A dangerous new computer virus has resurfaced, leaving millions of people vulnerable. It’s called Cryptowall 2.0 and it’s spreading rapidly.
To date, more than 830,000 victims worldwide have been infected with the malware. According to security researchers at Dell SecureWorks, this is a 25% increase since August when there were 625,000 victims. This malware has evolved since earlier versions that mimicked the behavior and appearance of the infamous CryptoLocker ransomware.
Similar to the Cryptolocker ransomware, CryptoWall 2.0 will encrypt your files on your computer and any network servers you may be connected to. The 2.0 version of this virus uses more advanced methods of delivery than its previous versions.
Below is a screenshot that appears on infected computers as a result of the CryptoWall 2.0 virus:
CryptoWall 2.0 is transmitted by an executable file, untrustworthy internet sources, USB devices and email. Victims of this virus have contracted it while surfing the web, clicking on links or popups or retrieving files from unknown sources through reliable sites like DropBox.
Malicious Banner Ads
Unsuspecting web surfers ran the risk of contracting this ransomware by visiting one of the impacted websites. Among the sites were web properties like Yahoo!, Match.com and AOL domains, among others.
However, the websites themselves were not compromised, rather, the advertising networks they relied on for dynamic ad content were inadvertently serving malware. These sites have since been notified and have stopped this malvertising campaign, but the criminals behind the CryptoWall 2.0 virus may be spreading the ransomware by other means.
CryptoWall 2.0 targets individual computers and all shared equipment such as shared drives. What this means, is a single user has the potential of corrupting the entire company’s shared network, should they contract the virus on their computer. Once the virus is contracted, it encrypts (locks) not only all the data on the infected computer, but also any shared hardware (such as a server) and requests a ransom to release the data back to you.
IMPORTANT) If your company does not have a reliable backup system in place, the data is lost because there is no way to recover it at this time.
This scenario recently occurred when a company called KnowBe4 received a panicked phone call from an IT administrator who became victim to the CrytpoWall virus this week. In the span of just one hour, his computer was infected with the malware, his workstation was mapped to seven servers and the entire server farm was shut down.
Previously, earlier versions of CryptoWall were using HTTP which allowed researchers to analyze the connection between the infected computer and the command and control server so they could take down servers that delivered the malware. CryptoWall 2.0 now uses innovative ways to spread the virus like website ads and vulnerabilities in browsers and unpatched plug-ins.
If you are concerned about the security of your network or want to confirm your company has a reliable data backup solution in place, call Ontech Systems at (262) 522-8560 or send us a request online for a Free Network Discovery.
One of our Network Consultants will evaluate your network, confirm whether your backup system is reliable and track down any vulnerability that might currently exist in your network.
Over the next few weeks, we’ll be diving deep into the topic of data backup and disaster recovery, specifically focusing...