Computer infections known as ransomware are designed to hit users below the belt, figuratively speaking. The sucker punch gets inflicted through encrypting the victim’s personal files such as documents, presentations, photos, videos and the like. Decryption is then a matter of submitting a specified ransom, with hardly any other options available. The malicious program called CryptoWall 3.0 is currently on the list of the prevalent threats deploying the above activity.
This particular ransomware appears to be back after a promising two-month-long pause in distribution. To top it off, the new variant which came out mid-January is equipped with a number of additional features that complicate both fixing the problem and tracking the cybercriminals down. The virus now uses new Web-to-Tor gateways for communicating with the command and control server, sports a more diversified user interaction structure and provides an extended ransom deadline (seven days) compared to the predecessor. The worst aspect of the upgrade, however, is that CryptoWall 3.0 uses exploit kits for spreading, whereas the previous versions would rely on building exploits into the dropper. Apart from a much bigger attack surface, the new approach provides the bad guys with more capacity to gain critical privileges on the compromised system.
Having contaminated a computer, CryptoWall 3.0 scans all drives represented as separate letters in the system structure, including removable media and mapped drives. The scan is intended to find files with the most popular extensions, which basically gives the ransomware a full computer profile in terms of personal data stored in it. The virus then encrypts the detected objects with military-grade RSA-2048 crypto. This technique makes it hardly feasible to decrypt the files, so the user is left with the option of paying the Bitcoin equivalent of 500 USD ransom for the private key and the decrypter tool. Luckily, though, there are workarounds that can help recover at least part of the files without paying. These methods include the use of so-called Shadow Volume Copies or data backups if any.
In the meanwhile, preventing such nasty attacks from going through should be on the permanent agenda of any computer user these days. To evade CryptoWall 3.0, one should make sure all potentially vulnerable software (Java, Adobe Reader, etc.) is up to date, and of course real-time protection by a reliable security suite will come in handy in this context. Aside from that, the basic Internet browsing precautions are a great habit, so it definitely makes sense to stay away from questionable downloads and suspicious email attachments.