Cryptowall Ransomware: A new way of online extortion

By July 17, 2014Media, TV Media

A new online scam is putting your data at huge risk. Terry Cutler, Chief Technology Officer Digital Locksmiths explains what Cryptowall is and how you can protect yourself from it.

This is ONE NASTY virus that you need to know about. Please check your nightly backups because if you get hit with this, you’re gonna have a bad day !!

Aired Thursday Jul 17, 2014 on Global News Montreal TV

What is the cryptowall?

This virus can cause you to have a REALLY bad day. CryptoWall is ransomware that seeks out and encrypts documents on the infected machine and any connected shares or drives. The encrypted files are held ransom for a fee. If the fee is not paid within a specific timeframe, the fee will be doubled. If it is still not paid, the encrypted files will be deleted. Decryption is only feasibly possible given the purchase of the key. However, open source intelligence suggests paying the fee does not always result in the restoration of files.

Who is doing this?

Large group of organized criminals specializing in Ransomware. This one is a bit different from the original Crypto-locker but the concept is the same. It encrypts all of your files and then leaves payment instructions (ransom notes) in every folder it managed to encrypt. The key needed to decrypt your files must be purchased from the criminals.

What happens to your computer/data?

Once Cryptowall enters your PC it encrypts .doc, .jpg, .pdf, .ppt and other types of files. The Virus also places Decrypt_Instruction.url, Decrypt_Instruction.txt and other files within a folder of the encrypted files.

What can people do to protect themselves?

FIRST THING, and you’ll thank me one day for this !! Go out and buy an external hard drive and backup your data on a nightly basis. You just never know when you’ll need it.

I recommend the following actions be taken:
• Since the emails are originating from spoofed email accounts, educate users on checking the senders of the e-mails and verify the legitimacy of the sender.

I’ve taken this initiative by creating InternetSafetyUniversity.com please subscribeTerry Cutler Creates Internet Safety university

• Do not to visit un-trusted websites or follow links provided by unknown or un-trusted sources
• Be cautious when clicking on links in emails coming from trusted sources
• Do not download suspicious or unauthorized programs
• Triple check that your anti-virus is installed and definitions are up to date
• If infected with CryptoWall, remediate the infection via a current antivirus versoin.

What should people do once they’re affected?

First thing to do is go into you control panel and uninstall anything to do with Crypt. Some of you will have something in there, others will not.

Next we restart computer into “safe mode”. Once your computer starts to reboot back up, keep pressing the F8 key to get it in safe mode. Once there highlight and click “safe mode”.

-Once your computer is booted up and in safe mode click on the start button and type in “regedit”. Now this step should ONLY be used by experts because you can really damage your windows operating system. If you’re not sure, call a pro to help or your 6 year old child 🙂

Search for the word “crypto” If anything with the word cryptobit or cryptorbit is found, we want to delete it.

– Now, follow this exact path.. Hkey_current_User–software–microsoft–¬windows–current version–run-

now look for Cryptorbit, right click it and click delete. And click yes to the prompt asking if you are sure you want to delete it.

– Now click on the Start menu then click on “Administrator”, then Appdata–Roaming– then find and delete Cryptorbit related files.

– Restart your computer as normal. If all the star align, you should have all your files back

BEWARE if you decide to go with automatic removal tools. They will also do the job, but they will also install advertising software and other annoyances, possibly even other viruses.

 

tcutler
Lets Connect

tcutler

VP of Cybersecurity at SIRCO
I’m Terry Cutler, the creator of Insider Secrets from an Ethical Hacker on Internet Safety …That’s a system that’s been used to help defend corporations and individuals from cyber threats.
 
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
 
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.
tcutler
Lets Connect

Author tcutler

I’m Terry Cutler, the creator of Insider Secrets from an Ethical Hacker on Internet Safety …That’s a system that’s been used to help defend corporations and individuals from cyber threats.   I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.   I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.

More posts by tcutler