CryptoWall Virus, The Latest (June 2014)

You may have already heard of the CrypoLocker Virus. The biggest and baddest virus infection within the hacker's realm.

What you may have also heard, is that the Department of Justice caught and arrested the original hacker that created the CryptoLocker virus, just earlier this month. The Department of Justice has suspended and shut down the CryptoLocker virus.

For those that do not know of this CryptoLocker virus, it is a virus that infects your workstation, with locking down and encypting all of your data. The only way of unencrypting your workstation is to pay the hacker within the sum of $300 to $700 US Dollars.

This is why cloud backups are very important. If your workstation is hijacked with this CryptoLocker virus, it will also hijack any shared drives that are mapped to your workstation, so it could infect your server's data. If you have a good backup solution and your backups are up to date, you should not have a problem with restoring your data.

What you may not have heard, is that the CryptoLocker has since resurfaced, with the name of CryptoWall. Some have stated that it's the exact duplicate of the original CryptoLocker, as it does actually the same. This time around, you're looking at sending the hacker no less than $1,000 in US Dollars, to unencrypt your data.

  • "The CryptoWall ransomware virus infiltrates users' operating systems via infected email messages and fake downloads (for example, rogue video players or fake Flash updates). After successful infiltration, this malicious program encrypts files stored on users' computers (*.doc, *.docx, *.xls, *.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.) and demands payment of a $500 ransom (in Bitcoins) to decrypt them. Cyber criminals responsible for releasing this rogue program, ensure that it executes on all Windows versions (Windows XP, Windows Vista, Windows 7, and Windows 8). CryptoWall ransomware creates DECRYPT_INSTRUCTION.txt, DECRYPT_INSTRUCTION.html, and DECRYPT_INSTRUCTION.url files within each folder containing the encrypted files."

The recovery process is the same. You pay the hacker to unencrypt your data, or you hope to have a good backup solution, with updated backups. Personally, I don't consult with terrorists, so I would work towards the more solution of using backups and trying my best at recovering your data. Better yet, have good up to date and active Anti-virus installed on all of your workstations and servers. You also need to associate yourself with these spam emails, and always read the emails that you get thoroughly.

Most of these infections come from false emails, which could range from anything such as UPS tracking services, to "here's a great offer for you." More than likely, these emails will have extra spaces or incorrect grammar and spelling. If you're uncertain of an emails, you should mark the emails as spam and move on with your day. You should also reach out to your IT provider for further checkup on these emails or to check on your workstation.

Some other related reading materials:

Official release letter from the Department of Justice, in regards to the CryptoLocker take down: http://www.justice.gov/opa/pr/2014/June/14-crm-584.html

More details on the CryptoWall and CryptoLocker: http://nakedsecurity.sophos.com/2014/06/18/whats-next-for-ransomware-cryptowall-picks-up-where-cryptolocker-left-off/