In 2014, CryptoLocker terrorized our computers with horrific ransomware. Then, after CryptoLocker was shut down, CryptoWall was released, which terrorized our computers even more.
At first, CryptoWall looked like it would be a shoddy knockoff version of CryptoLocker. It had serious vulnerabilities which made it easy to defeat: even if you didn’t pay the $200 ransom.
But instead of dying off, CryptoWall has actually become stronger over the past few weeks. Security researchers are claiming that CryptoWall is smarter than ever before and has implemented new defenses that have made it extremely difficult to defeat.
CryptoWall demands between $100 and $600 for ransom
CryptoWall, like other ransomware viruses, encrypts your files and then asks you to pay an exorbitant fee to unlock those files.
For CryptoWall, that fee ranges between $100 and $600. In August 2014, it was estimated that CryptoWall had infected approximately 600,000 computers, earning $1 million in ransom fees.
The only way to counter CryptoWall is to restore from a backup
At this point, there are only two ways to counter CryptoWall: first, you can pay the ransom for between $100 and $600.
Or second, you can restore your files from a backup. However, restoring your files from a backup only works if that backup wasn’t connected to your computer when it became infected. If you use a portable hard drive to store a backup Windows image, for example, then that image could also be encrypted.
If you use cloud storage, however, or have a portable hard drive which you leave disconnected from your computer, then you might be able to successfully restore your files from that backup.
CryptoWall’s new defenses make it stronger than ever before
Security researchers have identified a number of frightening improvements in CryptoWall, including:
-It has been coded to run on both 32-bit and 64-bit systems, which increases its chances of infecting any computer
-Mac OS X is a 64-bit operating system, and it’s reportedly not immune to CryptoWall attacks
-CryptoWall will not run if it detects that it is running in a “sandbox” (a virtual machine which prevents the virus from accessing other data on the computer). Security researchers do this in order to examine viruses without damaging other parts of the computer. CryptoWall doesn’t run because it doesn’t want security researchers to understand how it works.
-CryptoWall blocks viewing the IP addresses of the servers that CryptoWall connects to, which prevents law enforcement officials from shutting down those servers or investigating further
-Tor completely anonymizes itself by communicating with all command-and-control servers through the Tor network, which anonymously routes internet traffic through a network of servers scattered around the world. Understandably, this makes the processes very hard to trace.
Apparently, the CryptoWall developers have been “continuously morphing” the software to stay ahead of security advancements. And that should frighten anybody who wants to keep their files secure.
If you want to read about the technical side of these improvements, you can read this article on the Cisco security blog, which called the new version of CryptoWall “CryptoWall 2.0” and labeled it as “Ransomware on Steroids.”
Once again, the best way to avoid CryptoWall is to maintain an active backup on cloud storage or on a portable hard drive that is not attached to your computer. If you do that, then you limit the amount of damage CryptoWall can do.