Ransomware Strikes Again - Cryptowall
Making regular backups of critical data and keeping your software up to date is more important than ever thanks to the arrival of new, “improved” malware like Cryptowall 2. This update to a well-known ransomware exploit is making life miserable for business and personal computer users worldwide. Here's what you need to know...
What is Cryptowall 2 Ransomware?
Last summer, authorities busted the cybercriminals behind the CryptoLocker virus, and shut down that threat. But a new variant called Cryptowall 2 has emerged from the dark corners of the Internet.
Like its predecessor, Cryptowall 2 encrypts everything on an infected hard drive and displays a “ransom note” to the hapless user. The extortion is simple: pay several hundred dollars by a specified deadline or you’ll never get the key that unlocks your encrypted data. The payment method is anything but simple for the typical victim.
Cryptowall 2 is elaborately designed to avoid detection by security software and to conceal the identities and locations of its masters. Part of this stealth strategy is to require ransom payment in Bitcoin, the virtual crypto-currency. Most citizens and even IT geeks have no clue how to get Bitcoin; even if you know, converting real currency into Bitcoin is not convenient or fast.
Victims first have to locate an online Bitcoin currency exchange, then apply for an account. The exchanges conduct “background checks” to protect their dubious users from law enforcement agents. Approval can take days during which one’s computer (or an entire company network) is less useful than a flower pot.
Another barrier to paying is Cryptowall 2’s complicated instructions for using the Tor proxy network to connect to the attacker(s)’ site and make the payment. Victims must download and install the Tor browser (a copy of which may well be hosted by the attacker(s) and infected with more malware), then follow a link through the often-unreliable Tor network to the attacker(s)’ site. If the connection fails, victims must try later.
As if that isn’t enough, a Cryptowall 3 version appeared in recent days. Its only “improvement” seems to be the addition of the Invisible Internet Project (I2P) proxy network to the things that can go wrong with a payment attempt. The payment link provided by Cryptowall runs a victim through several Tor proxies and then hands the connection off to I2P, which has its own ways of failing.
Is There Any Guarantee?
If a victim jumps through all of these hoops and pays the ransom there is no guarantee that the key to unlock the encrypted data will be delivered. So far, the bad guys have honored their end of the deal, presumably because not doing so would quickly become well-known and ransom payments would dry up. But if anything should happen to the bad guys – like a sudden police raid – those who pay the ransom will never see a key.
The best way to deal with Cryptowall is to avoid it at all costs. That means keeping your defenses up on all fronts. Think before you click on unknown links or email attachments. Keep your operating system and application software up to date with security patches. Use a comprehensive internet security suite that watches for things like Cryptowall in email, Web, external storage devices, and every other vector by which malware can enter your system.
Follow these links to learn how and where you can get free tools to protect your computer:
The only thing I'd recommend as an extra layer of protection is a little program called CryptoPrevent, which modifies some Windows settings to prevent infection by Cryptolocker and related malware. Note that there are both Free and Premium versions of CryptoPrevent.
And of course, if you have a full system backup available, you needn't worry about CryptoWhatever ransomware, even if it does manage to slip past your defenses. Instead of paying the $500 or $1000 ransom, you'll just fire up your backup software, and restore everything from your most recent backup. If you're not making backups, I recommend that you get my ebook Everything You Need to Know About BACKUPS.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 20 Jan 2015
|For Fun: Buy Bob a Snickers.|
I Didn't ASK For This!
The Top Twenty
Add THIS to Your Anti-Malware Arsenal
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Ransomware Strikes Again - Cryptowall (Posted: 20 Jan 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved