Computerware Blog
Warning: Updated Cryptowall Ransomware Strikes Again
As a business owner, you want to take every precaution against the latest threats that can affect your way of life. An updated threat called Cryptowall 2.0 (previously known as Cryptolocker) has been cut loose by malware developers, and it's capable of dealing irreparable damage to your business's network and data. This spear-phishing variant has the power to grind your network's files to dust, and in turn, your productivity.
Cryptowall 2.0, similar to its Cryptolocker brother, locks down the files on your network. This makes them inaccessible without a decryption key provided by the malware developers' secret server. Users come into contact with this threat through zipped folders and PDF files sent through emails disguised as invoices, purchase orders, bills, complaints, or other business-related messages. However, the original Cryptowall allowed knowledgeable users to recover their files without paying the ransom.
Not so much anymore. Malware developers knew that these weaknesses in the ransomware were being exploited, and sought to eliminate them. Some changes made in this souped-up version of Cryptowall 2.0 include:
- Unique wallet IDs to send ransom payments. Before the upgrade, Cryptowall used the same payment address for all of its victims. This flaw allowed users to take the payments of other victims to pay for their own files, turning the innocent victims into cold, hard crooks. While this method isn't favorable, it did work, and users were able to recover their files. With unique payment addresses for each user, this method has been put to a halt.
- Cryptowall 2.0 deletes the original data files. The earlier version of Cryptowall didn't delete the original files, which allowed users to recover them with data recovery tools. By deleting the original files, Cryptowall 2.0 prevents victims from finding an easy way out. The only way to recover these files is with a backup solution, or paying the ransom.
- The new Cryptowall uses its own TOR gateways. Malware developers no longer have to remain undetected and anonymous on public TOR gateways, which could be blacklisted and unreachable by the public. Now, these payment servers are on their own TOR gateways, which means that they can't be blacklisted or blocked.
This is not a threat that should be trifled with. It is extremely dangerous and should be treated with the utmost caution. In order to prevent this ransomware from infecting your network, you must follow these steps:
- Only open files that are from trusted email addresses. Don't open any attachments sent to you by unfamiliar (or even familiar) emails unless you follow up with the sender on whether or not it is legitimate. The power of spear-phishing attacks lies in their ability to sneak past antivirus and firewall solutions by disguising themselves as something else. Only open files that are from trusted senders, and always be on the lookout for warning signs.
- Avoid suspicious links in emails. Carelessly clicking on links opens up your network to all sorts of unsavory possibilities. It's fair to treat every unfamiliar link with suspicion, because if your systems become infected from clicking on a malicious link, it could spread to your entire network, debilitating your business beyond repair.
If your business gets into hot water with the Cryptowall ransomware, you can count on Computerware to help you get through the predicament. We'll give your business all of the information and tech support it needs to escape the ransomware, and set up provisions to keep your network protected against threats in the future. For more information about what Computerware can do for your business, give us a call at (703) 821-8200.
Comments