<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

Tech Fixes: Oh No! I have been infected by CryptoWall - What should I do?

Posted by Cathie Briggette on Tue, Sep 30, 2014

Pavis - Get Protected- Back up your data

The cybercriminals behind the CryptoWall ransomware have stepped up their game!

We hope you have your files backed up because that is the best defense against these cybercriminals.

Why is CryptoWall so nasty? 

CryptoWall is a malicious virus also know as ransomware, which “ransoms” and extorts money from innocent victims’ by forcing them to pay for a private key to decrypt the encrypted files on computers. Users of Windows 8, 7, Vista and XP can easily get infected with CryptoWall virus.

CryptoWallThe reason CryptoWall is particularly nasty program is because once it is installed on a system it encrypts files (including documents, PDF, photograph, video and more), and gets to all your files on all connected storage drives and/or locations on the local and/or network drives.  Even on removable drives and cloud storage (Google Drive, Dropbox, Box, etc) using strong public-key cryptography. It then asks victims to pay a ransom in Bitcoin in order to receive the key needed to recover their files.

There’s currently no completely reliable method of recovering CryptoWall-encrypted files aside from paying the ransom or restoring them from backups that haven’t been damaged during the infection.

Security researchers advise against paying the ransom because this helps further the fraud and there’s no guarantee of getting the key when dealing with cybercriminals.1

After infection, CryptoWall sets the ransom to decrypt the encrypted files at $500 (in BitCoins) if paid promptly. If not, the ransom can double if payment hasn’t been received before its deadline.

Supposedly, after you pay the ransom, the hackers will send a private decryption key that can decrypt your files. BUT!  Be aware! Even if you do pay the ransom, you can’t be sure that your files will be restored. The only guarantee is that your money will go to some hacker that will do the same thing to someone else.

How do computers get infected?

CryptoWall infects computers via malicious websites and hacked sites but it is also widely distributed via spam emails with .zip attachments that contain executables disguised as .pdf files. The .pdf files pretend to be invoices, purchase orders, bills, complaints, or other business communications. When you double-click on the fake .pdf, the CryptoWall virus injects code into your system folder and its malicious registry and files into the computer system.

What to do if you think your information technology is infected?

If you are connected to a computer network and suspect that your PC is infected, remove it from the network immediately.  Disconnect the network cable, or close your wireless connection! If you have a managed services provider or IT Department let them now right away.  They can run an anti-virus scan that will detect and remove the CrytoWall and any other malware that may have been installed or your computer.  The files that were encrypted can also be recovered through a clean external back-up

If you don’t have systems to protect and restore your vital information safely and securely you can call NSK Inc 617-303-0480 or contact us through our website:  http://www.nskinc.com/contact-us/ to get a preliminary assessment of your information systems.  

Tags: Disaster Recovery, Managed Services, Tech Fixes

Subscribe to our BLOG

Recent Posts