Beware of CryptoWall ransomware

Aug 11, 2014

In case you haven’t heard of it, ransomware is a type of malware that infects a computer. It locks data files, or the entire system, and demands payment to free the information. What’s worse, sometimes the hijackers take the payment and still don’t unlock the data.

The CryptoWall version is a file-encrypting program that was released around the end of April 2014. It targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.

In a nutshell you get infected by opening an attachment on a spam email, or being tricked by a website into installing an “update”. Once installed it works its way through your file system encrypting your files and leaves behind messages in each folder saying if you want them unencrypted you will have to cough up.

When finished, it deletes any shadow copies which your data could be recovered from and pops up a screen message telling you what has happened – and a threat to pay up or else. Mapped network drives are also crawled so a client can end up encrypting files on a server. The encryption is considered uncrackable. Your only options are to clean out the ransomware and restore everything from backups, or pay the ransom and hope that your files will be unencrypted.

What should you do?

There is a lot of spam activity underway at present. Beware of emails with dodgy attachments or links posing as invoices or other documents. It doesn’t appear that you can rely on anti-virus / malware scanning to protect you.

An ounce of prevention is worth a pound of cure – as the saying goes. Make sure you have good backups which are not on your computer or a mapped network drive – since if the backup also gets encrypted you will end up in a bad state.

« Back to articles