The world of online security received a new hit with the release of CryptoWall 4.0 update, especially considering the fact that the 3.0 version was a tremendous success for cybercriminals. They actually managed to increase their profits with about $325 million at the beginning of the year using this fatidic online threat.
For those of you who haven’t heard of CryptoWall, it is a piece of malicious software that will block access to your own files and then ask for a ransom in order to remove the blockage. If the money isn’t wired to the indicated account in the indicated time frame, the files on the targeted computer are deleted. Now imagine being an accountant and having tons of financial documents for various clients on your computer; wouldn’t you pay the ransom? Usually the amount charged is about $500, fact that encourages the victim to pay.
The 4.0 update is exactly what we expected it to be: an improved version of CryptoWall 3.0, with features that make it unbreakable to the existing technology. Just to make an idea, the update uses the RSA-2048 algorithm and communicates with systems using RC4 encryption. Also, it uses the TOR browsing utility to communicate with victims and collect the ransom. Even more, the ransom amount has been updated, from $500 to $700 US.
How does CryptoWall 4.0 work?
First of all, it’s important to know how it is spread in order to protect your computer from getting infected in the first place. Spam emails and the drive-by downloads are the main ways of propagation, so make sure to stay away from these.
When it comes to the process, the software is thorough. It will wipe any existing shadow copies, disable network drives, system restore, startup repair, and affect local drives. The main target are the files created with the Word package (docs, power points, excel files). The update also scrambles the name of your files to increase the level of panic and make the situation look even worse than you think.
If with the previous version you simply couldn’t open the files, now you don’t even know which file is which because all the filenames and information inside the files are changed. This makes it difficult to restore from backup.
The ransom note would be hilarious if you weren’t thinking about the damage they did. The cybercriminals are actually welcoming you in their community and assure the user that their software is not malicious.
How to protect yourself from CryptoWall 4.0?
When it comes to software like CryptoWall 4.0, the best protection is prevention. This includes a series of steps like:
- Establishing rules at company level on how to deal with emails that contain suspicious attachments. To make the email more credible, cybercriminals will invest time and effort in making it look official and seem like it comes from governmental institutions. This is why, if something seems out of place, it’s best to check with the supposed sender before opening any attachments.
- Installing high-quality antivirus software that is capable to detect suspicious activities specific to ransomware software. CryptoWall is created to get by regular antivirus software, but a good one will be able to pick up on a strange activity like renaming files really fast.
- Regular back-ups – this is the most important step to take against malicious software like CryptoWall. By having access to various versions of important files, your company won’t be so affected in case an infection happens.
- Consider a Cloud Backup – CryptoWall 3.0 did manage to corrupt files on services like Google Drive and Dropbox, but this happened because these are simply mirroring services. They synchronize with your computer and create a mirror image on another server, even if the files are corrupted. On the other hand, a cloud backup service will keep incremental backups, offering access to different versions of the same file.
How to get rid of CryptoWall 4.0?
For now there are only two ways to get rid of this: either pay or lose everything. But it’s no time to despair because there are talented people working on finding a solution. Our team at Onsite Helper has been successful at helping computers infected with CryptoWall 3.0 and we are confident we will manage to figure CryptoWall 4.0 out.
Also, the guys at the BleepingComputer forums are trying to get a look underneath and figure this software out. Here you’ll find an interesting tutorial on how to remove get rid of this ransomware.