Expert Opinion: Cryptowall – what is it and how do I deal with it?

Cryptowall has been with us for a couple of years, but its third incarnation is the nastiest yet, as Terry O’Kelly and Amar Mohammed from Thirdline explain. 

Viruses and other harmful software have been around since the time of the great invention, the World Wide Web.

As the internet has advanced so have these damaging software’s meaning that if targeted you may find that a simple anti-virus scan just won’t be enough.   

So what is Cryptowall 3.0, how do we safeguard against it, and what should we do if we are infected?

What is this new found CryptoWall 3.0?

CryptoWall 3.0 is recognised as a Trojan rather than a virus because of the way the software enters the network or system and the damage it causes. 

A virus would normally enter a system on the back of downloading another software and will become very apparent to the user as they continue to use the machine.

A Trojan is software that tricks the user into opening a file or downloading what is perceived as useful software. An example of this is an email from what seems to be a reliable recipient asking you to open the attachment to view a document or even software.

Some Trojans will be annoying software or like the CryptoWall 3.0 encrypting all your data eventually locking you out and asking for a ransom of a ridiculous figure. 

What is the damage or harm of the CryptoWall 3.0?

CryptoWall 3.0 executes a Trojan on the system and eventually network, creating a number of registry entries to store the path of the encrypted files encrypting all files found.

The CryptoWall 3.0 attempts to convince the user to pay a financial ransom in order to unlock the files.

This Trojan on some occasions has infected cloud storage applications used by the user compromising data that is used company wide.     

The Trojan software was designed to prevent the user from accessing their files and forces them to pay the attacker in order to regain access. It does this by encrypting a wide variety of files on the compromised computer using public/private key encryption with a strong 2048-bit RSA key. 

Once the files are encrypted, the Trojan displays a text document or HTML page with a message.

The message informs the user that their files have been encrypted and gives instructions on how to obtain the decryption key needed to unlock the files. It may also warn users that the decryption key will be deleted after a certain time period to pressure the user into paying sooner. The attacker may demand hundreds of US dollars in payment and the amount may increase after a specified time period. 

All something you don’t want in an organisation or even a home, so let’s learn how to stay away from such harmful software. 

How to watch out for the CryptoWall 3.0

The CryptoWall 3.0 is mainly distributed through spam campaigns, compromised websites, malicious ads, or other malware. Emails received by users could claim that the attachment is an invoice, an undelivered package notice, or an incoming fax report.

If the user opens the attachment, then their computer will be infected with the Trojan CryptoWall 3.0. 

What precautions can I put in place?

Thirdline’s service delivery manager Terry O’Kelly has ample experience with malicious software and always reiterates a common recommendation, backup the backup of the backup, in case of situations like these.

Terry has created and deployed abundant custom backup solutions for organisations of all sizes and has saved a number of organisations from damaging software like CryptoWall 3.0 through their custom backup solution. 

Amar Mohammed from Thirdline has grown through the boom of social media and has watched older generations then himself embrace technology at a rate never seen before. Amar knows and expresses the importance of education, educating users of what they are doing on the internet and teaching organisations and individuals through tutoring on what to be careful of.

A man of academia, Amar resorts to educating users to use their common sense and speak to professionals to question anything they haven’t seen before. 

Thirdline would urge users to take precaution on what actions they perform sending and receiving emails and surfing the internet, also ensuring that verified backups are in place at all times.

If in doubt, tweet @ThirdlineUK or call 0800 0822420 and ask the questions: it’s free.