From CryptoLocker to CryptoWall 2.0

 

Last year I wrote a post about the CryptoLocker malware (read it here) and how bad it was. One year later, yes, what ransom-ware has been mostly neutralized. Law enforcement people were able to find many of the servers that held the keys to get people’s files decrypted. Unfortunately, other ransom-ware has surfaced since then. The most recent that I have faced is CryptoWall 2.0. Let me tell you; it’s bad.

Similar to CryptoLocker (read about it here) and CryptoDefense (read about it here), CryptoWall (and CryptoWall 2.0) is a file-encrypting ransom-ware program that affects all versions of Windows from XP up to 8.1. The way it works is that CryptoWall it will scan your computer for data files and “encrypt” them using RSA encryption so they are no longer able to be opened. Once everything is encrypted, it will open a window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom. Paying the ransom, which starts at $500 USD (and after 7 days goes up to $1,000), gets you a decryption program that unlocks your files. The ransom can only be paid in Bitcoins, and payments are sent to a Bitcoin address that changes per infected user.

decrypt-service

decrypt-service

Like CryptoLocker and CryptoDefense, once your files are encrypted, there is very little chance of getting your files back unless you have back-ups somewhere, or pay the ransom. If you want to read more details about this malware, you can read about it here.

Unfortunately for my client, he did not have any recent back-ups of his documents; this included a book that he was writing. I know this might like something that will never happen to you, but if it does, it’s a very bad place to be. My client was devastated. I did everything I could think of to get something back. All of the tips in the bleepingcomputer.com article I posted I tried. Even the data recovery wasn’t able to get anything useful back. Basically, if he doesn’t pay the ransom, he will never get his files back.

For this situation, I will repeat what I wrote last year: at this point you may be thinking “so is there no hope against the CryptoWall malware?” Yes, there is hope, but it lies in prevention. Once you have been infected and your files locked, there may be no way to get your files back.

So what can you do?

1) Everyone should always have some type of back-up solution. The best thing to do is have both a local back-up as well as an off-site (i.e. cloud based) back-up. Also, it’s “best practice” to have a local back-up “at rest” as well as one that’s “active.” This means having one back-up that is done on a certain schedule and then put away safely until the next scheduled back-up, plus a second back-up that is scheduled more frequently and is constantly connected either to the computer, or to the network, that it is backing up.

2) Everyone also needs to have some type of anti-virus installed on their computer. I won’t get into recommendations because everyone has their favorites, but people need to realize that nothing, and I mean nothing can protect a computer 100% from possible infection.

3) Be careful opening up attachments from people you don’t know, and be careful about clicking on things / messages that may look legitimate, but come up unexpectedly or are vague (OMG, I can’t believe you did that! Check out this video of you…)

4) Specifically for the CryptoWall malware (and other similar malware), there is something that can be done to prevent it from infecting your computer. There is a small piece of software that was developed by Nick Shaw of Foolishit called CryptoPrevent. This software cannot undo damage CryptoWall does, but it can help prevent CryptoWall from infecting your computer in the first place.

How I can help:

If you, or anyone you know, needs help deciding what software to use to back-up a computer, I can help. I am reseller for both Acronis back-up software, and Easus Back-up software, which do local back-ups of your files, or your whole computer. As for off-site back-up solutions, I offer a managed back-up solution through CrashPlan that can cover all of your computers for as little as $10 a month. IF you want more information about any of these services, please call me at 951 444 5925 or email me using the contact form on the Contact Us page.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.