A new strain of ransomware called CryptoWall (and variant CryptoDefense) has picked up where CryptoLocker left off. Hot on the heels of the botnet takedown, which stopped the spread of CryptoLocker (after infecting over 250,000 computers), the Center of Internet Security (CIS) has reported an increase of new CryptoWall malware infections, targeted at Windows systems running Windows 8, 7, XP and Vista. Similarly, this malware takes over systems, restricts access to files and folders, and attempts to extort users for a ransom.
Unlike the $300 ransom of CryptoLocker, victims of CryptoWall are given a deadline to pay a $500 ransom or it doubles to $1,000. We’ve also seen the decryption price reportedly increase by 3 times. If victims don’t pay up before the new due date (shown with a count-down timer), victims lose their files for good. Once the key to decrypt their files is deleted, those files are rendered useless.
How it spreads
This strain of ransomware, is distributed through a variety of sources including phishing emails, fake application updates and the use of malicious ads on legitimate, well-known sites.
Preventing infection
- Block Traffic from Known Fraudulent IP Addresses
The Multi-State Sharing & Analysis Center (MS-ISAC) recommends blocking traffic to/from IP address: 146.185.220.0/23 at your network perimeter. - Click with Care
Practice common sense and don’t click on any ads you aren’t certain about. - Use Anti-Virus and Anti-Malware Software
Not all anti-virus software will also protect from malware. Anti-malware software may be required. Also, make sure your software definitions are up to date.
- Keep Regular Backups of Your Data
Plan ahead and keep regular backups of your data. Should you become a victim of CryptoWall, you can simply restore your files from your backup. NovaStor offers simple and affordable backup software solutions for the automatic protection of files, and create disaster recovery image backups. IT resellers can show customers the value they place in a client’s data, and make excellent margins in the process. - Don’t Click on Suspicious Emails
If you receive any suspicious email, verify the legitimacy of the sender and don’t click on any link you are uncertain about. Specifically, avoid emails that may be disguised as faxes, voicemails, or UPS (especially if you are not waiting for a shipment), as these are known sources for CryptoWall malware. - Keep Patches Updated
Since it is a known fact that RIG exploit kits are targeting unpatched versions of Flash, Java and Silverlight multimedia, by all-means, keep these patches up to date.
Are you an IT provider, interested in protecting client data and making great margins? Consider becoming a NovaStor ValueCREATE! reseller partner. http://www.novastor.com/partner