Aware of Cryptolocker / Cryptorbit / Cryptowall Virus.

Kindly find below the detail information about Cryptowall 3.0 Ransomware.

We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including “Cryptolocker” that was taken down along with the “Gameover ZeuS” botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall.

cryptolocker-cryptorbit-cryptowall-ransomware-virus

Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim’s computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits.

Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security researchers warned.

The new version, dubbed Cryptowall 3.0 (or Crowti), uses Tor and I2P (Invisible Internet Project) anonymity networks to carry out communication between victims and controllers keeping it away from researchers and law enforcement officials.

The cryptolocker/Cryptorbit/Cryptowall Malware encrypts files with the RSA algorithm and key to decrypt file is not statically available in mother infector. It spreads through an email that appears to be a tracking notification from unknown people. In the mail there is zip file and inside that zip file is a double-extension file such as *.pdf.exe. The .exe file lets CryptoLocker run on your computer, while the innocuous .pdf extension hides the file’s true function.

Availability of key depends on C&C server communication.

RSA decryption Key generation by brute force is not feasible solution. So decryption of all the encrypted files is not possible in these cases.

Kindly go through below link for your reference about this virus:

http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCrowti

We recommend you to take below preventive measures:

  1. Stay patched. Keep your operating system and softwares up to date.
  2. Make sure your anti-virus is active and up to date.
  3. Avoid opening attachments you weren’t expecting, or from people you don’t know well. Kindly inform any incoming mail from unknown person/Email ID immediately to your IT Team.
  4. Make regular backups of your important data and store them somewhere safe, preferably offline.
  5. update your firewall and all security patches.
  6. update and re check your gateway level web filtering policies and security.
  7. update your mail server antivirus and all security patches.
  8. update and re check your mail server mail filtering and security policies.
  9. do not click any unknown links.
  10. do not accept/yes any unknown web request.