CryptoWall: We’ve seen it and it is DANGEROUS!

CryptoWall – a Serious Threat to Business IT.  It’s Real.  WE’VE SEEN IT!

We’ve followed CryptoLocker for a while (click here to see our post about it from 2013). A recent variant called CryptoWall is even more dangerous.

CryptoWall is ransomware. We have now seen it do significant damage first-hand.

Ransomware is a type of trojan (that’s the technical term) which encrypts (scrambles) all your files in the background, then demands money to restore the data to its original state. It will destroy all documents on the hard drive and on attached network drives once it activates.

A couple days ago we recovered data for a client who experienced a CryptoWall attack. This attack penetrated five up-to-date, best-in-class security fences. These systems include hardware and software firewalls, antivirus, antispyware and e-mail protection. And they come from three different vendors!

CryptolWall destroyed 300 gigabytes of data. That’s tens of thousands of files. Luckily we’ve used a great backup system with this client over the past few years. But recovery can still take hours. And there is no other good way to recover from one of these attacks. (You could pay the ransom, but there’s no guarantee.)

How does it come in?
CryptoWall is incredibly sophisticated and evades even top-ranked security systems. The only entry points we know of are e-mail messages and web pages. An end-user must click through a spoofed e-mail link or attachment or corrupted web page to launch the attack.

What can we do about it?
You should have already raised your security perimeter reasonably high with these key pieces:

  • a hardware firewall with advanced threat prevention
  • software firewalls on all servers and workstations
  • good antivirus (see AV Comparatives for rankings)
  • e-mail filtering
  • web filtering

But what’s important about CryptoWall is that it can still evade detection due to its sophistication.

So the lesson is don’t trust e-mail or web pages.

Be skeptical about e-mail attachments or links.  Call us if you see something weird: we can help you identify suspicious items.

How to NOT get CryptoWall:

  • Use Alt-F4 to close weird windows
  • ONLY visit websites that are work-related
  • Don’t trust e-mail you weren’t expecting and especially attachments
  • Don’t leave your web browser open when you don’t need it
  • Report any suspicious activity to us immediately
  • Use Mozilla Firefox or Google Chrome or Microsoft Edge as much as possible when browsing the web.  Don’t use Internet Explorer (it is a bigger target and Microsoft is discontinuing it).

Download Google Chrome here.

Download Mozilla Firefox here.

It costs our clients nothing to report strange behavior or for us to resolve an attack. Please call us immediately at 206-329-6600 if you see anything out of the ordinary.

For more information on CryptoWall, here’s an article complete with screenshots and information about removal and restoring files (hint: you must have good backups!)

Thank you for your attention to this.  Please let us know if you have any questions or would like more information on this topic.

-Brian Place, Principal