CryptoWall Ransomware Virus

What Businesses Need to Know

Similar to the Cryptolocker ransomware, CryptoWall will encrypt your files on your computer and any network servers you may be connected to. The 2.0 version of this virus uses more advanced methods of delivery than its previous versions.

As if Cryptowall 2.0, wasn’t bad enough, (released October 2014), attackers then released Cryptowall 3.0 two months later in January of 2015.

The criminal minds behind Cryptowall then cooked up the next generation of Cryptowall ransomware debuting Cryptowall 4.0, which is vastly improved so it can exploit more vulnerabilities.

What’s worse, in 4.0 you won’t even know what files are encrypted because the file names are now encrypted.

A dangerous computer virus has left millions of people vulnerable. It’s called Cryptowall 2.0 and it spread rapidly.

To date, more than 830,000 victims worldwide have been infected with the malware.

According to security researchers at Dell SecureWorks, this is a 25% increase since August when there were 625,000 victims. This malware has evolved since earlier versions that mimicked the behavior and appearance of the infamous CryptoLocker ransomware.

Below is a screenshot that appears on infected computers as a result of the CryptoWall 2.0 virus:

How is the Ransomware Spread?

CryptoWall 2.0 is transmitted by an executable file, untrustworthy internet sources, USB devices and email. Victims of this virus have contracted it while surfing the web, clicking on links or popups or retrieving files from unknown sources through reliable sites like DropBox.

Malicious Banner Ads

Unsuspecting web surfers ran the risk of contracting this ransomware by visiting one of the impacted websites. Among the sites were web properties like Yahoo!, Match.com and AOL domains, among others.

However, the websites themselves were not compromised, rather, the advertising networks they relied on for dynamic ad content were inadvertently serving malware. These sites have since been notified and have stopped this malvertising campaign, but the criminals behind the CryptoWall 2.0 virus may be spreading the ransomware by other means.

What Kind of Damage Can it Do?

CryptoWall 2.0 targets individual computers and all shared equipment such as shared drives. What this means, is a single user has the potential of corrupting the entire company’s shared network, should they contract the virus on their computer.

Once the virus is contracted, it encrypts (locks) not only all the data on the infected computer, but also any shared hardware (such as a server) and requests a ransom to release the data back to you.

IMPORTANT: If your company does not have a reliable backup system in place, the data is lost because there is no way to recover it at this time.

This scenario occurred when a company called KnowBe4 received a panicked phone call from an IT administrator who became victim to the CrytpoWall virus this week. In the span of just one hour, his computer was infected with the malware, his workstation was mapped to seven servers and the entire server farm was shut down.

Previously, earlier versions of CryptoWall were using HTTP which allowed researchers to analyze the connection between the infected computer and the command and control server so they could take down servers that delivered the malware. CryptoWall 2.0 uses innovative ways to spread the virus like website ads and vulnerabilities in browsers and unpatched plug-ins.

How Can You Protect Yourself and Your Network?

1. First, make sure your business has a solid backup solution in place to prevent against dangerous types of cyber threats like this. Even if you do, TEST your backup to ensure your backups actually do work.
2. Confirm you are using the latest version of your internet browser. Many business users are still using old, outdated versions of Internet Explorer or other browsers that put them at high risk.
3. Be sure your operating system software is up to date, especially browser plug-ins like Flash Player, Silverlight, Java and Adobe Reader.
4. Ensure employees are aware of good security practices like never opening a ZIP, PDF or any other file from an unknown source if they are not expecting to receive it.These malicious emails might come in the form of an invoice, purchase order, complaint, bill or other business related email. It might appear these emails are sent from trustworthy sources such as Dropbox or your local payroll service, but best practice is if you aren’t expecting to receive the file, don’t open it. When in doubt, verify with the sender that the email is legitimate before opening the attachment.

Not Sure if Your Data Backup Solution is Reliable? Request a Free Network Discovery

If you are concerned about the security of your network or want to confirm your company has a reliable data backup solution in place, call Ontech Systems at (262) 522-8560 or send us a request online for a Free Network Discovery.

One of our Network Consultants will evaluate your network, confirm whether your backup system is reliable and track down any vulnerability that might currently exist in your network.

Cryptowall 4.0 Can Fly Under the Radar, Undetected by Your Antivirus Program

With stronger encryption tactics and better evasion tricks than ever, this malicious ransomware is now sophisticated enough to fool many antivirus platforms.

According to Cyber Threat Alliance, the group behind Cryptowall 3.0 made $325 million dollars this year. This dwarfs the FBI’s June predictions which noted they brought in a mere $18 million in extortions from businesses and end-users.

Above all, the stealthy, under-the-radar aspect of 4.0 is contributing to a lower detection rate, compared to the Cryptowall 3.0 attacks. This means some businesses were unknowingly making backups that contained encrypted data that couldn’t be decrypted unless a ransom was paid.

How is Cryptowall 4.0 Spread?

Most often, Cryptowall 4.0 spreads through email. The phishing email lands in your inbox and infiltrates your computer when you open an infected attachment or click on a link in the email.

This, among many other reasons, is why it’s beneficial to not only have a spam filter in place, but also know how to use it.

What Should You Do if You Get Infected by Cryptowall 4.0?

Unfortunately, your choices are limited. You can reformat your computer and restore your data from backup (and hope your backup wasn’t infected) or pay the ransom for the decryption key.

However, we DON’T suggest paying the ransom, because that doesn’t guarantee you’ll get the key and you might put yourself in a position that encourages more criminal activities!