Directive Blogs
Alert: Cryptowall 2.0 Ransomware On the Loose
The latest threats can put a damper on your business plan and put your company at risk. Therefore, it's only natural to protect yourself from them. This new threat in particular, Cryptowall 2.0, has the potential to do plenty of heavy-duty damage to your business's network, if given the opportunity.
New threats surface all of the time, but spear-phishing email attacks are some of the most dangerous out there. Cryptowall, which also goes by the name of Cryptolocker, targets those who are unaware of the emails they receive. The virus is found within zipped folders and PDF files sent via email disguised as invoices, purchase orders, bills, complaints, or other business-related messages. Cryptowall 2.0 is an enhanced version of the original Cryptowall ransomware, which had the power to encrypt files on your network and local data.
Previously, it was fairly simple for network administrators to recover their files. Now, the malware developers have taken extra steps to make it difficult for users to recover their files without paying the fee. Some of the changes made with this enhanced version of Cryptowall include:
- Unique wallet IDs are used to send ransom payments. The original Cryptowall ransomware didn't use unique payment addresses for each victim, which allowed other victims to potentially take the payments made by others and apply them to their own PC. While this act itself seems like a slap in the face to other victims, it did allow users to recover their files without paying the fee.
- Cryptowall can now securely delete your original data files. Previously, Cryptowall wouldn't delete the original files, making it easy to use data recovery tools to recover them. This option is no longer possible, meaning that your choices are limited to data backup solutions or paying the ransom.
- Cryptowall 2.0 uses its own TOR gateways, allowing malware developers to collect the ransom without being detected. Previously, these payment servers could be blacklisted and unreachable; but now that Cryptowall hosts its own TOR gateways, they cannot be blacklisted, and are a much greater threat.
Obviously, this threat is extremely dangerous and should be prepared for. In order to prevent this ransomware from infecting your computer, you must remain ever vigilant. Try some of these tips to avoid getting locked down:
- Do not open files sent by unfamiliar email addresses. This is the biggest thing you can do to keep yourself safe. This malware attempts to weasel its way past your antivirus and firewall by disguising itself as something else. The best way to keep your network and systems safe is to only open files you can trust.
- Do not click on links in suspicious emails. By clicking on suspicious links, you're inviting the contents of the malicious website to infect your system. It's best to treat every unfamiliar link with some suspicion, especially until this new threat has been dealt with.
When disaster strikes, you can count on Directive to be there for you. We can provide you with all of the information you need to know about the latest threats, so you can better protect yourself against them. For more security consulting, or if you think you've been compromised, contact Directive at 607.433.2200.