Last year saw a number of highly publicized security threats that many companies struggled to deal with. One of those was a nasty bit of malware called Cryptolocker, which held your files for ransom. While this has now largely been dealt with, news is surfacing of a second version – called CryptoWall – that has begun to infect users.
What is Crypto malware?
Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then receive a pop-up informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.
When this malware surfaced last year, many users were understandably concerned and took strong precautions to ensure they did not get infected. Despite these efforts, it was not dealt with until this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat. Case closed? Not exactly. A recently updated version is threatening users once again.
Cryptolocker 2.0, aka. CryptoWall
Because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall, and it is a threat of which everyone should be aware.
With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that users are likely to open.
The developers did make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:
•Unique IDs are used for payment. These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
•CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom was not paid, but they could still be recovered with some effort. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
•Payment servers cannot be blocked. With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them exponentially more difficult to find and ban.
How do I prevent my systems and devices from being infected?
Unlike other viruses and malware, CryptoWall does not go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:
•Do not open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
•Do not open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you do not use. Chances are high that they contain some form of malware. Even if the email appears to be from a company with whom you have dealings, it is best to simply access the account in question to check your messages or to call the company directly to check the validity of the email.
Should your files be attacked and encrypted by this malware, the first thing you should do is to contact us (EIT Networks). We can work with you to help find a solution that may keep you from having to pay the ransom to recover your files. CryptoWall may be incredibly difficult to deal with, but do not try to fight it alone.