plug-ins.
How Can You Protect Yourself and Your Network?
- First, make sure your business has a solid backup solution in place to prevent against dangerous types of cyber threats like this. Even if you do, TEST your backup to ensure your backups actually do work.
- Confirm you are using the latest version of your internet browser. Many business users are still using old, outdated versions of Internet Explorer or other browsers that put them at high risk.
- Be sure your operating system software is up to date, especially browser plug-ins like Flash Player, Silverlight, Java and Adobe Reader.
- Ensure employees are aware of good security practices like never opening a ZIP, PDF or any other file from an unknown source if they are not expecting to receive it.These malicious emails might come in the form of an invoice, purchase order, complaint, bill or other business related email. It might appear these emails are sent from trustworthy sources such as Dropbox or your local payroll service, but best practice is if you aren’t expecting to receive the file, don’t open it. When in doubt, verify with the sender that the email is legitimate before opening the attachment.
Not Sure if Your Data Backup Solution is Reliable? Request a Free Network Discovery
If you are concerned about the security of your network or want to confirm your company has a reliable data backup solution in place, call Ontech Systems at (262) 522-8560 or send us a request online for a Free Network Discovery.
One of our Network Consultants will evaluate your network, confirm whether your backup system is reliable and track down any vulnerability that might currently exist in your network.
Or, learn more about what's included in a Network Security Assessment here.
Cryptowall 4.0: The Worst Ransomware Yet
Cryptowall 4.0 Can Fly Under the Radar, Undetected by Your Antivirus Program
With stronger encryption tactics and better evasion tricks than ever, this malicious ransomware is now sophisticated enough to fool many antivirus platforms.
According to Cyber Threat Alliance, the group behind Cryptowall 3.0 made $325 million dollars this year. This dwarfs the FBI’s June predictions which noted they brought in a mere $18 million in extortions from businesses and end-users.
Above all, the stealthy, under-the-radar aspect of 4.0 is contributing to a lower detection rate, compared to the Cryptowall 3.0 attacks. This means some businesses were unknowingly making backups that contained encrypted data that couldn’t be decrypted unless a ransom was paid.
How is Cryptowall 4.0 Spread?
Most often, Cryptowall 4.0 spreads through email. The phishing email lands in your inbox and infiltrates your computer when you open an infected attachment or click on a link in the email.
This, among many other reasons, is why it’s beneficial to not only have a spam filter in place, but also know how to use it.
What Should You Do if You Get Infected by Cryptowall 4.0?
Unfortunately, your choices are limited. You can reformat your computer and restore your data from backup (and hope your backup wasn’t infected) or pay the ransom for the decryption key.
However, we DON’T suggest paying the ransom, because that doesn’t guarantee you’ll get the key and you might put yourself in a position that encourages more criminal activities!
Cryptowall Proof Your Business
- Ensure your business has a reliable backup solution and procedure in place. Backup alone is not enough, you must TEST and verify that your backup works!
- Establish a disaster recovery/business continuity plan.
- Confirm you have a layered security approach.
- Keep all business systems and software programs up-to-date and ensure staff members do the same.
- Confirm all employees have a credible, reliable spam filter, that they know how to use.
- Train your staff to recognize spam and phishing emails. If you don’t trust the sender, don’t open the email! When in doubt, ask us!
- Do NOT pay the ransom. Here’s why.
- Staying proactive is key. Don’t learn your lesson the hard way.
Contact Ontech Systems at 262-522-8560. We’ll help you evaluate your business network and ensure you have reliable backup systems and procedures in place. Contact us today to ensure your network has the proactive systems in place to keep Cryptowall 4.0 out of your business!
Schedule a network security assessment
Request a security assessment below. We'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.