It has a new name.
help_your_files ransomware. Threat watchers discovered the resurgence of CryptoWall after receiving and examining multiple complaints from concerned users who hadn’t heard of the strain of ransomware. It literally snuck up on them.
The attack vector is still email.
CryptoWall 3.0 relied heavily on naive end users opening unfamiliar attachments in unfamiliar emails. The logic is like accepting an invite to free candy in a dark alleyway from a stranger. CryptoWall 4.0 is not different in this regard.
While hacking schemes are more sophisticated and targeted in today’s IT field, it really feels that an attacker could put in an email “DON’T CLICK THIS LINK BECAUSE I’LL DELETE ALL YOUR FILES AND PICTURES AND STEAL YOUR MONEY” in bold, large, red letters, and some end users will still click it (hold my beer and watch this).
It has upped the game to encrypt file names too!
Previous CrptoWall left the file names so you can see the files there, and salivate at getting them back, so you’d send money. This didn’t work to the hackers benefit in 3.0; you could pick and choose which files to attempt to de-crypt, since attempting all of them would take lots more time and money. Now, you won’t know which files you are locked out of, the file names will just appear randomly.
Worst part yet, paying the ransom doesn’t always help. The more money hackers make, the more incentivized they become. Plus, there is no guarantee they will comply with sending you the decryption key for your files. CryptoWall has already extorted $325 million from victims internationally, and not all have ended happily.
CryptoWall 4.0 behaves like previous versions.
This is probably the only good news a new CryptoWall comes to bear. Because it is transmitted, behaves, and communicates the same way 1.0, 2.0, & 3.0, it is predictable. While this is good news, it won’t stop it. The weak link here is the end user, but we can utilize tools like Spam Filtering, Antivirus and Content Filtering to give the user warning (like a police car and crime scene tap in front of the alley) and opportunity to stop the infection. We also know that a good online backup, like Carbonite, provides us with a fail safe to fall back on in the event of the worst.
Lets stop it.
Our first step in stopping any virus outbreak is user education. Just like it is important to teach children how to wash their hands to kill germs, it is important to teach users to think before they open emails or websites, especially ones they are not expecting. A lot of serious infections occur when the timing of a malicious email is just right, you were expecting a resume and the virus arrives disguised as a resume. It is important to pay attention to what you are opening and where you are going on the web today. Blind clicking is like driving too fast, you may get there quicker, but eventually it will catch up with you. In any event, we cannot depend on user intuition alone, we must use business-class protection, and we need it fast:
Office 365 spam filtering is one of the best, utilizing a combination of content analytics (reading the email for spam-like word and phrase combinations: You’ve won a million dollars! Just send us your social security number and claim your prize!) and malware scanning to protect users from getting malicious emails in the first place.
St. Aubin Technologies and Carbonite Online Backup have a long standing relationship, saving many of our clients gigabytes of data from being lost forever, which could have resulted in thousands, if not millions, of dollars in lost time and revenue. The effects of these saves continues on, even months after data is recovered. Carbonite is a major component in our recommended Business Disaster Recovery plans (BDR), providing protection when the absolute worst happens. We’ve always compared virus protection on workstations and servers to airbags in a car crash; if a user hits something hard enough, or mashes the gas pedal because they are in a hurry, the airbag can only do so much. Carbonite Backup is the ultimate protection for your files in the event of an infection.
By utilizing the full suite of data protection, Office 365 with enterprise-spam filtering, AVG CloudCare w/ Antivirus and Content Filtering, and Carbonite Online Backup, we can give our business networks a fighting chance in the ongoing war against evil computer viruses!