CryptoWall 4.0 is back, but a vaccine is available according to Romanian cyber-defence company, Bitdefender.
The company announced its development of a vaccine earlier this week, saying “to stop the spread of this threat, Bitdefender anti-malware experts have developed an antidote, a piece of software that allows users to immunise their computers and block file encryption attempts.” The post also mentioned that it had found strains of this new version of CryptoWall in Western Europe and as far a field and China and India
CryptoWall is a kind of ransomware which infects a victim's computer and then proceeds to encrypt their documents so the user cannot access them. Once the deed is done, the ransomware will charge the hapless victim to recover their files, commonly using Bitcoin.
Supposedly developed in Russia, 4.0 is supposed to be a wildly more aggressive version of CryptoWall, which is reported to have stolen £214 million over it's short year-long lifespan. Bitdefender wrote in its announcement that “Its high turnaround prompted other cyber-criminal groups to write new code that uses more sophisticated encryption algorithms”. This version makes it extremely hard to recover those files by scrambling the file names of the encrypted documents. This version is also harder to detect with anti-virus software and restore points are erased, so the user can't restore their computer back to an uninfected state. The banner text smirks, congratulating the victim on becoming “a part of a large community.” Strangely enough, it will not encrypt your files, despite infection, if it detects Russian as a keyboard language.
Palo Alto Networks wrote in a blog post, released several days ago, that it had found 10 unique samples of the ransomware used to conduct nearly 60 infections but “it appears that this new version of CryptoWall is still in early use by attackers”.
The 4.0 version of CryptoWall emerged quickly after the industry organisation, cyber-threat alliance, handily undressed version 3.0 the ransomware in a report earlier this month. Greg Day, the VP and CSO of Palo Alto Networks for the EMEA region, and a great supporter of the alliance told SCMagazineUK.com that: “The changes in v4 were incremental so most of the insight previously shared in the research is valid and can be used to identify and prevent CryptoWall attacks”
There has been a bold comeback for Ransomware in the last week, even after several high profile arrests of the authors of major forms of ransomware and the public unmasking of CryptoWall 3.0. A new form PowerWorm has appeared in the last few days and the cyber-security giant, Symantec has confirmed that Mac OS X is vulnerable to ransomware.
Bitdefender is keen to remind users that “this tool acts as an extra layer of protection, together with your anti-malware solution. If your computer is already infected with CryptoWall 4.0, the vaccine will not help disinfect it. The tool should be installed and used as a proactive measure against this specific strain of ransomware.”