CryptoWall Virus: Don't be a victim

 

Do you remember the CryptoLocker malware that was going around starting in 2013?  In recent months, there has been a similar ransomware that has been infecting computers...CryptoWall.

Like the CryptoLocker virus, CryptoWall is a form of 'ransomware;' which is a type of malware which restricts access to the Microsoft Windows-running computer that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. 

 

How are computers being infected?

CryptoWall is a Trojan horse, which means that the virus is disguised as a non-threatening application or file.  This virus is typically spread through email as an attachment, but is also spread by infected websites via 'drive-by download.' 

How will I know if my computer is infected?
There are two tell-tale signs that indicate CryptoWall has infected your computer.

1. When attempting to open certain files, such as .doc, .xls or .pdf, for example, the files are launched with the correct program; however, data may be garbled or not properly displayed. Additionally, an error message may be accompanied when trying to open infected files.
2. The most common indication will be the appearance of three files at the root of every directory that contains files that were encrypted by CryptoWall.
   • DECRYPT_INSTRUCTION.txt
   • DECRYPT_INSTRUCTION.html
   • DECRYPT_INSTRUCTION.url

Clicking on any of these files left from CryptoWall's infection will lead you to step-by-step instructions for paying the ransom. A file will have the ransom countdown and how much money they are requesting. Typically, the ransom amount begins at $500, and the countdown timer gives you three days to send payment.

After the timer has reached zero, the caption will change. The new amount requested will double to $1,000, and the timer will provide a cutoff date and time. Usually, the time frame is about one week, and it will tell you that if payment is not received before the cutoff time, the remote server housing the private key and decryption application to decrypt your files will be automatically deleted, making your files unrecoverable.

 

What should I do if my computer gets infected with CryptoWall?
After confirming that your computer is infected, you have to decide if you want to pay the ransom to get your data back, or if you don't. If you decide to pay the ransom, you have to do so in Bitcoins.

If you don't pay the ransom, you can attempt to recover your files if you have some sort of backup in place. This may or may not work. We recommend working with a skilled IT Technician to help you with this. How can I protect my computers from the CryptoWall virus? 

You should ALWAYS have an active antivirus application installed with the latest virus definition files.  This should include a malware scanner.  

 

Have a proper backup system in place.  Preferably with a local and cloud-based backup schedule. That way if you do get an infection, you can restore your data.   

Of the dozens of clients who have come to us with the CryptoWall infection, only ones who had a good, recent data backup had a successful comeback from the virus.  

 

Practice safe internet- don't visit questionable sites, never click links within emails from unknown senders, and only download add-ons from trusted websites. 

Contact the experts at BizTech if you are having issues with malware, or if you are interested in the benefits of online data backups. Call us at 419.539.6922 or email info@gobiztech.com