A new version of the CryptoWall ransomware has been released, titled CryptoWall 2.0, that includes numerous “enhancements” by the malware developer, to resolve issues in the previous version. Since it was first released, CryptoWall has been a huge threat for computer users and network administrators, as it will encrypt all local data, as well as all data found on network shares. CryptoWall 2.0 now includes upgrades that make it better for the malware developer and harder for the victim to recover files for free. These changes include unique wallet IDs for ransom payments, secure deletion of original unencrypted files, and the use of their own anonymous network gateway.
A change that will benefit victims who wish to pay the ransom is the addition of unique Bitcoin payment addresses for each victim. The original version of CryptoWall did not include this feature, which made it possible for people to steal other victims’ payment transactions and apply them to their own ransom. With unique payment addresses for all victims, this is no longer possible.
Another change is that CryptoWall 2.0 now securely deletes your original data files. Originally, CryptoWall would encrypt your data files and then just delete the original. That made it possible to use data recovery tools, to try and recover data. Now that CryptoWall is securely deleting your data, this method will no longer work and you will need to restore from backups or pay the ransom.
The last change is that CryptoWall 2.0 now uses its own anonymous network gateways. CryptoWall’s ransom payment servers are located on TOR, which allows the malware developers to stay hidden from the authorities. In order to connect to the server, you need access to the TOR network,and installing TOR is a confusing and difficult process for most people. To solve this, CryptoWall used a Web-to-TOR gateway, which allows victims to easily access the payment server. When the Web-to-TOR gateway providers discovered that CryptoWall was using their gateways, they started to blacklist the payment servers so that they could not be reached. Now that CryptoWall 2.0 uses its own TOR gateway servers, there is no chance of being blacklisted. The current Web-to-TOR gateways operated by the CryptoWall developers are tor4pay.com, pay2tor.com, tor2pay.com, and pay4tor.com.
In short, keep your antivirus activated and up to date! Also ….. backup, backup, backup!
If you do fall victim to the latest CryptoWall ransomware, Frankenstein Computers has a flat rate virus removal service, for just $120, that includes CryptoWall removal. (Sadly, decryption of encrypted files is not included.)
IT Support Austin