Home / Removal Guide / Ransomware / CryptoWall ransomware, detailed instruction and protection

CryptoWall ransomware, detailed instruction and protection

[Total: 0    Average: 0/5]

About CryptoWall ransomware

The CryptoWall virus is a new type of Ransomware. It first appeard in the early 2014, it uses lots of techinics like AES encryption and unique CHM infection mechanism. This particular ransomware appered right after another representative of ransomware, CryptoLocker, was finished. It goes under different names like CryptoDefense, Cryptorbit, CryptoWall 2.0, CryptoWall 3.0 and CryptoWall 4.0.

All versions of this ransomware are widely using various exploit kits, spamming and advertising to be able to infect the system of a user. CryptoWall was developing from more early variation to the last one and became more complicated and harder to analyze. For example, the first version of this virus was using an RSA public key for file encryption, it was generated on the command and control server. More advanced version are using AES key for file encryption and after that, encryption of the AES key using a unique public key that is generating on a server. Because of all these activities it is impossible to the actual decryption key.

CryptoWall infection

As we told before, CryptoWall was using exploit kits to infect a computer. The new version of this ransomware is using spam attachments of CHM files. Users need to download and open this file manually to get infected.

Here is the example of the spam attachment:

CryptoWall ransomware spam

How it`s working

The CryptoWall virus starts its work by creating a new explorer.exe process, injects its unpacked CryptoWall binary and executes the injected code. After that, this virus deletes all volume shadow copies of your system, so you wouldn’t be able to recover the encrypted files.

After that, the encryption process starts. Here is a full list of files, that will be encrypted by this virus:

xls, wpd, wb2, txt, tex, swf, sql, rtf, RAW, ppt, png, pem, pdf, pdb, PAS, odt, obj, msg, mpg,
 mp3, lua, key, jpg, hpp, gif, eps, DTD, doc, der, crt, cpp, cer, bmp, bay, avi, ava, ass, asp, js,
 py, pl, db, c, h, ps, cs, m, rm.

Once all the files are encrypted, CryptoWall ransomware shows users next note:

CryptoWall ransomware note

This ransom demand text is written into several files with “DECRYPT_INSTRUCTIONS” in their file names, and will be opened in three different applications – text file editor, a png image in image viewer and an html page in default web browser.

How to prevent CryptoWall infection and other ransomware viruses:

The best way to protect your computer from infection is to avoid this infection at any cost. We are glad to announce that our anti-ransomware product is now ready for a beta release! GridinSoft Anti-Ransomware beta was developed to protect your computer from cyptoviruses. Try this program, it may save your computer from possible future infection. Help us make GridinSoft Anti-Ransomware better by leaving your feedback! To install this program follow next steps:

Download GridinSoft Anti-Ransomware

Check Also

How to detect Anatova Ransomware?

[Total: 0    Average: 0/5] Anatova malware is not a typical bot or keylogger, this …

.Tfudeq (_openme.txt) scary alerts (removal instructions)

[Total: 0    Average: 0/5] .Tfudeq (_openme.txt) malware is not a typical bot or keylogger, …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.