Cryptowall, the now-infamous encryption malware that locks files for ransom, has been updated. Known as Cryptowall 4, the ransomware infects Windows machines, encrypts files, and demands users cough up crypto-cash to unlock their documents. The new variant, thought to have been developed by Russian hackers, emakes it even harder to crack the files by scrambling file names. While Cryptowall remains by far one of the most common families of the malware, its success has given rise to new families and variants.
Users are tricked into opening a zipped attachment from a spam campaign, which contains a malicious file, triggering an executable payload.
The ransomware, upon install encrypts files making it almost impossible to regain access; it scrambles file names making it harder for victims to know which files are which. System restore points are also erased, taking away the option of returning to a previously saved state.
The malware mocks the user, congratulating the user for becoming ” a part of large community,” according to BleepingComputer, which first detailed the changes.
The ransomware uses bitcoin as the means of payment, which like in previous versions is handled by a centralized Tor-based command-and-control server to store decryption keys, making the attackers almost impossible to trace.
Ransomware hits thousands every week, and costs users $18 million in losses, according to estimates from the FBI. Other figures suggest the Cryptowall family alone has generated about $325 million in bitcoin ransoms.
It is critical for CEOs and CIOs to minimize risk of any virus. Here are some common sense steps to take:
- Keep regular backups: This will mitigate the damage done by file-encrypting ransom-ware.
- Install Bitdefender vaccine (The tool, which can be downloaded for free from its site, does not however undo the damage if the malware has already infected a machine, and only applies to the latest Cryptowall 4 malware; be aware as well that this software can bluescreen some systems)
- Keep anti-virus up to date
Originally posted 2015-11-11 02:13:13. Republished by Blog Post Promoter