A new virus is flexing its corrupting muscle on computers and users worldwide. CryptoWall first appeared in February of 2014, but attention surrounding the ransomware spiked this summer, when researches at Dell SecureWorks reported on it. In October of 2014, the UK Register revealed that 830,000 victims had been infected — a 25% increase since August of 2014.
The scariest aspect of CryptoWall is that it’s spreading via “malvertising,” or compromised banner ads on legitimate websites like Yahoo, AOL, and MSN. The infection is transmitted via Flash, so if a user simply visits an affected website with Flash enabled in their browsers, the user’s PC can be infected without even clicking on anything malicious. This means most anti-virus programs are unable to prevent CryptoWall, leaving any computer and user vulnerable.
How does CryptoWall work?
Similar to notorious past ransomware examples like CryptoLocker: once the virus gets inside a host computer, it connects to illicit servers; uploads sensitive info like your public IP address, location, and system information; and generates a random encryption key. That key begins copying individual files, both on your computer and on any mapped external drives, shared networks, and cloud-based storage. Once encrypted copies of those files are created, originals are deleted from the hard drive, preventing users from accessing them.
How do I know if I’ve been infected?
Two telltale signs: 1) If you attempt to open a file and the data is jumbled or not displaying properly, and 2) If you attempt to open a file and get something like “DECRYPT_INSTRUCTION” instead. This will provide instruction for paying a ransom (usually $500 to $1,000) and obtaining a decryption key, which sometimes works to retrieve data and sometimes doesn’t. Even when it does, it’s a time-consuming task.
So what can you do to avoid infection?
We have a list of the 4 Ways to Fend Off CryptoWall, the Latest Ransomware Virus Threat.