CryptoWall: Watch out for Ransomware!

Next story

CryptoWall appears to have had an update to version 2. What is CryptoWall? How does Version 2.0 differ from Version 1.0?

CryptoWall was the talk of the town during summer this year. CryptoWall is a piece of Ransomware: meaning that it literally holds your files, or even whole system, to ransom. Infected users see a page which states that “all [their] files were protected with a strong encryption… you will not be able to work with them, read them or see them”. The author then announces that “with [their] help, you can restore them”.

Essentially you have to pay the author of the malware to unlock your files again: this is how they produce revenue.

How does CryptoWall Version 1.0 differ from Version 2.0?

CryptoWall version 2.0 is, and other pieces of modern malware are, capable of updating “on the fly” and becoming “completely undetectable until another signature is found”, says ESET’s Mark James.

“With an estimated encryption rate of more than 5 ¼ billion files and at least $1m extorted” using CryptoWall version 1.0, James thinks that “with knowledge of how the first strain failed and how antivirus companies detected it, it’s quite possible we could see a more widespread version in V2”.

On the other hand, James thinks that given “consumer knowledge of how relatively easy it is to protect against” we could see the opposite effect. He recommends a “correctly managed periodic backup procedure that does not rely on copying data real time” in order to “negate a lot of the damage caused by any encryption malware”.