CryptoWall 2.0 Ransomware Virus: What Businesses Need to Know

On October 23rd, 2014, posted in: Security Threats, Virus Alert by Comments Off on CryptoWall 2.0 Ransomware Virus: What Businesses Need to Know

Ontech Systems Virus AlertA dangerous new computer virus has resurfaced, leaving millions of people vulnerable. It’s called Cryptowall 2.0 and it’s spreading rapidly.

To date, more than 830,000 victims worldwide have been infected with the malware. According to security researchers at Dell SecureWorks, this is a 25% increase since August when there were 625,000 victims. This malware has evolved since earlier versions that mimicked the behavior and appearance of the infamous CryptoLocker ransomware.

What Does CryptoWall 2.0 Do?

Similar to the Cryptolocker ransomware, CryptoWall 2.0 will encrypt your files on your computer and any network servers you may be connected to. The 2.0 version of this virus uses more advanced methods of delivery than its previous versions.

Below is a screenshot that appears on infected computers as a result of the CryptoWall 2.0 virus:

CryptoWall Message

How is the Ransomware Spread?

CryptoWall 2.0 is transmitted by an executable file, untrustworthy internet sources, USB devices and email. Victims of this virus have contracted it while surfing the web, clicking on links or popups or retrieving files from unknown sources through reliable sites like DropBox.

Malicious Banner Ads

Unsuspecting web surfers ran the risk of contracting this ransomware by visiting one of the impacted websites. Among the sites were web properties like Yahoo!, and AOL domains, among others.

However, the websites themselves were not compromised, rather, the advertising networks they relied on for dynamic ad content were inadvertently serving malware. These sites have since been notified and have stopped this malvertising campaign, but the criminals behind the CryptoWall 2.0 virus may be spreading the ransomware by other means.

What Kind of Damage Can it Do?

CryptoWall 2.0 targets individual computers and all shared equipment such as shared drives. What this means, is a single user has the potential of corrupting the entire company’s shared network, should they contract the virus on their computer. Once the virus is contracted, it encrypts (locks) not only all the data on the infected computer, but also any shared hardware (such as a server) and requests a ransom to release the data back to you.

IMPORTANT) If your company does not have a reliable backup system in place, the data is lost because there is no way to recover it at this time.

This scenario recently occurred when a company called KnowBe4 received a panicked phone call from an IT administrator who became victim to the CrytpoWall virus this week. In the span of just one hour, his computer was infected with the malware, his workstation was mapped to seven servers and the entire server farm was shut down.

Previously, earlier versions of CryptoWall were using HTTP which allowed researchers to analyze the connection between the infected computer and the command and control server so they could take down servers that delivered the malware. CryptoWall 2.0 now uses innovative ways to spread the virus like website ads and vulnerabilities in browsers and unpatched plug-ins.

How Can You Protect Yourself and Your Network?

  1. First, make sure your company has a solid backup solution in place. Even if you do, TEST your backup to ensure your backups actually do work.
  2. Confirm you are using the latest version of your internet browser. Many business users are still using old, outdated versions of Internet Explorer or other browsers that put them at high risk.
  3. Be sure your operating system software is up to date, especially browser plug-ins like Flash Player, Silverlight, Java and Adobe Reader.
  4. Ensure employees are aware of good security practices like never opening a ZIP, PDF or any other file from an unknown source if they are not expecting to receive it.These malicious emails might come in the form of an invoice, purchase order, complaint, bill or other business related email. It might appear these emails are sent from trustworthy sources such as Dropbox or your local payroll service, but best practice is if you aren’t expecting to receive the file, don’t open it. When in doubt, verify with the sender that the email is legitimate before opening the attachment.

Not Sure if Your Data Backup Solution is Reliable? Request a Free Network Discovery

If you are concerned about the security of your network or want to confirm your company has a reliable data backup solution in place, call Ontech Systems at (262) 522-8560 or send us a request online for a Free Network Discovery.

One of our Network Consultants will evaluate your network, confirm whether your backup system is reliable and track down any vulnerability that might currently exist in your network.

Read previous post:
Business Continuity Milwaukee
5 Startling Statistics About Data Backup and Recovery

Over the next few weeks, we’ll be diving deep into the topic of data backup and disaster recovery, specifically focusing...