Cryptowall: New ransomware picking up where CryptoLocker left off

Posted by Paul Hanley on Jun 11, 2014 1:40:00 PM

A new form of ransomware is on the loose, filling the void left by CryptoLocker. Several security blogs are warning IT pros about “Cryptowall”, which leverages social engineering and security exploits to encrypt its victims’ files.cryptowall_warning_example

Ronnie Tokazowski at wrote an analysis of Cryptowall, explaining how users around the world have lost access to thousands of files after failing to pay the ransom.

Cryptowall tricks users into downloading infected attachments or clicking infected advertisements, and then takes advantage of security gaps in Silverlight, Flash, and Java to make its way onto computers, according to an alert from SANS Internet Security Center.

Like CryptoLocker, Cryptowall encrypts your files and then presents a warning screen, which walks you through how to pay the ransom. The perpetrators are asking for a $500 ransom to start, and raise the price to $1,000 if you fail to pay by your assigned deadline.

According to Tokazowski, Cryptowall’s organizers have earned at least $80,000 in ransom payments so far.

How do you avoid a Cryptowall infection?

Ask your SMBs to keep an eye out for emails containing suspicious Dropbox links that inform the user of a new voicemail or incoming fax report. We’ve included a few screenshots of these emails, originally taken by Tokazowski, to the right.cryptowall_phishing_examplecryptowall_voicemail_example

And many of the security best practices we included in our Cryptolocker defense guide are also relevant here: Instruct your users to never open suspicious emails or attachments, and keep your antivirus and antimalware software updated.

Of course, we always suggest backing up your data on regular basis. If you have a clean backup you can easily restore an infected SMBs’ clean data without having to pay the ransom.

In a positive bit of news, it appears CryptoLocker may be on the ropes. The FBI said yesterday it’s targeting Russian national Evgeniy Mikhailovich Bogachev as the potential mastermind behind both CryptoLocker and Gameover Zeus, both of which have brought in more than $100 million in ransom.

The U.S. Justice Department launched “Operating Tovar” this spring, with the ultimate goal of shutting down the massive network of computers controlled by Zeus and finding the culprit behind both that malware and CryptoLocker. It appears their efforts worked – reports say CryptoLocker stopped working in early June, and that the FBI was able to free 300,000 computers from Zeus.

Paul Hanley is a Partner Support Engineer for Intronis.

New Call-to-action



Topics: Malware

Ready Set Managed
Cyber security risk assessment
MSP Phishing Quiz
Intronis Local Lunches
MSP Marketing Assessment