CryptoWall, a malware program that targets Windows users of XP, Vista, 7 and 8 has been dated to April 2014. In October 2014 the malware developers released CryptoWall 2.0, January 2015 saw the release of a new version called CryptoWall 3.0. According to the FBI Cryptowall is "the most current and significant ransomware threat targeting US individuals and businesses." Cybercriminals have been able to extort up to $10,000 from per victim because of CryptoWall.
Cryptowall 3.0 is usually distributed via an email with a ZIP attachment that contains an .exe file disguised as a PDF file. The PDF file masquerades as a business communication - invoice, purchase order, bill, complaint. Some users have been infected with the ransomware as a result of clicking on an infected online advertisement from a tainted website.
Any attempt to open the fake PDF file will infect a computer with the CryptoWall infection and install malware files either in the %AppData% or %Temp% folders. Once infected the installer scans the computer's drives for data files that it will encrypt by way of an RSA encryption. The program is capable of scanning all drives, including removable and DropBox mappings.
The virus creates three files in the location of the encrypted files. These files are called DECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION. The first file contains information regarding the encryption, decryption of the files by way of the ransom demans. The last file takes the user to kpai7ycr7jxqkilp.torexplorer.com/ (see below).
The initial ransom fee is $500, to be paid in Bitcoin. The price doubles if an attempt is made to remove the malware without paying or if the ransom demands are not met within a week. Each victim receives a different Bitcoin address into which the fee is to be paid. The FBI has reported that access to files is restored once the ransom is paid.
As a precaution users are advised to regularly update their AV software and to use firewalls, to enable pop-up blockers, avoid clicking on emails or attachments they don't recognize and to steer clear of suspicious websites. Users are also advised to do regular system back-ups.
0 comments:
Post a Comment