Home>Articles>Malware>Cryptowall 3.0 Threat Rising
cryptolocker

Cryptowall 3.0 Threat Rising

The stakes are now higher as an old malware nemesis has reared its ugly head once again. Cryptowall 3.0 has been launched using yet another devious method through ‘help file’ attachments sent via email and e-fax. Appearing as a harmless ‘.chm’ file, the hidden malware was opened and at once invaded individual computers, making their next move to the entire network. As with all forms of ransomware, when the threatening message appears on the computer screen, it is noted that this time, the prices are much higher.

The dangers of malware have been escalated and the message sent to SA companies have been continual. Even with the latest government ruling encouragement, many companies have allowed the potential cyberattack to go unheeded. This latest onslaught has left companies defenseless and vulnerable, with many crippled to the point of total system non-function.

According to Networkworld: “CHM is an extension for the Compiled HTML file format, a type of file used to deliver user manuals along with software applications. HTML files are compressed and delivered as a binary file with the .chm extension. This format is made of compressed HTML documents, images and JavaScript files, along with a hyperlinked table of contents, an index and full text searching…These CHM files are highly interactive and run a series of technologies including JavaScript, which can redirect a user toward an external URL after simply opening the CHM. Attackers began exploiting CHM files to automatically run malicious payloads once the file is accessed. And it makes perfect sense: the less user interaction, the greater the chances of infection.”

Cisco’s report on CryptoWall 3.0 is particularly important as it addresses all companies, even those that thought they were protected: “Identifying and stopping ransomware variants definitely requires a layered security approach. Breaking any step in the attack chain will successfully prevent this attack. Therefore, blocking the initial phishing emails, blocking network connections to known malicious content, as well as stopping malicious process activity are critical to combating ransomware and preventing it from holding your data hostage. Establishing a solid backup and restore policy is also crucial to overcoming attacks to your data, whether they occur from natural disasters, such as a storm, or whether they occur from a malicious attack across the network.  Many companies believed they had a solid backup plan only to find the malware encrypted the backup to prevent them from restoring any data. It is imperative to adhere to industry wide best practices which include making sure that you backup copies are safe from both physical destruction, as well as corruption from viruses and other malicious software.”

Sharon Knowles, CEO of Da Vinci Forensics says:

“This form of malware has taken on a completely new form, attacking SA companies and reducing many to a complete standstill. Da Vinci Forensics have been working with those that have been infiltrated to help return them to a normal condition. The cost of these cybercrimes is incalculable in both time, money and reputation. Da Vinci Forensics maintains top level expertise to coordinate with companies to protect their systems and elevate security knowledge to all employees, in order to avoid and deter these kinds of cybercrimes.”

*** Sources***
Cisco Blogs
Plett Computers