Story image

CryptoWall 4.0 - briefly explained and analysed

09 Feb 16

CryptoWall 3.0 has been hugely successful – netting cybercriminals nearly $490 million NZD in its debut year. With over 800 command and control URLs and over 400,000 attempted infections, it was easily the most prolific threat of 2015.

And now we are seeing its successor - CryptoWall 4.0. This ransomware comes out with new revisions almost as much as Apple does with iPhones. The bad news is that both will set you back $700+. 

It comes to you as a phishing email – as per usual. After all, phishing is the most effective way for cybercriminals to deliver a payload.

Once clicked, this is the locally saved HTML web page that it sends you to. If you don’t notice that, you’ll definitely notice that all your files have been encrypted – and a new update is that the names of the files have been randomised so you no longer know which file is which. This is to create confusion on the severity of damage - and increase the chance that you’ll pay up. As you can see from the image, they first congratulate you and welcome you to the CryptoWall community – how nice.

The rest of the instructions are pretty standard – informing you how to install a layered tor browser, connect to the darknet to pay the ransom and get your files back. At the bottom, they have some very curious additional information.

The malware authors actually claim that the CryptoWall is not malicious or intended to harm your data and even proclaim: “Together we make the Internet a better and safer place” – who are they fooling? This is new messaging, and was not seen on previous variants.

On to the payment website and we can see that $700 is demanded immediately. It wasn’t even a year ago when the default payment was $300. Cybercriminals are indeed becoming more sophisticated, smarter and ruthless!

Article by Tyler Moffitt, a senior threat research analyst at Webroot. On a daily basis he is immersed deep within the world of cyberthreats – gathering and testing malware samples from the wild, creating anti-malware intelligence, writing blogs and testing in-house security tools.

Want a more in-depth look at CryptoWall 4.0 - and other malware variants? Register for “The 2016 Malware Forecast” on February 24th. In this live webinar, Tyler will offer expert insights into the latest cybercriminal activity – and the threats of tomorrow. Register now.

Want to speak to Webroot's cybersecurity experts in person? You can join them from February 16-19 at the exeed “Networking and Security Roadshow” in Dunedin, Christchurch, Wellington, and Auckland. Learn more.

Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Survey shows that IoT is RoI across Asia Pacific
A recent Frost & Sullivan survey across Australia, Hong Kong and Singapore shows that IoT deployment improves business metrics by around 12%.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.