In the wake of rising cyber-attacks, it has become important to be constantly vigilant as well as make efforts to protect data from CryptoWall and its variants. Detected in early 2014; CryptoWall is a nasty ransomware and some reports suggest CryptoWall 3.0 has caused damage of over 325 million dollars since its appearance. It encrypts the files available on the system and the cyber-criminals demand ransom to decrypt these files. The ransomware has been updated time and again and the threat hovers around in 2018 as well.

How Does It Work?

CryptoWall 3.0 uses RSA-2048 encryption to lock away your files and forces you to pay the ransom in order to decrypt them. Some variants of the ransomware have add-on features such as CryptoWall v4 not only encrypts the files but also the filenames thus disabling you to look up the filename to check if you have a file backup available. Whereas CryptoWall v5.1 is based on the HiddenTear malware that uses an AES-256 encryption which is quite different from its previous versions.

The ransomware can be distributed through a variety of ways, some of which have been listed below –

  • Phishing Emails: Often the target victim is sent an email containing malicious files hidden in a zipped folder. As the victim opens the files, the malware is installed in the system. CryptoWall then scans the system for data files and encrypts them.
  • Exploit Kits: The exploit kit takes advantage of the vulnerabilities in the operating system, applications used or websites visited to install the malware and thereby launch a ransomware attack.
  • Advertizements: Malware can be installed into the system through malicious internet advertizements that are hacked by the cyber-criminals. These advertizements run JavaScript in the browser to download the malware. Most of the times the victim fails to notice that a malware has been injected into the system.

CryptoWall hides inside the OS and injects a new code to explorer.exe that installs the malware, deletes the volume shadow copies of your files as well as disables window services. It then runs throughout the system and communicates with Command and Control Server to receive an encryption key to encrypt the files. The encrypted files become inaccessible and can only be decrypted using the encryption key.

Post encryption, the victim gets a ransom note with instructions to pay certain amount of bitcoins as ransom to decrypt the files. However, most of the times it is a trap. A report by the CyberEdge Group reveals that only 19% of the ransomware victims actually got their files back.

How To Protect Against CryptoWall Ransomware?

  • Update your Operating System timely and keep the applications patched
  • Install an anti-virus scanner and update it regularly
  • Use a firewall as it may prevent the connection between CryptoWall and home base
  • Be wary of emails sent from unknown sources and never click on the links attached
  • Always keep a backup of your files at a source other than your system

For more information about IT Security, call Centex Technologies at (254) 213-4740.