Home>Articles>Ransomware>Cryptowall 4.0 The Latest and Nastiest Ransomware

Cryptowall 4.0 The Latest and Nastiest Ransomware

It seems like only yesterday that the Cryptowall 3 malware was discovered and reduced to ashes; but although less than a year, the designers of this ransomware have now released Cryptowall 4.0 and they have added a few twists that are not only deadlier, but now treats the users in a condescending manner.Multiple professional security organisations around the globe are reporting the appearance of Cryptowall 4.0.

cryptolocker

It is being distributed in the usual manner, via an email with an attachment that contains embedded code. Once opened, the malware immediately infiltrates designated files and in this release they have included not only encrypting the data files but alter the names of the files. Using this method, a user is not only locked out of their files, but does not have the ability to locate them. The additional change in this release is that they make changes to the ‘restore points’ on the machine, which reduces the chances of recovery.

Once the ransomware is launched, the user will receive the typical ‘announcement screen’, but in this case, the designers made the decision to sound insulting in their message. In a mocking tone, the user will read:
“Congratulations! You have become a part of large community CryptoWall!” as well as “the instructions that you find in folders with encrypted files are not viruses; they are your helpers.” In a final insult, they also include: “In case if these simple rules are violated we will not be able to help you, and we will not try because you have been warned.”

cryptowall
The designers even mock the user with the file names that they have altered, including:
HELP_YOUR_FILES.PNG
HELP_YOUR_FILES.TXT
HELP_YOUR_FILES.HTML
The approach in the announcement is specifically intended to hit an emotional pain point. Once a user has discovered the infection and attempted any due diligence in research, they will discover that Cryptowall 4.0 includes better communication methods and enhances cloaking segments. This means that it was overall, a lot more difficult to protect against. The usual method of payment demands is included in the screen, complete with instructions for Bitcoin payment.

Global professionals have examined the business model that the designers of the Cryptowall family use and have realized that the cybercriminals have actually formatted the malware in the same method as an actual software company. Once payment is made they seem to comply with the encryption key to release the system lockdown. By following up with their promise it allows the knowledge that payment will bring back the system and thereby give a continued revenue stream from other computer systems and networks that are attacked.

***Sources***

Updated Cryptowall Encrypts File Names, Mocks Victims


http://www.darkreading.com/vulnerabilities—threats/cryptowall-40-a-stealthier-more-sweet-talking-ransomware-/d/d-id/1323012