Cybercriminals bring out a new edition of Cryptowall

Cybercriminals netted almost $325 million in Cryptowall 3.0’s debut year. With over 800 command and control URLs and over 400,000 attempted infections it is easily the most prolific threat of 2015.  Unfortunately, there’s now a new edition of Cryptowall. Even more unfortunately, it will cost you $700. 

Below is the locally saved html web page that it will send you to. If you don’t notice that, you’ll definitely notice that all your files have been encrypted and a new update is that the entire name of the file has been randomised so you no longer know which file is which. They do this to create confusion on the severity of damage and increase the chance that you’ll pay out. They first congratulate and welcome you to CryptoWall community, then the rest of the instructions are pretty standard on informing you how install a layered tor browser and then connect to the darknet to pay them and get your files back. (as shown below)

They claim that the CryptoWall isn’t malicious and not intended to harm your data “Together we make the Internet a better and safer place” – which we hope you won’t fall for. On to the payment website and and we can see they immediately want $700. It wasn’t even a year ago when the default payment was $300…


However, Webroot will catch this specific variant in real time before any encryption takes place. They’re always on the lookout for more, but just in case of new zero day variants, remember that with encrypting ransomware the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into their consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero day variant of encrypting ransomware you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. You can view Webroot’s community post on best practices for securing your environment against encrypting ransomware.


Thank you to Webroot for this information.