Over the last 18 months we have seen a number of highly publicized security threats that many companies and consumers struggled to deal with. One of these threats was some nasty Malware called Cryptolocker, which holds your files for ransom. While this has now largely been dealt with, news is surfacing of a second version - called CryptoWall - that has begun to infect users.
The Trojan is mainly distributed through spam campaigns, compromised websites, malicious ads, or other malware.
It is very important to understand the class of malware that CryptoLocker and CryptoWall belong to. Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don't pay before the deadline, your files are deleted.
When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn't go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by CryptoLocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.
Possibly because of efforts by security firms to neutralize the CryptoLocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.
With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open. The Trojan may also be distributed through exploit kits hosted on compromised websites or malicious ads.
The developers did however make some "improvements" to the malware that make it more difficult to deal with for most users. These changes include:
CryptoWall doesn't go after passwords or account names so far that we know, so the usual changing of your passwords won't really help.
The best ways to prevent this from getting onto your systems is to stop it before it enters your network
Since the most common way for this virus to get into your systems is through the user unintentionally letting it in mostly through attachments in email it is crucial that companies have and Implement a managed email security policy with products such as our SpamControl which is a managed email security platform which acts as one of the most important layers of security that you can implement.
Should your files be attacked and encrypted by this malware, then the first thing you should do is to contact us. We can work with you to help find a solution that will not end up in you having to pay the ransom to recover your files.
If you want to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then contact one of our representatives and we can speak about how we could be your best line of defense.