Mere days after a report was published detailing the profits that the perpetrators of Cryptowall made with their ransomware ($325 million, for the curious), new reports have began to crop up across the internet of the next evolution of the notorious malware.
Using the same methods of infection as the previous Cryptowall 3, the ransomware arrives in a .zip file attached to an email, claiming to be a resume.
Cryptowall will encrypt the contents of all hard drives on a computer before moving to mapped network drives, and any attached storage devices. It will also disable system restore, Windows startup repair, and attempt to delete any shadow copies of your drives to halt your restoration attempts.
The new variant will also encrypt the names of your files, creating further frustration and difficulty working out which files to restore.
How can you avoid paying if you're infected?
Currently there is no way to decrypt files that have been locked, without paying for the decryption key and software.
However, if you implement a robust backup strategy, you have a good chance of being able to restore your lost files without taking a hit to your wallet.
If you are backing up to external devices, make sure these are disconnected and duplicated once the backup is complete. Check your machine before plugging your devices in.
Back up to the cloud. Cryptowall cannot propagate to cloud hosted backups.
Use a managed backup service, such as one provided by Reality Bytes. Our backups allow you to retrieve data from any day within a thirty day period, or to go back to an archival end-of-month copy, providing you robust security, and peace of mind.
We can provide this service to business or residential customers.
Above: The messages no user wants to see; Cryptowall 4.0
Remember the golden rule: If you don't expect to receive an attachment, don't open it. If you are expecting an attachment, always question if it's a zip file.