Cryptowall: Making Mockery of Its Victims
- Tags: Cryptowall
Talk about adding insult to injury and this Ransomware will top the list. Cryptowall not only hijacks the data on your computer, but congratulates you thereafter for becoming a part of the Cryptowall community. Imagine getting robbed and being told that was your grand prize. Well, this notorious Ransomware does exactly that and without remorse. Just like any movie villain, Cryptowall has gained quite a name among its fellow Ransomware such as Tesla Crypt, TorrentLocker and CTB-Locker. Let us take a brief look at its history.
Like most Ransomware, CryptoWall is an evolution of fake antivirus or malware. With its first reported sighting in 2014, CryptoWall is considered to be the spiritual successor of CryptoLocker that is another highly notorious Ransomware. It appeared under various pseudonyms such as CryptoDefense, CryptoBit, CryptoWall 2.0 and its successors.
How Bad Is it?
Created specifically to generate money for its programmers, CryptoWall has seen various updates and is supposedly running in version 4.0. The frequency of its updates clearly shows how its creators are making it even harder for government agencies and cyber police to bring it down. It is quite adept at working on various operating systems that includes the complete Microsoft Windows catalog. It is notorious for using the impregnable AES encryption and the use of various tactics to infiltrate and infect a user’s system.
- The most common vector of the CryptoWall Ransomware is spam emails, that could contain various exploit kits and fake CHM help files that will infect your computer.
- Users are often fooled into believing that they’re simply opening a help file, while it downloads and installs malware in the background.
- The original program quickly exits after executing the malicious code and deletes the volume shadow copies and snapshots of your files.
- It then copies itself in the startup process so shutting down the computer won’t make any difference.
- The malicious binary code is then injected in a legitimate svchost process, which the Ransomware automatically launches with user privileges.
- Once it gains access of the public key, it encrypts the files while dropping ransom notes in all hijacked locations.
- Lastly, it displays a final ransom note by automatically launching the Internet Explorer and closes the infected svchost process.
In a truly villainous fashion, CryptoWall’s ransom notes provide specific instructions to the victim on what happened to their files and how to retrieve them by paying the demanded amount. It also provides various links that also provide additional information on how to decrypt the data. As most of these links may not be accessible via regular browsers and proxies, it also provides instructions on using TOR.
It is practically impossible to break CryptoWall’s AES encryption, which is further strengthened by a public key. Hence the user is forced to pay the demanded ransom that is usually in bitcoin along with recommendations on how to buy bitcoins. The hackers will also offer a single file decryption to prove that they can restore the victim’s data.
Prevention is the Only Option
Unlike regular malware, Ransomware is more persistent and once your files have been compromised there is practically no way of getting them back other than paying the ransom amount. So it’s highly imperative that you take the necessary measures to keep this from entering your system.
1. Do not click suspicious links in emails – Spam emails are the most common carriers of malware and Ransomware. You could also install an email antivirus program to block all such links and attachments.
2. Backup Your Data – Your data is the only leverage these criminals have against you. So if you have a backup of all your important files, there’s no reason why you should give in to such unlawful demands. You could also use Ransomware Protector, that backs up your data securely and keeps it from becoming a liability than an asset.
3. Update Your OS regularly – Keeping your operating systems and applications up to date is another potent measure against Ransomware. Vulnerabilities in obsolete applications and plugins often become a gateway to such malware and keeping them up to date is the only way of staying one step ahead of any hackers.
4. Firewall Is a Must – Blocking all I2P connections and browsers such as The Onion Router (TOR) is perhaps the best way to cripple such malware from entering your system. This would restrict any unauthorized programs to connect with I2P servers.
Unfortunately, there is no possible way to retrieve your files once they have been encrypted by Ransomware. The best solution is perhaps a secure backup so you can retrieve it anytime without worrying about such data thieves.