CryptoWall 3.0 - Dangerous ransomware is back with new version after two months of silence

Attackers have started distributing a new and improved version of the CryptoWall file encrypting ransomware program. The new version, dubbed CryptoWall 3.0, has a new distribution method- a so-called drive-by-download where the user does not have to click on anything. The new variant uses compromised advertising networks (poisoned ads on sites like Yahoo, AOL, Match.com, etc) and vulnerable versions of Adobe Flash Player to infect victims. Up to now, CryptoWall was spread via spam with infected email attachments and download links. Outdated Windows operating systems (XP, Vista), outdated browser plug-ins, or other malware already installed on computers are the most vulnerable to the attack.

In a nut shell, Cryptowall, CryptoLocker, and other variants are a sophisticated ransomware programs that encrypts the victims’ files with a strong cryptographic algorithm. Victims are asked to pay $500 in Bitcoin virtual currency (which often doubles to $1,000 after a certain deadline) in order to receive a decryption key that allows them to recover their files. However, even if the user pays for the decryption key, there’s no guarantee that the attackers will ever provide a key or remove the malware from the compromised computer. The only remedy is a complete hard drive wipe and re-installation of the Windows operating system. All programs, data (photos, documents, tax records, etc) are lost forever unless a backup is available.

BACK UP YOUR COMPUTER

We cannot stress enough the importance of having a backup solution in place. The best protection is using both a local storage device and redundant cloud storage. It is very important that the local backup is on a removable device that is then disconnected from the computer and network to prevent the backups from also getting encrypted. The Crypto virus is easily transmitted over to networked computers and any attached media, such as flash drives. Cloud backups (such as Carbonite and the like) are very affordable and offer extra protection against important data loss. Backups should be run regularly so recent files are protected. Imagine turning on your computer tomorrow and all your data is gone. Without a backup, there really is no way to get your important documents and photos back. You should never pay the ransomware as this not only promotes the activity, but as I said earlier, there is no guarantee that the attacker will provide the decryption key anyway. Never click on suspicious email attachments (phony FedEx emails, fake banking emails, etc) and keep your Windows updates, Flash updates, etc current. For assistance, or questions on your current computer security, call us (Rhode Island PC) at 401-484-7870.

-Gene Allsworth, Rhode Island PC, 567 South County Trail, Suite 102, Exeter, RI 02822