Preventing A CryptoWall v4 Ransomware Infection

Update: 10th January 2016:
In addition to the information/advice in this blog post; a more recent blog post also discusses a new type of ransomware threat and how to protect yourself against it

Thank you.

Original Post:
Early last week the technical support website BleepingComputer announced the discovery of a new version of the well-known CryptoWall ransomware.

Why Should I Be Concerned About This Malware?
As was previously mentioned in my post concerning ransomware, such malware infections encrypt your important files usually making them irretrievable. However, this new version of ransomware also encrypts the files names of the files that it encrypts making it hard to tell just what files you have lost since the names are now replaced with random characters. This also means that you will be unable to carry out a forensic data recovery of the encrypted files.

This means that you will be unable to recover any files that have been encrypted unless the ransom is paid (which I do not recommend doing, for the reasons given in my previous ransomware blog post). Some strains of ransomware had implementation in their encryption methods. This version of CrypytoWall doesn’t.

How Can I Protect Myself From This Malware?
As well as following the advice in my previous post on ransomware to prevent an infection, for this version of CryptoWall the most important action that I would recommend taking is a full backup of your most critical data (business and/or personal) and at least one such backup should not be connected to your computer (if it’s connected at the time the malware infects your computer, your backup could also be encrypted). In addition, test that you can restore any data that you wish from your backup before such a malware infection occurs.

Moreover, be very cautious of any attachment received within an email from people you know or from a company (well known or otherwise) stating that they have a delivery confirmation, a business document or an invoice for you to view. This malware can be installed when such documents are viewed. Furthermore ransomware infections can originate from phishing (defined) emails.

Finally, this thread on the BleepingComputer website can be used to discuss this infection or to receive support if you have been affected by it.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.