What is CryptoWall 4.0 and Why Should I Be Worried?

Good question, simple answer. It’s malware that is very bad for your business. Attackers encrypt data files then demand money to get your files back.

Think all of the years of intellectual property of your business gone at the click of a mouse. Excel files that you use to coordinate your projects, Quickbook Accounting Files, PDFs with your past/present company invoices, all of those custom Word document proposals …. all gone. The bottom line is that this infection like many others we have seen encrypts all of your data in the network (including Dropbox, OneDrive, etc.). Once that data is encrypted you have two choices:

  1. Restore from backup. This is the ideal method. If you are a Keystone customer and on one of our managed services plans, we have offsite and local backups. If CryptoWall happens, we just restore you back to the previous night or a few hours ago.

  2. Pay up. If you don’t have a good backup, you don’t have any option other than paying the hackers or losing your company files. This is not only a troublesome method to retrieve your files, but you are at the mercy of the hackers to honor their agreement to give your files back. I'm sure they are honest folks, and there won’t be any issue here….

What can you do to protect yourself and your business?

  • Be smart. Education and preparation will pay dividends long term. Educate your employees on emails to look for that could be malicious and instructions if they see one come in their inbox. Let’s face it. Attackers hit companies AND individuals. If you teach your employees on the protocol in the office, it will most likely keep their personal computers safer as well. If you need help, our consultants can help you train your employees.
  • Educate employees if something should happen. Opps, they clicked on a resume and got ransomware. What does the employee do first? Who do they contact? If you’ve got Keystone in your corner, you’re in luck. We’ve dealt with these type of attacks, and though it isn’t fun, we can do our best to limit damage and recover the lost files without any payment to the attacker.
  • Back up all data. Keystone offers Backup Disaster Recovery (BDR) for this reason. We can tell you the best way to store your files should an employee fall for a well-disguised scheme. If you have a backup copy of all files, then you do not need to pay to decrypt files.
  • Protect your data. Let our Keystone ninjas show you the best defenses against malware. Every system and every business can look different. We can have a heart to heart chat about what can best protect your data within your budget.

The Cyber Threat Alliance (CTA) estimates that $325 million dollars has been exploited from victims by CryptoWall 3.0 and 407,000 attempts to infect have been detected so far this year. And that’s just from 3.0.

CryptoWall 4.0 is proving to be just as dangerous if not more than 3.0. But the good news is that you can do your part to fight it and keep your data safe!

Here is more technical info on CryptoWall for those interested... 

The most popular way to gain access is through phishing emails. Attackers will send an email with a zip file attachment and try to get you to click on it. Once you do, the ransomware is injected. The attackers then demand a certain amount of money (anywhere from a few hundred dollars to thousands depending on the number of files and if you happen to be a business) for the encryption key to unlock your files.

What makes CryptoWall different is the method of payment and file retrieval. Once in your computer, CryptoWall opens a web page after encryption. There, you’ll find a directory of files that are encrypted and instructions on how to get the key to decrypt your files. They ask you to install browsers like Onion (layered encryption browser) so you can pay them via bitcoin. Some will even show a timer, and the longer you wait to pay, the higher the price. Once you pay, they will send you the key then you can get your files back. Its ugly stuff…and sneaky.

CryptoWall 4.0 has some new features that make it extra inviting…and annoying.

  1. The file name is different. “Help_your_files” is the new name for this malware, just in case you didn’t know that your files will need help once they have been encrypted!
  2. The attack channel is still email though the words are changing. Email was and is still the main entry point that attackers use. End users are still falling for words like “invoice,” “internal,” and “fax” (who uses faxes anymore?!?) to get you to click on the email. The new method is disguising ransomware as a resume in a zip file. Users download the zip file and attempt to open it which triggers a download of malware.
  3. Filenames are encrypted as well as files themselves. Adding insult to injury, once you have been hit, you don’t know which files have been encrypted. All you can see is a jumbled mess of letters and numbers as the file names. The strategy is to confuse you to the point of paying the ransom quickly to recover your mystery files.

With millions of dollars at stake and billions of victims to target, attackers are continually “improving” ransomware to extort unsuspecting victims, both individuals, and businesses. It’s big business with a sophisticated call center to handle “customer complaints.” Don’t let your business or your employees be their next victims.

Contact Keystone to learn more.