Cryptowall is a file-encrypting virus that targets all versions of Windows. Once infected, instructions for decryption become available- for a price, and unfortunately with any ransom, there’s no guarantee that the standoff will end pleasantly. Here are some other things to be aware of:
1. While Cryptowall is most commonly spread through email attachments, it can also be passed via infected websites or ad sites. Most people know not to open shady email attachments, but it’s often tougher to determine if a website is legitimate or not before it’s too late.
2. Speaking of too late, most people don’t realize they’ve been infected until a ransom note pops up which means it is too late to prevent it. All your files have already been encrypted. While it might be tempting to try and diagnose the infection yourself, the longer you stay online, the risk of infecting other systems in your network becomes much greater. The best thing to do as soon as you realize you are a victim of this virus, immediately power off the computer and disconnect it from you network by pulling the Ethernet cable from the back of the computer (or if wireless, turning it off is enough to segregate it from other systems on your network).
3. Because it often bundles with free programs, and because the virus can be updated faster than anti-virus patches become available, Cryptowall can infect your computer even with installed anti-virus software.
4. In 2014, CryptoWall infected over 600,000 computers and held over 5 billion files hostage, most of them being in the U.S. Of those infected, less than 1% paid the ransom, but it still garnered over $1 million for the creators.
5. CryptoWall 2.0 now includes changes that make it better for the malware developer and harder for a victim to recover their files for free. These changes include unique wallet IDs to send ransom payments, secure deletion of original unencrypted files, and the use of their own TOR gateway.
Safe technology practices should always trump ransom payout, but if you do become infected, shut down your computer immediately and call Pyramid Technologies to try and mitigate the damage. By paying malware developers, you’re just funding the advancement of this epidemic. It’s also a good idea to be prepared by having regular offsite backups. Ask us about how we can schedule weekly or nightly backups to the cloud, for your peace of mind.