Petronella Blog Archive

Visit our New Blog

The Return of Ransomware

Blog Post

After IT security specialists thought they had a handle on it, the infamous ransomware CryptoWall, the descendant of Cryprolocker, has returned, and it's tougher than ever.

Ransomware, if you don't recall, is malware that lets a hacker lock up files on your computer and demand money to release it.  Currently, files are usually held for ransom for $500.  After a week the ransom doubles.

Recently, what's been dubbed CryptoWall 3.0 has been spotted.  This new version gives hackers more privileges on the victim's computer and now uses exploit kits, which makes distribution easier.

To make it even more difficult, the newer version relies not only on the anonymous network TOR, but also on the even more shadowy network I2P (Invisible Internet Project).  It's even thought that CryptoWall 3.0 can still be fully operational if either network is inaccessible.

CryptoWall 3.0 also features geolocation and translation services so ransom demands can show up in the local language of whatever computer is infected.  This is useful to the hackers since the malware has infected computers worldwide.  It also allows for longer ransom periods and is able to detect whether it is being installed on a virtual machine, which can be used by security teams to work on finding vulnerabilities of malware.

So far, there is no known way to get around CryptoWall 3.0, so be careful about opening emails you do not recognize.