Warning: Cryptowall 2.0 Ransomware is as Bad as They Come

Be advised, there’s a new digital threat on the scene that you and your employees need to be aware of. Known as Cryptowall 2.0, it’s a wicked virus that has the potential to encrypt and steal your files, making it the scariest thing to hit your front door this Halloween season.

Cryptowall is transmitted through email and it uses phishing tactics that are a favorite hacking trick. Phishing emails are characterized by posing as a legitimate message that the receiver would care about and normally open, like a financial statement, bill, invoice, or an urgent-sounding message. The goal of a phishing email is to trick you into opening the email and downloading its virus-laden contents. With Cryptowall, the attachment that you want to be on the lookout for zipped folders and PDF files.

Cryptowall may have a familiar ring to it, and that’s because it’s an upgrade to Cryptolocker, one of the nastiest viruses that we’ve come across in the past year. Both Cryptolocker and Cryptowall are a kind of virus known as ransomware, which operates by encrypting your computer’s files, locking you out of your system, and then demanding that you pay the hacker money for a ransom in order to decrypt your files and get your PC back.

With IT managers becoming wise to Cryptolocker and finding workarounds that allow them to recover files, hackers have stepped up their game too, and made Cryptowall even more difficult to safely remove from a system without paying the ransom (something that we at Resolve I.T. strongly advise against).

• New unique wallet IDs are used to send ransom payments. By assigning a unique payment ID for each victim, Cryptowall prevents victims from stealing payments made by other victims and applying it to their hacked account.
• Cryptowall will delete your original data files. Cryptolocker used to not do this, which made it easy for data recovery tools to retrieve your original files. With Cryptowall, using a data recovery tool in this manner is no longer an option. You’ll be forced to either use data backup solutions or pay the ransom.
• Cryptowall hackers use TOR gateways. These gateways allow the hacker to collect their money without being detected, and since Cryptowall hosts its own TOR gateways, the account cannot be blacklisted or detected.

For such a dangerous threat like Cyrptowall, you need to keep your guard up for phishing emails and know what to look for. You will also want to inform your staff about this threat and make sure that they’re extra careful with what they download from the Internet. Here are a couple of common sense tips that can keep your business safe.

• Do not open emails and download files from unknown and untrusted sources. Ransomware like Cryptowall uses phishing emails to trick you into downloading it. Pay extra close attention to the messages sent to you. If the URL looks off, or if you don’t remember using the financial service that the email claims you did, then chalk it up as a scam and contact your legitimate financial service over the phone to verify.
• Do not click on links in a suspected email. The ransomware can also be delivered by going to a website that will download malicious code onto your computer. Your antivirus program should block websites like this, but it’s not a guarantee. Your best bet is to avoid clicking on malicious links like these altogether.

If you suspect that you’re being targeted by the Cryptowall ransomware, or if your PC has experienced a worse case scenario and become infected, then call Resolve I.T. at (978) 993-8038. It’s our job to stay ahead of the hackers, and we’ve got a few tricks up our sleeves that can thwart the hackers plans to take your computer ransom and extort you for money. Call us today to gain the ultimate protection from the worst of the web.