CryptoWall 3.0: Breaking the Walls Down

Greg Edwards

 CryptoWall 3.0 is the latest in a line of Trojans whose sole purpose is to extort money from innocent victims like me and you. In the ever-growing list of nasty technology infections, this one is up there with the worst. If you get this on your device it can infect not only your local files, but also files right across your network and even into Cloud storage systems like Dropbox and Google for Work.

Update: CryptoWall 4.0

By infected, I mean your files will be encrypted – you could end up losing enormous amounts of work, time and ultimately money.Blue Sky Broken Brick Wall

I'm old enough to remember why we call them files. The office landscape has changed drastically, and so have the threats that exist. Patch Management and Anti-Malware didn't exist when this filing cabinet was built. Old File Cabinet

What exactly is CryptoWall 3.0, you ask? It is a type of Trojan called ‘Ransomware’ – so called because it encrypts your files and then blackmails you into paying a ransom to get those files decrypted. A Trojan is a malicious software program. If it gets onto your computer it will run its program, which in this case is a program called CryptoWall 3.0, which will encrypt a broad range of file types (targeting them by extension, e.g. .docx).

So, how does CryptoWall 3.0 get onto your computer? CryptoWall 3.0 is usually sent out in an email which contains an attachment. The attachment is an executable file disguised as a pdf, so to you, it looks like a regular file attachment. The emails are cleverly written, for example, they may look like an invoice, or a travel itinerary - in other words, emails you might expect to get. You click on the pdf and before you know it a message screen appears on your computer that lets you know you’ve been had. The writers of CryptoWall even give you the message in the correct language by checking your IP address country code (interestingly they prevent certain countries from being infected by the CryptoWall Trojan, which include Russia, Armenia and Kazakhstan). The message screen then gives you instructions on how many files have been encrypted and how to decrypt those files, which, of course, involves a payment. The “ransom” usually starts around $500 if you respond within a week, increasing to $1000 thereafter, with no guarantee they will actually decrypt your files once payment has been made. We’re not dealing with honest folks here. And just to add salt to the wound, you have to pay in Bitcoins so the money isn’t traceable; It’s about as nasty as malware can get.

Where and when did this all start? The original CryptoWall was first released onto computers in November 2013 and mimicked the original ransomware Trojan known as Cryptolocker. It is now in its 3rd version, first being spotted in early 2015, updates being mainly seen in the screen display and the process they use to extort money from you. The United States is one of the most targeted countries with the largest number of CryptoWall infections standing at 40.6% over a 6-month period in 2014. The total number of files being encrypted by CryptoWall in that same time period being a shocking 5.25 billion! These are figures we need to reduce to 0% and zero files, but how do we do that?

It is really difficult to remove the carnage of the encryption once CryptoWall has executed its code. System restores will sometimes give you previous versions of a document back, but it certainly isn’t fool proof. As already mentioned, even Cloud stored backups won’t always work. The correct type of backup can save the day, but a synced copy will not. For example, Axis Backup is a powerful backup/archive tool that does not sync, but is a point in time backup. Make sure you understand what kind of backup you have. You really need to stop it from happening in the first place -prevention is the best form of cure in the case of CryptoWall 3.0. In the words of Douglas Adams in his great trilogy ‘The Hitchhikers Gide to the Galaxy’, “Don’t Panic”…we have an answer for you here at WatchPoint Data.

To prevent CryptoWall 3.0 you should follow certain security strategies. Patch Management is the most effective measure against these ever evolving threats. Using the right tools, these are easy to implement and will massively reduce your risk of CryptoWall and other malware infections.

WatchPoint Data has designed an easy to use console that provides that multi-layered approach to security used by all major organizations across the globe. Using WatchPoint Data’s security monitoring and alert capabilities, you can follow the rules of CryptoWall control, which are:

Rule 1: Prevent CryptoWall 3.0 from infecting your computers and network in the first place. Early patching is a vital first step in your defense against infection. WatchPoint Data Patch Management will monitor your network and manage your software patches, making sure that you are absolutely up to date. Patching is an essential part of keeping malware at bay, as it prevents any malicious code from taking advantage of software vulnerabilities. CryptoWall 3.0 has been known to be spread using compromised websites which then take advantage of poorly patched networks to spread the infection.

Rule 2: Keep your anti-malware (AM) up to date and monitor all stations. The best defense against Trojans like CryptoWall 3.0 is proper patch management, but keeping your AM up to date will help once the newest versions are identified and signature profiles created.

Rule 3: Use a good backup system, like the one offered by Axis Backup. If you do get infected you will be able to recover your files without having to give the criminals a penny.

Being alert to CryptoWall 3.0 and other malware is the best way to prevent infection. Keeping your employees aware too, training them to spot suspicious emails is a sensible step in stopping infections. But the best way forward is using the right tools that can work for you and with you, in the battle against criminal hackers.

Latest Crypto Behaviour

Share this:

Entrepreneur Link

Share

    

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all