The battle between cyber criminals and digital security companies is never ending. Viruses like Cryptolocker, TeslaCrypt and CryptoWall are getting spread all over the world with their new flavors, forms and shapes as the hackers behind them keep updating them constantly. The most recent edition of Ransomwares, CryptoWall 3.0 is concentrated on network environments with Shared network drives. That’s where a lot of businesses save their mission critical information and files such as QuickBooks company file, CRM related files, spreadsheets, etc. In this post, we will review how to identify, prevent and restore from a CryptoWall infection.

What is Cryptowall?

This is Symantec’s definition of CryptoWall:

Trojan.Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted.

CryptoWall virus is capable of infecting all Windows versions including; Windows XP, Windows Vista, Windows 7, and Windows 8. Right after it infects the system, it encrypts predetermined files and blocks the user so that he/she wouldn’t be capable of accessing them. In order to restore these files, you will be offered to pay a ransom of $500. In most of the cases, it should be paid in Bitcoins and the payment should be transferred via Tor (anonymous web browser). This money transfer method is usually used by hackers and cyber criminals in order to hide their identity.

This is what you see if you try to open a file infected with CryptoWall:

Cryptowall Ransomware Screenshot Daytona Orlando

How would CryptoWall get into my computer?

  1. Be cautious when clicking links and visiting questionable websites. It can point your browser to download threats or visit malicious web site.
  2. Don’t download unknown “free” software.
  3. Avoid opening unknown e-mail attachments. Many affected users report receiving an unexpected e-mail with a ZIP attachment from a Yahoo.com address.

Cryptowall E-mail attachment

What to do if my computer is infected with CryptoWall?

  1. Immediately unplug your computer from the network and shut it down.
  2. Make sure all the network drives, backup and file shares are disconnected from the network.
  3. Contact your IT administrator or service provider.

How to Prevent Getting CryptoWall?

  1. Keep your Antivirus, Operating System and Web Browser updated.
  2. Avoid suspicious-looking emails and attachments. Do not open them unless you first verify the sender is a safe sender.
  3. When browsing the web, be sure to stay on pages that are known safe sites.

How to Get My Encrypted Data Back?

Paying the ransom will not essentially fix the problem. As it has been mentioned in this post on Sophos blog:

Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack.

We don’t think paying the ransom is the best idea because there’s no guarantee the criminals won’t up the ante, or that they’ll actually follow through on their promise to send you the keys to decrypt your files. And paying the ransom also supports a cybercriminal enterprise that will ensnare more victims.

Your best bet is to remove the virus using proper removal tools, rebuild the system and restore files from a recent backup. Our hybrid backup platform is immune to different ransomware attacks and your business data is protected and safe with us.