CryptoWall 4.0 - briefly explained and analysed
FYI, this story is more than a year old
CryptoWall 3.0 has been hugely successful – netting cybercriminals nearly $490 million NZD in its debut year. With over 800 command and control URLs and over 400,000 attempted infections, it was easily the most prolific threat of 2015.
And now we are seeing its successor - CryptoWall 4.0. This ransomware comes out with new revisions almost as much as Apple does with iPhones. The bad news is that both will set you back $700+.
It comes to you as a phishing email – as per usual. After all, phishing is the most effective way for cybercriminals to deliver a payload.
Once clicked, this is the locally saved HTML web page that it sends you to. If you don’t notice that, you’ll definitely notice that all your files have been encrypted – and a new update is that the names of the files have been randomised so you no longer know which file is which. This is to create confusion on the severity of damage - and increase the chance that you’ll pay up. As you can see from the image, they first congratulate you and welcome you to the CryptoWall community – how nice.
The rest of the instructions are pretty standard – informing you how to install a layered tor browser, connect to the darknet to pay the ransom and get your files back. At the bottom, they have some very curious additional information.
The malware authors actually claim that the CryptoWall is not malicious or intended to harm your data and even proclaim: “Together we make the Internet a better and safer place” – who are they fooling? This is new messaging, and was not seen on previous variants.
On to the payment website and we can see that $700 is demanded immediately. It wasn’t even a year ago when the default payment was $300. Cybercriminals are indeed becoming more sophisticated, smarter and ruthless!
Article by Tyler Moffitt, a senior threat research analyst at Webroot. On a daily basis he is immersed deep within the world of cyberthreats – gathering and testing malware samples from the wild, creating anti-malware intelligence, writing blogs and testing in-house security tools.
Want a more in-depth look at CryptoWall 4.0 - and other malware variants? Register for “The 2016 Malware Forecast” on February 24th. In this live webinar, Tyler will offer expert insights into the latest cybercriminal activity – and the threats of tomorrow. Register now.
Want to speak to Webroot's cybersecurity experts in person? You can join them from February 16-19 at the exeed “Networking and Security Roadshow” in Dunedin, Christchurch, Wellington, and Auckland. Learn more.