In operation since early 2014, CryptoWall has already infected millions of computers around the world. They present themselves as benefactors of the Internet, proving to people that they are not safe because they can infect their computers without any problem. In reality, CryptoWall is designed to extort money from you by offering you an antivirus solution. For over a year, it has been rampant in Europe, Asia, the United States, Africa, … The only users not yet affected by the malware are Russians. The virus does not seem to be able to modify files using the Cyrillic alphabet.
A new version of this ransomware
“means malware that encrypts your personal data and demands a ransom. CryptoWall was upgraded to 4.0 some time ago. It is distributed via infected e-mails and asks victims to pay around €650 in Bitcoins (1.83 BTC). Active since April 2014 and having acted under three different variants, CryptoWall has today caused damage amounting to 261 million euros in the USA alone, according to the CTA (Cyber Threat Alliance).
What’s new in version 4.0
The malware works on the same principle as the other versions: it exploits the victim’s computer via a contaminated attachment in an e-mail message, undetected by anti-virus software. The user will unknowingly install software to encrypt personal data. The only solution offered by hackers is to pay a sum of money to have the data returned.
Version 4.0 now encrypts all computer files itself. Why? So that the user can’t tell which file contains crucial data and which doesn’t. So don’t bother running an antivirus scan – it won’t find anything! The aim is to confuse the victim and to further restrict the means of recourse, so that the only solution found by the victim is to pay the ransom.
To avoid this type of virus, use a specific system to analyze suspicious files using several independent mechanisms capable of detecting unknown viruses.
What to do when you’re hit
In the case of ransom demands, it is usually advisable not to play into the hands of the pirates and not to pay. However, some US authorities advise victims to pay the ransom, which is much easier and ultimately cheaper than any other method that could lead to damage to your computer. Antivirus and anti-malware programs are ineffective once a computer has been infected. As the number of infected computers continues to grow, the ransom amount decreases with each version, and hackers, as in traditional markets, have more interest in getting a lot of people to pay a little less than in seeing just a few people pay full price. A truly profitable business is being set up…
The best way to avoid becoming a victim is to protect yourself properly against this type of attack. To achieve this, Altospam has integrated a genuine protection mechanism based on: analysis by 5 antivirus programs, automatic detection of suspicious files, verification of dangerous file signatures against a metabase, and on-the-fly analysis of macros by deobfuscation and script code analysis. This veritable antivirus fortress blocks all new attacks, even unknown ones, at source.
More information at www.altospam.com