It’s Back – Cryptowall Ransomware Strikes Again

What is Cryptowall 2 Ransomware?

Bob Rankin: Making regular backups of critical data and keeping your software up to date is more important than ever thanks to the arrival of new, “improved” malware like Cryptowall 2. This update to a well-known ransomware exploit is making life miserable for business and personal computer users worldwide. Here’s what you need to know…

Making regular backups of critical data and keeping your software up to date is more important than ever thanks to the arrival of new, “improved” malware like Cryptowall 2. This update to a well-known ransomware exploit is making life miserable for business and personal computer users worldwide. Here’s what you need to know…

Last summer, authorities busted the cybercriminals behind the CryptoLocker virus, and shut down that threat. But a new variant called Cryptowall 2 has emerged from the dark corners of the Internet.

Like its predecessor, Cryptowall 2 encrypts everything on an infected hard drive and displays a “ransom note” to the hapless user. The extortion is simple: pay several hundred dollars by a specified deadline or you’ll never get the key that unlocks your encrypted data. The payment method is anything but simple for the typical victim.

Cryptowall 2 is elaborately designed to avoid detection by security software and to conceal the identities and locations of its masters. Part of this stealth strategy is to require ransom payment in Bitcoin, the virtual crypto-currency. Most citizens and even IT geeks have no clue how to get Bitcoin; even if you know, converting real currency into Bitcoin is not convenient or fast.

Victims first have to locate an online Bitcoin currency exchange, then apply for an account. The exchanges conduct “background checks” to protect their dubious users from law enforcement agents. Approval can take days during which one’s computer (or an entire company network) is less useful than a flower pot.

Another barrier to paying is Cryptowall 2’s complicated instructions for using the Tor proxy network to connect to the attacker(s)’ site and make the payment. Victims must download and install the Tor browser (a copy of which may well be hosted by the attacker(s) and infected with more malware), then follow a link through the often-unreliable Tor network to the attacker(s)’ site. If the connection fails, victims must try later.

As if that isn’t enough, a Cryptowall 3 version appeared in recent days. Its only “improvement” seems to be the addition of the Invisible Internet Project (I2P) proxy network to the things that can go wrong with a payment attempt. The payment link provided by Cryptowall runs a victim through several Tor proxies and then hands the connection off to I2P, which has its own ways of failing.

Is There Any Guarantee?

If a victim jumps through all of these hoops and pays the ransom there is no guarantee that the key to unlock the encrypted data will be delivered. So far, the bad guys have honored their end of the deal, presumably because not doing so would quickly become well-known and ransom payments would dry up. But if anything should happen to the bad guys – like a sudden police raid – those who pay the ransom will never see a key.

The best way to deal with Cryptowall is to avoid it at all costs. That means keeping your defenses up on all fronts. Think before you click on unknown links or email attachments. Keep your operating system and application software up to date with security patches. Use a comprehensive internet security suite that watches for things like Cryptowall in email, Web, external storage devices, and every other vector by which malware can enter your system.

The only thing I’d recommend as an extra layer of protection is a little program called CryptoPrevent, which modifies some Windows settings to prevent infection by Cryptolocker and related malware. Note that there are both Free and Premium versions of CryptoPrevent.And of course, if you have a full system backup available, you needn’t worry about CryptoWhatever ransomware, even if it does manage to slip past your defenses. Instead of paying the $500 or $1000 ransom, you’ll just fire up your backup software, and restore everything from your most recent backup. If you’re not making backups, you might be SOL [my edit].

But all is not lost!  Call us and we’ll install the fixes to prevent this from happening on your machines……

 

Leave a Reply

Your email address will not be published. Required fields are marked *