A few months ago, the devastating CryptoLocker malware that has locked the files of half a million PC users across the world was finally neutralized. The US government managed to seize the computers that were spreading the CryptoLocker malware with support from some security experts. Later, a security firm made public a tool so that people, whose PCs were infected, could decrypt and recover their files.
Unfortunately, CryptoLocker was not the only ransomware spreading on the Internet. Since CryptoLocker was taken down, CryptoWall, a similar piece of ransomware that has existed since November 2013, has taken its place, and it has already infected 625,000 PCs and over 5.25 billion files. Once known as CryptoClone or CryptoDefender, CryptoWall is less sophisticated in terms of infrastructure and malware than CryptoLocker but it is not less of a threat.
When your computer gets infected, CryptoWall will scan your computer for data files and "encrypt" them using RSA encryption so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives, it will open a Notepad window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500 USD and after 7days goes up to $1,000. This ransom must be paid in Bitcoins and sent to a Bitcoin address that changes per infected user.
Both CryptoLocker and CryptoWall belong to the insidious Ransomware family. Ransomware viruses might be avoided with the following 10 steps:
- Ensure your operating system and security software are regularly updated.
- Consider investing in substantial protecting tools, including backup disaster recovery (bdr) tool Pavis Backup.
- Don't open attachments from unknown sources or from emails that appear to be from a legitimate source but are suspicious.
- Regularly back up important data and keep it within unconnected storage.
- Consider moving more data to cloud services offered by Google and others (cloud bdr).
- Businesses should check incident response and resilience protocols to monitor for infection.
- Ensure staff are educated in good computing practices and how to spot threats
- Use software to identify if a computer is infected. If so, disconnect it from networks immediatelyand seek professional advice.
- If you believe you have been compromised, change online account passwords and network passwords after removing the system from the network.
- Block .exe files over email, including within ZIP files. This can usually be done using an anti-spam system.
Unfortunately, it might happen that your computer has already been infected, and it might be too late for these precautionary measures. CLICK HERE to read our article about what to do if you have already been infected and how to do the malware removal.
I could not have written this article without the help of the following sources: