What is CryptoWall?
CryptoWall is a type of infection called ransomware. Ransomware locks your computer or its data until you pay a ransom to the perpetrators to release it. CryptoWall is a copycat of a similar infection called CryptoLocker that had run unhampered for 8 months and collected an estimated $10 million in ransom until it was shut down last week via a coordinated take down by US and other foreign authorities. This is a new type of computer infection that is making its presence known. Once it infects your computer, it quickly gets to work converting all of your personal data such as photos, documents and emails to an encrypted form that you can no longer use.
Not even backups are safe!
Think you’re totally safe because you’ve been diligently backing up your data for years? Think again because the virus also encrypts files on any drive connected to the computer while it is infected. This includes your external backup drive, thumb/USB drives and any automatically syncing cloud storage you use.
Search and destroy
Whilst encrypting files on your computer, the infection happily multi-tasks by seeking out other computers on your home/work network and begins encrypting their files, too. It doesn’t matter if the computer is connected via WiFi/wireless or with a cable directly to the modem, if it’s using the same modem as an infected computer, it can be infected too.
What are the authorities saying?
Authorities have advised that people affected by ransomware do not resort to paying the ransom as this will only encourage the perpetrators. However, there was a police department that was infected by CryptoLocker late last year and it ended up paying the ransom because their backups were also encrypted. Likewise, most businesses can’t do without their customer details, job and accounting data, so they’re likely to sacrifice some money to stop their business going bankrupt. Similarly, many home users may not be able to afford the ransom, but still resort to paying up in order to get their family photos back.
How do I prevent this from happening?
While there is no 100% solution to preventing a CryptoWall infection, there are several things that can be done to mitigate your chances of infection.
- Don’t access links in e-mails from people you don’t know and don’t open attachments in emails you aren’t expecting. These are the main methods for spreading CryptoWall.
- Don’t click links in e-mails you receive from unknown e-mail addresses.
- Don’t allow access to personal email, social networking, and malicious sites on your network.
- Make sure your security solution detects and blocks CryptoWall.
- Verify you have a supported Firewall or UTM device with the most current firmware.
- Keep your anti-virus and anti-malware software up to date.
- Keep your Windows and vital software updated with the latest security patches.
- Download and install all security patches provided by Microsoft and your individual software vendors (Adobe, Autodesk, Sage, Oracle (Java), Google (Chrome), etc.)
- CryptoPrevent. Finally, you can download a free program called CryptoPrevent that does its best to stop CryptoWall and related programs from running. It is not a panacea for all the problems created by this infection, but it may help stop CryptoWall from getting a foothold on your computer or, if it does still infect it, it may reduce its spread to other computers on your network. But remember, you will have to regularly update this utility to keep abreast of the changing nature of these infections. You can find CryptoPrevent at http://www.foolishIT.com/vb6-projects/cryptoprevent/
Again, while there is no 100% solution to preventing a CryptoWall infection, these are several things that can be done to mitigate your chances of infection.