Expert Opinion: CryptoWall 4.0 malware has evolved and is back with a vengeance

Security is a big topic at present with the recent hacking of Talk Talk’s IT systems resulting in confidential customer data being released to the public domain.

However it is not just about confidential customer data as the latest strain of vicious ransomware CryptoWall is out only one year after CryptoWall 3.0 made its initial debut.

CryptoWall over time has caused significant pain to businesses as well as individuals worldwide and this time is coming back with a vengeance to cause further pain and even more confusion.

What is CryptoWall?

Simply put it is a file-encrypting ransomware program. Once installed on your machine it runs in the background and attempts to gain access to all your files and encrypt them. Remember it can encrypt files on other systems if you have access to them even via a VPN.

It will, however, not make you aware that it is encrypting your files until it is complete. Once all files are encrypted it will submit the only key to decrypt your files to a random public server as well as remove the software from your machine, disable the Windows Volume Shadow Service and remove all previous shadow copies responsible for winding your system back to an earlier date and therefore preventing you from gaining access to any of your files.

Smugly it informs you of why you are experiencing issues accessing your files and requests a ransom amount for you to have a chance of regaining access to your files.

What is different about the CryptoWall 4.0 strain?

Unlike the strains before CryptoWall 4.0 will not just encrypt your files but also the file names making it even more difficult to recover those important files. Further to this it has adopted advanced malware dropper mechanisms to avoid most modern antivirus packages as well as firewalls.

Finally, and quite generously (stressing the sarcasm), they have provided other methods of making payments even through Bitcoin.

How do you get CryptoWall 4.0?

In very much the same way as all the previous strands: it will come through as an email attachment and almost always as a zip file. Normally posed as an invoice, CV or some form of attachment that you inquisitively want to open.

What can I do to protect my business from this impact?

There are a number of important things you can do to limit your risk of being impacted by CryptoWall 4.0 and these include:

Ensure you always have the latest Windows and anti-virus updates applied.
Do not open emails and especially attachments that are zip files from unknown senders, if you are unsure speak to your IT professional for them to validate it.
Make sure you have up to date antivirus software such as AVG Antivirus as well as antimalware software such as Malwarebytes to name but a few.

Most importantly, ensure you have a decent backup service in place.

What is a decent backup?

Quite simply a decent backup is one that backs up your data in multiple locations both locally and offsite on constant and frequent basis. Make sure you have confidence it is backing up your data and ensure to test it regularly or enlist in an IT professional to do this for you.

There are many forms of backup from file by file to complete image based allowing for quick and speedy recovery.

Should you ever be unfortunate enough to be impacted by the CryptoWall malware you will want to ensure you have a decent and reliable backup in place to minimise the pain.

It’s too late I think I have CryptoWall on my system!

Don’t immediately panic, there is a lot that can be done, but don’t try to do it all yourself. Our advice is to turn off your system and disconnect it from your network straight away. Speak to your IT professional and get them to recover your data and clear your system down.

If you have any further questions or are stuck and want some help then why not get in touch with one of our accredited IT experts by calling free on 0330 024 0530 or logging on to www.thirdline.eu/get-in-touch