fbpx
February 25, 2015January 4, 2018

cryptowall 3.0 is spreading worldwide

by in Blog

What is CryptoWall 3.0?
Cryptowall 3.0 is a file-encrypting ransomware program that was detected in January 2015.
CryptoWall is a file-encrypting ransomware program that was released around the end of April 2014 by a version 1.0 and 2.0.It targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. The media is commonly confusing CryptoWall with the CryptoLocker infection, when it is much more similar to the CryptoDefense ransomware. The most apparent similarity being that CryptoWall’s Decryption Service is almost identical to the one for CryptoDefense. In October 2014, the malware developers released a new version of CryptoWall called CryptoWall 2.0. This new version 3.0 have shorter time frame to pay for the ransom. The new version of CryptoWall has been detected by security experts at Microsoft and French researcher Kafeine, who has reported that the communication with the C&C (command and control) server is encoded with the RC4 algorithm and uses the I2P protocol. Some sources estimate that it has already infected over 700,000 computers up to version 2.

When you are first infected with CryptoWall it will scan your computer for data files and “encrypt” them using RSA encryption so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives it will open a Notepad window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500 USD and after 7days goes up to $1,000. This ransom must be paid in Bitcoins and sent to a Bitcoin address that changes per infected user.

Will you get your files after pay Ransom?
Yes, You will get a de-crypted key and can be use to open your encrypted file.

How to get my data without paying?
Option 1: Best case scenario – You have backed up your data on a regular basis, and now you can use the most recent backup to restore your files.
Option 2: Try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. They might help you in the process but keep in mind that they were not specially designed to encrypt information that was decrypted by this particular ransomware.
Option 3: Shadow Volume Copies
1. Install the Shadow Explorer, which is available with Windows Vista, Windows 7, Windows 8 and Windows XP Service Pack 2.
2. From Shadow Explorer’s drop down menu choose a drive and the latest date you would like to restore information from.
3. Right-click on a random encrypted file or folder then select “Export”. Select a location to restore the content of the selected file or folder.