The Dangers of Ransomware: Cryptowall 3.0

April 17th, 2015

rsz_notebooks-569121_640Ransomware is a type of malware that infects your computer and encrypts your data until you actually pay to have it removed. The first sign of trouble is usually some sort of text telling you that your computers data has been protected by a strong encryption and you will not be able to work with them or even see them except by paying a set amount of money.
Experts say that incidents of Ransomware are increasing quickly. Cryptowall 3.0, one of the most common ransomware programs, is claiming over 1 million victims and collecting over $1.8 million dollars. According to Dell SecureWorks Counter Threat Unit(TM), this program is considered to be the largest and most destructive Ransomware threat on the Inter

The History Of Cryptoclones

In September 2013, Dell SecureWorks CTU observed a new Ransomware family called CryptoLocker. Previous versions of Ransomware did very little to actually lock up the computer or do any sort of damage and relied more on social engineering in order to collect a ransom. These old style Ransomware would prevent the victim from using their computer normally (such as locking the screen) while presenting a message that failure to follow the instructions would lead to serious consequences, such as jail or large fines. The malware would present some sort of fabricated offense such as downloading pirated software to make the user think that they were in trouble unless they paid up immediately. All the user really had to do was ignore the threat, run a security program in order to unlock the screen and then delete the malware.

CryptoLocker changed the whole game by actively encrypting all of the data on the victim’s computer and then demanding a payment to restore it. Early versions were spammed to businesses emails, often the message disguised as a customer complaint or a request for payment. The email contained a zip file that would contain a .EXE file of the same name. Upon running this program the malware would then attach itself to the computer and begin its job. After being executed, CryptoLocker would hide its presence from the victim’s computer until it successfully contacted a command and control (C2) server and encrypted the files located on the linked drives.
Early CryptoWall variants copied the behavior and appearance of the CryptoLocker malware,by early 2014 there were already several thousands of computers infected. At first nobody knew what to call this new Ransomware and it was simply dubbed -Cryptoclone- because of its great similarity to CryptoLocker. However, in March of 2014, the authors of this malware revealed that its true name was CryptoDefence. In May the authors changed the name to Cryptowall.

I Have Antivirus Program(S) Installed, Should I Still Be Concerned?

Ransomware is becoming a norm these days, specially with the advent of Cryptowall which has changed the nature and speed of its proliferation dramatically. The makers of this (and other) ransomware go to great lengths to trick antivirus programs by changing the distribution methods and the structure of the program. As soon as virus detection programs are able to crack down on one version of Ransomware, they are modified to bypass the filters and methods of that anti-virus program.
Therefore it is not enough to simply rely on antivirus software to block Ransomware (especially Cryptowall and its many variants) as many companies are discovering today. Having a false sense of security will only make you more vulnerable to these attacks.

How to Prevent an Attack.

In order to maximize your efficiency in preventing a future Ransomware attack, you must be highly vigilant. Detecting and eliminating the threat before it enters your server is a must. One way to do this is by blocking the initial e-mails that contain the software. Other methods include blocking network connections known to contain malicious content and stopping malicious process activity.
Even by taking all the precautions and keeping a vigilant watch on processes running on your computers and servers, there is still no guarantee you will not come under attack. This is why it’s very important to regularly backup your servers and computers, not only with physical backups but also by using cloud servers.
While you may not always be able to prevent an attack, by having a solid backup plan in place one can minimize the damage caused by Ransomware. A little planning can go a long way when it comes to keeping your company safe and secure from Ransomware.

Leave a comment!

Your email address will not be published. Required fields are marked *