It’s been more than a year since the CryptoWall virus first started wreaking havoc in cyberspace, and two years since state, federal, and international authorities broke up the related CryptoLocker ring.
But in recent weeks, IT security experts have noticed an uptick in CryptoWall 4.0 infections. These operate in a nearly identical fashion to past Crypto viruses: ransomware is installed on a user’s machine via an infected email attachment or ZIP file, or via “malvertising,” or compromised banner ads on legitimate websites like Yahoo, AOL, and MSN. The infection can also be transmitted via Flash, so if a user simply visits an affected website with Flash enabled in their browsers, the user’s PC can be infected without even clicking on anything malicious.
From there, the virus encrypts all the files on the machine—CryptoWall 4.0 even encrypts the filenames themselves, making it more difficult to know what files need to be recovered—before demanding payment for a decryption key to unlock the files.
The ransom amount usually runs between $500-$1,000 and can be demanded in anywhere from three days to two weeks. After that, CryptoWall and other ransomwares can permanently eliminate the ability for users to recover their data.
Many IT experts are still resigned to the fact that little can be done to fight CryptoWall and other ransomware viruses like it because of their extremely high level of encryption. And paying the ransom comes with its own dangers: purchasing Bitcoins, the value of which can fluctuate wildly, hoping that the decryption key you bought works, preventing anti-virus programs from deleting CryptoWall along with all your data, etc.
So we’ve compiled the top five ways you can protect your critical business information and avoid the stress of CryptoWall:
1) Implement regular, remote backups and a disaster recovery plan. If CryptoWall encrypts your computer’s data, but a backed-up version of that data exists off-site, you can limit the loss to work performed since that backup. A service like CMIT Guardian can increase your chances of keeping data safe and secure—and help your business survive a ransomware catastrophe.
2) Never open ANY attachments from ANY unrecognizable sender. Malware attempts are sneaky, and the CryptoWall virus keeps getting sneakier: emails disguised as social media updates, shipping notifications, voicemail alerts, and even fake user handles attached to recognizable (including your own!) domain names. NEVER open an attachment unless you know the person sending it and are expecting a file on the topic mentioned.
3) Hover over ANY links in ANY unfamiliar emails before clicking on them. Most email applications allow you to preview a link by moving your cursor over it. Look out for domain names that have no relation to the sender of the email, unfamiliar user handles in front of trusted domain names, or links that appear as an incoherent string of letters and numbers.
4) Ensure that solid firewall, antivirus, anti-spam, and malware programs are in place. While all it takes for CryptoWall infection is one person clicking one bad link, these four features can provide at least a measure of security. But the more layers the better, as basic antivirus programs have proven mostly ineffective at blocking ransomware.
5) If you do click on something unsafe, and you notice the names of ANY files or folders changing, immediately disconnect your computer from the network and power it down. The only positive of CryptoWall 4.0’s filename encryption procedure is that, if you’re vigilant, you might notice them changing before your entire system is encrypted. If so, IMMEDIATELY unplug your computer’s network connection and power it down.
Unsure if your backups are functioning correctly? Don’t wait for a disaster like CryptoWall 4.0 to strike before putting a data security plan in place. Also, you can avoid the threat of such a virus with diligent and continuously updated security measures. If you want to keep your systems safe and your data secure, contact CMIT Solutions today.