CryptoWall Virus

This virus is such a serious threat to users and businesses, we had to give it its own section.

UPDATE: 5/1/2016 – The threat continues, and the 4.0 versions have been released.

 

If you even SUSPECT a PC has been infected with this virus, or if it has been infected, shut down the computer immediately and do not turn it back on.

Call/text: 720-206-5498 or e-mail: denver.resq@gmail.com
We’ve had success with some clients, and your mileage may vary. Diagnosis/chance of recovery report is free.

 

Common/popular variants of this type of virus:
7ev3n, Alpha, AutoLocky, BitMessage, Booyah, Brazilian Ransomware, BuyUnlockCode, Cerber, CoinVault, Coverton, Crypt0L0cker, CryptoDefense, CryptoFortress, CryptoHasYou, CryptoJoker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptXXX, CrySiS, CTB-Locker, DMA Locker, DMA Locker 3.0, ECLR Ransomware, EnCiPhErEd, Hi Buddy!, HOW TO DECRYPT FILES, HydraCrypt, Jigsaw, JobCrypter, KeRanger, KimcilWare, KryptoLocker, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MireWare, Mobef, NanoLocker, Nemucod, OMG! Ransomcrypt, PadCrypt, PClock, PowerWare, Radamant, Radamant v2.1, RemindMe, Rokku, Samas, Sanction, Shade, SuperCrypt, Surprise, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TrueCrypter, UmbreCrypt, VaultCrypt, WonderCrypter

 

How to protect your data:
The first and obvious choice is to have a data backup. However, even this can get a bit tricky. With the later versions of the virus (2.0, 3.0 and especially 4.0), attached external hard drives become encrypted as well. So, if an external drive is attached continuously (and on an automated backup schedule or not) it’s likely to become affected by the virus.
Businesses, be advised: Once a computer becomes infected, the virus can spread to any PCs that are on the same network, as can Network Attached Storage (NAS) devices, and apparently any mapped cloud drives.

If data is backed up manually to a drive (and done on a regular basis), and then the drive is removed after each session, that is a lot safer. But the main obstacle with this method is remembering to do it.

Anti-Virus (AV) software can perhaps stop this infection. However, I’ve seen the virus sneak past three different, well known AVs.

 

The cloud solution:
The ‘cloud’ word is being thrown a lot these days. Having your data saved on the ‘cloud’ simply means your data is being stored on servers, in several data centers.

Carbonite offers great backup solutions, and it’s a great method to protect your computer and/or business from such viruses, and data loss (hard drive failures, damage, etc). Another benefit is the automation process – Carbonite will backup your data automatically as it is added/changed; so you won’t need to remember to manually do anything.

Carbonite works well against the CyrptoWall virus because it will save up to 12 versions of a single file OR go back 3 months (whichever comes first). So even if the user realized they have been infected only once everything was encrypted, continued to use the PC, and Carbonite backed up the ‘new’ versions of the infected files – they will still be able to go back to older versions of the files needed to be recovered. The files retrieved will be the version containing the latest changes, prior to encryption.

 

If you are interested in purchasing a Carbonite solution, please contact us or visit: PC-resQ Carbonite Backup Shop

 

General Information about CryptoWall:
The CryptoWall / CryptoVirus threat has been around for a couple of years, and it has many variations. It’s a virus that essential holds your data ransom and requires payment for its ‘release’ back to you. It works by infecting the machine, and working ‘quietly’ in the background, encrypting your files. When it has found and encrypted all of the files it was programmed to encrypt, it will announce its presence and request ransom.

For the encryption itself, there is no solution – it’s a very effective encryption method. When the virus was first developed (version 1.0), it was a serious threat but experts eventually found a way to ‘retrieve’ the decryption key, as the virus was saving it locally; this allowed for the decryption of files without payment. And there were other recovery methods that worked. Some versions came out that were newer, and again a vulnerability was found, and decryption could be initiated.

Version 4.0 of CryptoWall has now been released.

We have dealt with this virus on a few occasions, with clients who needed their data. Two were willing to pay, but luckily did not have to. We’ve had success recovering virtually all data, most of the data and no data. All we could do was perform virus removal, which is what the clients opted for.

For a more thorough description, you may read the following article: http://www.techrepublic.com/article/cryptowall-what-it-is-and-how-to-protect-your-systems/