Cryptowall 2.0
Categories: Information
“Because mutiny on the Bounty’s what we’re all about
I’m gonna board your ship and turn it on out
No soft sucker with a parrot on his shoulder
‘Cause I’m bad gettin’ bolder – cold getting colder.”
–The Beastie Boys
Once upon a time, malware on the internet was mostly vandalism, the computer equivalent of destroying mailboxes. Then came the rise of scamware, often in the form of fake anti-virus software. Now we’re seeing the beginnings of the age of ransomware, malware that is capable of taking all your files and holding them hostage until you pay.
One of the first serious examples was Cryptolocker, which used an existing botnet to process its ransom demands (and to some extent to spread itself.) Cryptolocker would encrypt certain types of files on your computer (documents, pictures, spreadsheets and so on) and would demand ransom. The software claimed to use RSA-2048 encryption, which would render any brute-force attempt to break the encryption effectively impossible. As part of the takedown of the Zeus botnet in 2014, many of the keys used to encrypt were discovered on a server, which allowed those who were infected by it but did not pay the ransom to get their data back.
Now a new version called Cryptowall is starting to show up. It’s definitely the new and improved Cryptolocker, with better anonymity to protect its creators and some scary new infection methods involving attacking outdated Flash or Java installations.
What should you do? First, contact your support specialist to discuss your vulnerability. There is some software that can help prevent infection with the current crop of ransomware. Secondly, consider your backup practices. Do you have backups of your files? Do you have backups located somewhere other than on your machine? A good backup will definitely mitigate the effects of the infection. Thirdly, make sure your system is up to date – run all critical Windows updates regularly, and download the DASNR-IT Default Ninite installer; run it once per week to keep your Java and Flash up to date.
Currently these types of ransomware do NOT affect MacOS; however, there’s no guarantee they won’t in the future. MacOS doesn’t have any inherent security that would prevent these types of attacks, so it’s likely that a MacOS version could be made easily – it’s simply a question of whether the authors think it would be profitable or not.