CryptoWall ransomware

Discussion in 'malware problems & news' started by MrBrian, Aug 30, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    CryptoWall surpasses CryptoLocker in infection rates
    http://www.scmagazine.com/cryptowall-surpasses-cryptolocker-in-infection-rates/article/368920/
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    http://www.networkworld.com/article...ypts-us-firms-entire-server-installation.html
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Are any of the current antimalware apps able to detect and block this new variant of CryptoWall?
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Dunno, But I tend to doubt it. Bit Defender has a free download that is said to block Cryptowall 1 and 2.

    Bitdefender Anti-CryptoWall can keep an eye on your computer and block known encryption methods used by CryptoWall. No installation is required, so you just have to launch it in order to activate its protection mechanism.

    Aside from real-time anti-ransomware protection, this application integrates an immunization technique that prevents executables from the 'AppData' and 'Startup' folders to launch.

    http://labs.bitdefender.com/projects/cryptowall-vaccine-2/bitdefender-offers-cryptowall-vaccine/

    Cryptowall is totally insidious. You can only pay the ransome in Bitcoins, which most peeps don't know how to do, and if you don't pay within a certain amount of time the ransome doubles.
     
    Last edited: Jan 9, 2015
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Thanks for the info about Bitdefender Anti-CryptoWall; I'll have a look at it. Note that Hitman Pro Alert is designed to block encrypting ransomware. I'm checking in that thread to see if it's effective against this latest variant of CryptoWall.

    As for the insidiousness of CryptoWall I would agree; every effort must be made to avoid the problem.
     
  10. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,097
    Location:
    Hollow Earth - Telos
    Would Bitdefender Anti-CryptoWall be needed if you have HMPA Cryptoguard.
     
    Last edited: Jan 9, 2015
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Good question. I've asked in the HMPA thread about effectiveness against this new variant of CryptoWall. We could also ask there about whether or not using the Bitdefender app would increase protection.
     
  12. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,097
    Location:
    Hollow Earth - Telos
    Using the BD and HMPA stuff together might cause a problem.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Yes, it might; using the two together needs to be tested for compatibility.
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Is the bitdefender thing just HIPS?

    I seem to remember something similiar recently
     
  16. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,524
    Location:
    USA - Back in a real State in time for a real Pres
    I use BDIS which I like. Duh why else .... Anyways started using BD Anti-Cryptowall a few weeks ago. Can't remember the name but around 6 months ago I tried to install another BD standalone (don't remember) but BDIS popped up & said I'm covered already with BDIS. Nonsensical to me why BD Anti-Cryptowall isn't included with BDIS.
     
  17. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,097
    Location:
    Hollow Earth - Telos
  18. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    ESET Filecoder.png

    I've been searching ESET's Virus Radar site and have found additional stand-alone removal tools that are available to anyone that may need them.

    http://virusradar.com/en/tools/cleaners
    All under the "Filecoder" category
     
    Last edited: Jan 9, 2015
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    I installed this in a VM. It looks like all it does is prevent executables in %AppData% and %Startup% from running. Is that really enough to stop CryptoWall?

    Edit:

    CryptoPrevent monitors many additional locations:

    http://www.softpedia.com/get/Security/Security-Related/CryptoPrevent.shtml
     
    Last edited: Jan 10, 2015
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Removal is the least of the problem, don't you think? It has to be blocked in real time to prevent execution/encryption.
     
  21. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Yup, but it helps to have these tools at-the handy, would you not agree ? Most paid AV | AS Vendors now offer some level of protection from Ransomeware
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Agreed! :thumb:

    By the way, ironically after someone has been successfully attacked by encrypting ransomware if they use an antimalware to remove it it may also make it impossible to pay the ransom; a diabolical situation.
     
    Last edited: Jan 10, 2015
  23. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,097
    Location:
    Hollow Earth - Telos
    Adguard for Windows Filters might help to block CryptoWall and the others.
     
  24. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The last thing you would do is pay the ransomware Pirates. Your data is only as good as your last rescue CD | Boot media | rescue media | recovery options | disk imaging media options | etc.

    Most paid AV | AS vendors now have 24/7 assistance for these situations, and as I said already, there is protection in place via daily updates to your running software.
     
  25. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,524
    Location:
    USA - Back in a real State in time for a real Pres
    I read some stupid article lately, can't remember where though. The author unabashedly/idiotically advised his mother to pay the ransom think $500 by BitCoin. She ran around trying to find how & where to pay by BC. The service fee & or conversion rate changed so less than $500 was paid. So the ransom was raised. Mom explained & cried to the ransomer got them to send the decryption key. Never once was offline backups mentioned. If the author was in front of me I would have punched him & spit in his face.
     
Loading...