What is Cryptowall?

Trojan Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted. After they pay, the user is allowed to download and run a file and/or application to clean up the infection or, in this case, decrypt the encrypted files to return them back to a working state. The threat typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware.

What type of computer does Cryptowall target?

Cryptowall targets computers running Microsoft Windows, Macs are not affected.

How is the virus spread?

Cryptowall can be spread by malicious mail. Although reports have been made this week that hackers have spammed out messages claiming to have an incoming fax report, failed DHL delivery and credit card purchases you never made. Granting all this, Cryptowall have successfully infected many users’ computers through the use of poisoned web advertisements.

Where does it come from?

Geographically speaking, this is unknown. Although we do know where it is located, Symantec has observed the following geographic distribution of this threat.

Cryptowall

This image represents how the cryptowall virus infection process is standard for a virus.



The infection process is standard for a virus, although once it is hooked on to your computer it then starts to begin a network connection to random servers, it then uploads connection information like the public IP address, location and the system information including OS.

In Cryptowall spam campaigns, the emails usually contain a malicious attachment and include a message attempting to convince the user to download the file. The email could claim that the attachment is an invoice, an undelivered package notice, or an incoming fax report. If the user opens the attachment, then their computer will be infected with Trojan Cryptowall.

How to know when your computer is infected by Cryptowall:

To be sure that your computer in not infected with Cryptowall you can search your computer hard drive for the following files:

  • HTML
  • TXT
  • INSTALL_TOR

These file names are the signature of Cryptowall.

Another way is attempting to open certain files, such as .doc, .xls or .pdf, for example, the files are launched with the correct program; however, data may be garbled or not properly displayed.

How to protect your business from Cryptowall

  1. You should have an active antivirus application installed with the latest virus definition files.
  2. Having a Malware scanner
  3. A back up system

Is your business protected by a reliable and trustworthy antivirus? Get a quote today and see how we future-proof your business from threats and viruses such as Cryptowall, or read more about our antivirus services.