Caution: Enhanced Cryptowall Ransomware Threatens Networks

As a business owner, you have an obligation to keep your data and network files safe from prying eyes and criminals. The latest threats, like the new Cryptowall 2.0 ransomware, can be a difficult hurdle to jump, especially when they are disguised and designed to ruin you. Thankfully, you don’t have to take on these threats alone.

But, of course, nothing ever goes as smoothly as you expect it to, especially in the technology world, where hackers run rampant. This is especially true with Cryptowall 2.0, an updated version of a previous malware known as Cryptolocker, which locked down files on systems and demanded money for the decryption key. This particular threat takes advantage of unaware email users and tricks them into opening infected PDF files and zipped folders. These can be disguised as any number of official documents, such as invoices, purchase orders, bills, and complaints.

Unlike the previous Cryptowall variant, this new enhanced threat makes it much more difficult for users to recover their encrypted files. This forces them to pay the ransom or lose their files, rather than exploiting weaknesses in the ransomware to recover their files. Here are some changes the malware developers came up with for this new version of Cryptowall:

• Unique wallet IDs are used to send ransom payments. Before Cryptowall’s upgrade, victims of the ransomware had to submit their payments via the same payment address. These victims were able to potentially get around the flaw without paying by stealing someone else’s payment, then using it for their own system. It might sound like a pretty dirty thing to do, but it did the trick, and users were able to get their files back. With unique payment addresses for each victim, this option is no longer available.
• Cryptowall 2.0 has the power to delete your original data files. The earlier version of Cryptowall didn’t have this capability, and users were able to recover their files with data recovery solutions. This is no longer the case, as Cryptolocker deletes the originals, making data backup and paying the ransom your only two options. If you don’t have a backup solution at the time of infection, you’re stuck in a tough spot.
• Cryptowall 2.0 uses its own TOR gateways. Previously, the malware developers responsible for Cryptowall had to remain anonymous on public TOR gateways to avoid detection. This prevented the gateways to payment addresses from being blacklisted and unreachable by the public. Now, on the other hand, they no longer have to remain in hiding, thanks to self-owned TOR gateways.

This is not a threat you want to meddle with, and by not taking steps to keep your business safe from it, you’re playing with fire. In order to prevent catastrophe, you must remain cautious at all times. Here are some tips you can follow to keep your company safe until a patch or solution has been implemented:

• Only open trusted email attachments. This should be common sense, but if you get attachments from anyone, trusted or untrusted, you should clarify what exactly it is before opening it. Failing to do so could lead to Cryptowall locking down your network files, grinding any productivity to a halt. Do not open attachments from unfamiliar senders, and follow up on anything else.
• Avoid suspicious links in your emails. Even links included with emails could be enough to produce a Cryptowall infection, or other malware. If you’re receiving emails from unfamiliar senders, it’s a fair assumption to question the content of that link.

All it takes is one mistake to lock you out of your entire network. Macro Systems can help your business avoid the pitfalls that could leave your business vulnerable. We’ll keep you in the technology threat loop so you can protect yourself from the latest dangers. For more information concerning Cryptowall or other security issues, contact Macro Systems at (703) 359-9211.