CryptoLocker scare in 2013, CryptoWall’s devastation in 2014,
now, the most advanced version of ransomware, introducing CryptoWall 3.0
CryptoLocker was first introduced in 2013 and caused disruption in the business community. “Ransomware” was a term that had been written about, but it seemed esoteric and not a direct threat, until the files on our own computers were actually being held to ransom.
In CryptoLocker’s first 100 days it made almost US$1 million and infected up to 250,000 systems between October and December 2013 according to Dell SecureWorks.
It wasn’t long before solutions began appearing from the major cyber security businesses, leading us to think that the creators of CryptoLocker weren’t as sophisticated as we had been led to believe.
However, an updated version, known as CryptoWall 2.0 or CryptoDefense, was released in 2014, actively infecting 625,000 systems between March and August.
A notable victim of CryptoWall 2.0 was ABC News 24which was prevented from airing its live news program, according to The Inquirer.
Now the most advanced version of ransomware, CryptoWall 3.0 is infecting the systems of businesses and individuals.
What does CryptoWall 3.0 do?
CryptoWall 3.0 does what CryptoLocker has famously done before. Once activated, the malware or ransomware encrypts all the files on the computer or network and instructions are given to pay the ransom for the decryption key. The ransom can be from US$500.00 up to US$50,000.00 depending on the targeted victim.
The most popular way for the CryptoWall 3.0 infection to begin is from email attachments and download links which are often disguised as something irresistible, such as a utility or delivery related services.
Infected advertisements and websitesare also spreading CryptoWall 3.0, often without the victim knowing that the malware has been downloaded and installed.
Tor is a utility that was designed to protect identities online and is used widely by journalists, military and citizens of nations that impose censorship, to exchange important classified information, or to have their voice heard.
The CryptoWall 3.0 creators use this type of technology to send and receive messages anonymously. This has made it easier for the victims to carry out the ransom instructions and has made the payment channels more secure.
How Do I Know if I’m Infected with CryptoWall 3.0?
If your computer is infected with CryptoWall 3.0 your desktop will be decorated with HELP_DECRYPT.html wallpaper and HELP_DECRYPT.txt text files will be placed in every folder in your computer. Instructions are provided to acquire the decryption key. Previous versions of this attack were focussed on English speaking victims but CryptoWall 3.0 has been updated to match the language of the victim according to his or her I.P. location.
(Photo : FBI website/warning captured, can we underline the bottom line about $18 million?)
The F.B.I. released warning last week to warn the world of CryptoWall schemes. They have reportedly received almost 1,000 complaints, which projected the losses of over US$18 million from both CryptoWall 2.0 and 3.0.
CryptoWall has infected 100,000 more victims than CryptoLocker according to Dell SecureWorks and the number is expected to grow.
According to Trend Micro, the region most affected by CryptoWall is Australia and New Zealand with 50.38%, followed by North America and Europe with a combined total of 38.45%. These figures were as of March 2015.
What Do I Do to Protect Myself or my Business from CryptoWall 3.0?
CryptoWall 3.0 has evolved and it’s security has been tightened to prevent anyone from reversing its attack and encryption of files on computers and networks. Filtering or blocking the attacks with anti-virus or anti-malware programs is now extremely difficult.
The best way to protect your data is to regularly back up your files on a device that is then disconnected from your computer or network.
Be vigilant in identifying email messages from unknown senders and train staff not to click on links or attachments of emails that fall into this category.
Keep your software up-to-date and invest in security solutions that offer protection against the latest threats.
Unlike the first versions of Crypto-malware, it is impossible to decrypt the files, but it is definitely not recommended to pay the ransom as it encourages the criminals to expand this type of exploitation.
Your first move should be to contact local cyber law enforcement agencies.