Thursday, January 19, 2017

Ransomware is (Still) Here – Cryptowall 4 Vaccine “Fix”

Cryptowall, the now-infamous encryption malware that locks files for ransom, has been updated.  Known as Cryptowall 4, the ransomware infects Windows machines, encrypts files, and demands users cough up crypto-cash to unlock their documents.  The new variant, thought to have been developed by Russian hackers, emakes it even harder to crack the files by scrambling file names.  While Cryptowall remains by far one of the most common families of the malware, its success has given rise to new families and variants.

Users are tricked into opening a zipped attachment from a spam campaign, which contains a malicious file, triggering an executable payload.

cryptolocker - cryptowall

Crytowall encrypts your files and holds them ransom until you pay for a decryption key

The ransomware, upon install encrypts files making it almost impossible to regain access; it scrambles file names making it harder for victims to know which files are which.  System restore points are also erased, taking away the option of returning to a previously saved state.

The malware mocks the user, congratulating the user for becoming ” a part of large community,” according to BleepingComputer, which first detailed the changes.

Cryptowall uses bitcoin for payment

Cryptowall uses bitcoin for payment

The ransomware uses bitcoin as the means of payment, which like in previous versions is handled by a centralized Tor-based command-and-control server to store decryption keys, making the attackers almost impossible to trace.

Ransomware hits thousands every week, and costs users $18 million in losses, according to estimates from the FBI. Other figures suggest the Cryptowall family alone has generated about $325 million in bitcoin ransoms.

Prevention
It is critical for CEOs and CIOs to minimize risk of any virus.  Here are some common sense steps to take:

  • Keep regular backups:  This will mitigate the damage done by file-encrypting ransom-ware.
  • Install Bitdefender vaccine (The tool, which can be downloaded for free from its site, does not however undo the damage if the malware has already infected a machine, and only applies to the latest Cryptowall 4 malware; be aware as well that this software can bluescreen some systems)
  • Keep anti-virus up to date

Cryptowall Vaccine

Source: ZDNet

Originally posted 2015-11-11 02:13:13. Republished by Blog Post Promoter

The post Ransomware is (Still) Here – Cryptowall 4 Vaccine “Fix” appeared first on Information Technology Blog.



from Information Technology Blog http://ift.tt/1Qhe1VK

No comments:

Post a Comment