CyrptoWall 4.0 Released

Discussion in 'malware problems & news' started by itman, Nov 4, 2015.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Been following Cryptowall 4.0 discussion and findings over at: http://www.bleepingcomputer.com/for...lp-your-files-ransomware-support-topic/page-1

    This bugger appears to be especially targeted at business; just as has been recently predicted future ransonware targets will be. CW 4.0 appears to have this consistent common characteristic:

    So far, all e-mails have the same theme: 163[.]com sending domain, fake resume .ZIP attachment containing a (malicious) .JS file.
    Eset had a signature for the payload within a day of "in the wild" discovery.

     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    This one uses %ProgramFiles% directory. Again, a HIPS rule that monitors and alerts to changes of registry start up keys would allow you to thwart this bugger:

    To stay persistent on the infected machine, the ransomware creates the following registry key, previously copying the original executable to the %ProgramFiles% directory:

    Key: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”
    Value: “pr” = "%ProgramFiles%\”${RANSOMWARE_PATH}
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    If you can live this:

    This tool is great but it is not staying loaded on reboot… Local user does not have admin access to run install at startup every reboot. IS there a slolution?
    Same problem reported by Wilders users: https://www.wilderssecurity.com/threads/bitdefender-free-cryptowall-vaccine.371399/


     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
Loading...