What is CryptoWall?

CryptoWall is a file-encrypting ransomware program that was released around the end of April 2014 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. The media is commonly confusing CryptoWall with the CryptoLocker infection, when it is much more similar to the CryptoDefense ransomware. The most apparent similarity being that CryptoWall’s Decryption Service is almost identical to the one for CryptoDefense. In October 2014, the malware developers released a new version of CryptoWall called CryptoWall 2.0. This new version included some additional changes that are described in the next section.

Cryptowall is spread via drive by downloads or attachments on phony emails.

When you are first infected with CryptoWall it will scan your computer for data files and “encrypt” them using RSA encryption so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives it will open a Notepad window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500 USD and after 7days goes up to $1,000. This ransom must be paid in Bitcoins and sent to a Bitcoin address that changes per infected user.

Cryptowall is really problematic because all your data on your computer as well as your office server can become unavailable for all the users in the entire office.  Your two remedies are to pay the ransom or restore data from back ups.

In real world experience I have restored data via back up.  It is generally possible to decrypt the data with the key if you pay the ransom.  In either case it is a lot of effort to recover from the infection because you have to then make sure all the affected pcs and server are cleaned up properly.

Prevention is worth a pound of cure.  Having your pcs set up to avoid cryptowall is possible.  Having your data backed up is for sure the best approach.  If you need help with your office technology needs feel free to call Computer Guy Consulting for a quick consultation on the phone.



Leave a Reply