A new variant of the CryptoWall ransomware is making the rounds, labeled as version 4.0. It behaves in a similar manner, arriving as an attachment to an email that the user clicks to install the malware, which begins encrypting disks and shares. From Palo Alto networks:
“This new version of CryptoWall includes multiple updates, such as a more streamlined network communication channel, modified ransom message, and the encryption of filenames. These changes not only make it more difficult for the victim to identify what files have been encrypted, but also may thwart security protections currently in place for the CryptoWall threat.”
Romanian antivirus company BitDefender has released a ‘vaccine’ to prevent new infections, though it only targets the latest CrytpoWall 4.0 variant, and does not protect against earlier versions, nor recover already infected machines.
If you talk to a customer who has been infected, or wants to ensure they are protected, then we can assist them with an initial discovery, some immediate steps to help prevent all ransomware, and remediation options if there are infections.