What is CryptoWall v2.0?
CryptoWall is a particularly nasty type of malware called ransomware.  The name may sound familiar because it is a close relative of Cryptolocker, a piece of ransomware we warned you about in 2013. CryptoWall infects your machine, locks your data, and demands a ransom of around $500. Simple enough right? Well the ransom can’t just be paid with a credit card or routing number… It has to be paid in bitcoin. If you don’t pay by their deadline of 4-7 days, the ransom doubles. How many bitcoins do you have on hand?

 

The Return of Crypto

So how does CryptoWall v2.0 work?
In short, CryptoWall is spread through advertising networks that run ads on popular websites. While the website itself has not been hijacked, the ads that are on their page could be unknowingly spreading malware. The machines that visit the sites with these malicious ads are more than likely running an unpatched version of Adobe Flash. Ads that are infected quietly take advantage of the exploits in Flash and infect the machine.

What can you do to prevent CryptoWall infections?
There are some steps you can take to help prevent CryptoWall from infecting your machine.

  1. Ad blocking software – Installing an ad blocker will help mitigate some of those infected ads that may pop up on your browser. No ad blocking software is going to be 100% effective in blocking ads but it is an important step to take in securing your browser.
  2. DOWNLOAD UPDATES! – This point can’t be stressed enough. 3rd party plug-ins like Flash are constantly being exploited by hackers. Because of this companies like Adobe are constantly improving this software to combat this. Next time Flash pops up with an update, take their advice (and ours) and update.
  3. Whitelisting plug-ins – Another potential line of defense is setting up your browser to pop-up a “Click to play” dialog for plug-in content. This will stop ransomware from automatically running on your machine and give you a warning that something is trying to run. Check your favorite browser for details.

As always, please let us know if you have any questions on the above alert. We have seen an increasing number of these cases so we strongly encourage you to share this with your associates and customers to keep damage to a minimum.

Recommended Posts