There is now an updated variation of Cryptowall, please see this article for updated information.
Cryptowall is an imitator of the ransomware, Cryptolocker. Cryptolocker is typically passed through emails that appear to come from legitimate sources and is it executed through link-clicking within the email. Once a computer is infected and files are encrypted, Cryptolocker leaves victims with only two options: pay the ransom OR restore the now-inaccessible data from backups. (The creators of the malware clearly want you to pay the ransom.) Failure to do either of the two options results in the loss of files. The computer network powering Cryptolocker has since been taken down by the FBI. Cryptowall infections have continued to grow after the recent Cryptolocker take down. Cryptowall is also a form of ransomware that demands a payment in exchange for decryption of files. According to Cisco, the ransom increases three times until reaching the maximum of $600. After the allotted time is up, then files are not retrievable through decryption and restoring from backups is the only option. Cryptowall is very similar to Cryptolocker, but it can enter computers differently and accepts bitcoins as payments; whereas Cryptolocker did not.
How does your computer get infected?
Malicious Advertisements, or malvertising, is the leading method of distribution for Cryptowall. Major websites, such as Disney, are reported as unknowing hosts to the malicious advertisements. Ads appear to be from authentic sources, but once clicked, users are brought to a malicious page that prompts a download that infects the user’s computer with Cryptowall. The downloads also appear to be from authentic sources such as Adobe Flash Player. Users are told that their programs are out of date and are promoted to download a file claiming to update the software. Once downloaded, the computer is infected. The Hacker News reports that other major popular sites with the Crypto wall’s malicious ads include: “apps.facebook.com,” “awkwardfamilyphotos.com,” “theguardian.co.uk” and “go.com,” among many others.
What does Crytpowall do?
Like Cryptolocker, Cryptowall encrypts a computer’s local files and demands a ransom to decrypt them. If the ransom is not paid within the given time frame, the files are not retrievable. Unless backups are in place, files such as photos, Excel spreadsheets, Word documents, and Power Points are forever lost.
How can you protect your files from Cryptowall?
Regularly backup your files. Backups ensure that your files can be restored if ever lost. Backing up files can save you the pain of paying the ransom. (Plus, paying the ransom doesn’t always ensure you’ll actually get your files back.) A small town in New Hampshire infected with Cryptowall refused to pay the ransom but was only able to do this because they could restore their files from their backups.
To avoid getting infected altogether, know when links and emails are suspicious.
What to do if your computer is infected with Cryptowall
Your computer needs to be professionally cleaned if you are infected with Cryptowall. If you restore your files from backups but do not clean the infection from your computer, your computer is still infected and the virus can emerge from the background to attack again and again until the infection is actually removed. Though it is possible to remove the files yourself, it is recommended to bring the computer to a professional repair shop.
Should You Pay The Ransom if You Do Not Have Backups?
Microsoft does not recommend paying the ransom. Microsoft writes, >We don’t recommend you pay. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.” If you do not have backups in place for your files, we recommend implementing them immediately to avoid devastating losses of data.