CryptoLocker and CryptoWall

Ransomware the  likes of  CryptoLocker and CryptoWall  have been around since 2006. You may already know that this type of malware will target and lock users files using encryption rendering them unreadable. The variant named CryptoWall 3.0 will also combine spyware in an attempt to intercept your private data. Hackers will hold your data hostage hoping you pay a ransom (in Bitcoin currency) in order to release your files.

Some examples on how its spread

  • Via an e-mail attachment posing as a legitimate document.
  • Adobe flash and other plugin’s prone to vulnerabilities. Simply visiting a website that has been compromised may allow the malicious code to make its way onto your computer through an unpatched plugin.
  • Injected through web advertisements.

What can you do to prevent an infection?

  • Never open an attachment within an unsolicited e-mail.
  • Remove Adobe Flash, Java and Adobe Acrobat Reader from your computer. Or at the very least disable them within your browser and run only when needed.
  • Use an ad-blocker within your browser such as Adblock plus.
  • Disable client side scripts within your browser or install NoScript and enable scripts on a per-domain basis.
  • Keep Windows up to date by installing updates regularly. CryptoWall 3.0 makes use of a vulnerability within Windows to infect target systems. Keeping systems updated will prevent malicious code from exploiting fixed vulnerabilities.
  • Install an Anti-virus security suite from a well-known developer such as Bitdefender, ESET or Symantec. Make sure it’s setup to update virus definitions daily.
  • Backup your data to somewhere other than your computer. If the Trojan can access to the data then it too will become infected.
  • Consider learning and switching to a modern Linux desktop environment.

What to do if you’re paranoid?

  • Install Virtualbox and setup a virtual machine for e-mail checking purposes only. CryptoWall 3.0 actually checks whether or not you are running a virtual machine and wont infect a virtual machine.
  • Use a read-only Live Linux distribution for shopping, banking or checking e-mail.
  • Make regular image based backups of your computer.

What to do if your computer is infected?

In my experience it’s a waste time trying to cleanup this type of deep-seated infection because anti-virus programs are not able to handle the full removal. This resorts to trying multiple virus cleansing utilities leading you to discover they may not be updated for the most recent variant.

Strictly trusting anti-virus and Windows Updates may still leave you open to a zero day attack. It’s important to have a recent backup of your data on hand so that if you do fall victim you can re-image your computer and restore your own data.

1 Comment

  1. Patatafishette

    July 12, 2015 at 11:13 am

    Great article sweety! I posted it on Facebook. It has some really helpful information.

Leave a Reply

Your email address will not be published. Required fields are marked *