Skip to content

What is CryptoWall?

  • by

cryptowall 2.0

CryptoWall is a file-encrypting ransomware program, released this past April, that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.

This program is very similar to the CryptoDefense ransomware, in that CryptoWall’s decryption service is almost identical to the one for CryptoDefense. When you are first infected with CryptoWall, it will scan your computer for data files and “encrypt” them, so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives, it will open a Notepad window, that contains instructions on how to access the CryptoWall decryption service.  

This is where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500; after 5 days, it goes up to $750, with the cost increasing again, after another 24 hours, to a maximum ransom of $1,500. This ransom must be paid in Bitcoins and sent to a Bitcoin address, which changes with each infected user.

CryptoWall is distributed via emails, with Zip attachments that contain executables, that are disguised as PDF files. These PDF files pretend to be invoices, purchase orders, bills, complaints, or other business communications. When you double-click on the fake PDF, it will instead infect your computer with the CryptoWall infection and install malware files. Once infected, the installer will start to scan your computer’s drives for data files to encrypt. During this scan, it will search all drive letters on your computer, including removable drives, network shares, and even DropBox mappings. In summary, if there is a drive letter on your computer, it will be scanned for data files by CryptoWall.

Unfortunately, at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic, due to the length of time required to break this type of encryption key. Also, any decryption tools that have been released by various companies will not work with this infection. The only methods you have of restoring your files are from a backup, file recovery tools or, if you are lucky, from Shadow Volume Copies.

Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in affordable IT Support, Cyber Security, IT Service, IT Security, Office 365, Cloud, VOIP, SPAM, Wireless, Network Design, MAC repair, PC Repair, Virus Removal, remote support, web design and much more. Check out what our clients have to say about us on Yelp!

Copyright © 2024. All Rights Reserved.