Sunday, September 27, 2015

Cryptowall is back on the prowl, so watch your back...


Back in 2014, a nasty virus called "Cryptowall" reared its unsightly head in the computer world, and it proceeded to leave a fair deal of pandemonium in its wake.
Of course once antivirus definitions the world over became aware, the threat was largely eradicated and peace reigned in the Kingdom of CPU.

These things are like a bad rash though, and there has of late been a resurgence of this particular bad boy on PC's all over the place.
Hell, Carte Blanche even featured an article on the virus a few weeks back - I'm sure the wonderfully talented humans who coded it must be awfully proud! Well done guys! 

Anyway, back to the post - in short, watch your back as you normally would when dealing with the internet, email, flash drives from other PC's, pretty much as you would do when walking down a dark alley at night.
This particular threat entices the hapless victim by means of links on dodgy sites, links within the attachments of spam mails and a variety of other sneaky tactics.
Once the user clicks on the link, if not stopped by an antivirus, the virus will then initiate and continue to install itself in memory, and as a startup item on the infected PC.

Symptoms of Cryptowall (how you know that you are infected...):

  • Cryptowall scans the PC for folders which contain your meaningful data - here we are talking about the Desktop folder, My Documents etc.
    It also scans mapped network drives - these will become infected as well, but only specifically mapped drives.

  • Next, it encrypts every "work" file that it finds - this includes Word documents, Excel documents and PDF documents, among others.

  • Finally, it dumps approx. 4 files into every folder that it has encrypted, named "HELP_DECRYPT.ext" - each of these files provides instructions on how to decrypt your data, and it's pretty simple - pay up. Yup, all this virus amounts to is extortion.
    The variation of the infection that I recently dealt with wanted payment in Bitcoins, but I'm sure they take Diners Club, AMEX, VISA and many other forms of payment too :)

  • Any attempt to now open an encrypted file will result in a generic program error, as if the data within the file is corrupted.
    At this point, panic may set in.
    This is justified, since there is no way to decrypt the files without paying up, unless you have a recent intact backup of your files. Do not plug your backup drive in, until you are 100% sure that your PC is clean again.
    For a very technical rundown of the threat, including cleaning and recovery options, check out:
    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
You DO NOT want to see these files on your hard drive...
So in essence it's a pretty simple virus, but the impact that it can have on a business with a lot of data is HUGE.
After going through a rough few days taking one of these bad boys down recently, my advice to end users is simple - protect yourself in every possible way, and that isn't limited to antivirus software.
Sure, getting yourself a great antivirus like Avast is a non-negotiable, however always tread carefully when making use of a public domain like the internet.

Watch where you browse. 
Triple check who sent you that not-so-kosher looking email.
Don't click on that link in the body of a "banking" email, and if you do end up being on the very unfortunate receiving end of one of these, make sure that your data is backed up somewhere off your PC - preferably on an external drive.
Reactions:

1 comments:

  1. Did you think about picking the best Bitcoin exchange company - YoBit.

    ReplyDelete

 
UA-10656659-1