Trojan Trouble: Keeping Cryptowall From Compromising Your Computer

Share via

Cybercriminals are constantly inventing new and improved viruses, worms and Trojan horses in an attempt to steal valuable information such as bank and credit card details. The latest threat to computer security comes in the form of ransomware, a type of malware that enters a computer and encrypts digital files before charging the owner a fee for the encryption key. The virus can cause huge problems for businesses and individual users, and those affected are left with no option but to pay the ransom if they wish to access their files.

What Is Cryptowall?

Cryptowall is a known as a Trojan horse as it initially appears as a harmless email attachment or download. However, once the virus enters a computer it immediately begins establishing connections to random servers and uploading information about the operating system. It will then begin copying all files on the system and encrypting them before deleting the original files. The virus will store additional files on the computer that contain ransom messages and instructions on how to make payment. User files are encrypted using a unique public key RSA – 2048 that is generated for each computer. Users must pay for the private key in order to decrypt their files. Earlier versions of the software originally demanded a payment of $500 in Bitcoins to restore a person’s files, but this has now been increased to $700 on newer versions such as Cryptowall 4.0. Those affected are given a certain amount of time to make payment before the ransom increases.

What Can I Do If I Have Been Affected?

Unfortunately there is currently no way to recover encrypted files without paying the ransom. Payment is handled over the Tor network to allow the criminals to remain anonymous. If you believe that your computer is infected with the Cryptowall virus, then avoid connecting any exterior hard drives or joining a shared network to prevent it from spreading. Look for any new files at the root of your file directories with names such as DECRYPT_INSTRUCTION.txt. Once you open this file you will most likely encounter the ransom message that gives you detailed instructions on how to make payment. Removal of Cryptowall is a relatively easy process, but simply removing the virus will not allow access to the encrypted files. On rare occasions, it is possible to recover backup files or restore the system to a previous point before infection, but newer versions of the virus will delete volume shadow copies making recovery impossible.

How To Protect Yourself Against Crypto Wall And Other Malicious Software

In order to protect your computer from malware attacks, it is important to have up-to-date antivirus software and a malware scanner enabled on your computer at all times. If you are unsure about whether your system is secure from malware threats, then you should take a look at CMIT Solutions for expert advice on protecting your files. All users should backup their files regularly and store them on an external hard drive. Cloud storage is a useful tool for those with limited space, but some viruses are capable of accessing information stored online. Most importantly, never open emails from unknown senders or click on links on dubious websites.

Should I Just Pay The Ransom?

Since there is no other way to access files that have been encrypted by Cryptowall, a large number of people choose to pay the ransom. However, there have been many cases of users paying the ransom and then not receiving the key leaving them unable to decrypt their files. Paying the ransom also means that you are handing money directly over to cybercriminals who will continue to extort money from the public in this way. Another problem that many victims encounter is how to raise the ransom demand. Bitcoins are a form of online currency that users must ‘mine’ for, and purchasing a stack of Bitcoins to the value of $700 is not as straightforward as it seems. Obtaining Bitcoins is often a slow process, and many people struggle to collect enough before the deadline.

The original Cryptolocker campaign stole over $30 million from online users showing just how serious a threat the virus is to both businesses and individual users. Cryptowall is just one example of the different ransomware viruses that are currently causing havoc online. Torlocker and Citroni are other types of ransomware that follow the same pattern as their predecessors. Cybercrime is estimated to cost the US economy more than $100 billion each year, so taking steps to protect your network is essential to avoid ending up out of pocket.

Share via
Joel Burns could be described as a computer geek! Always called upon when friends and family members computers go wrong, and having a job in tech too, his life does seem to revolve around computers in one way or another.