What this (Cryptowall 4.0) shit is ?
This is new Ransomware in family of Cryptowall. This is bullsh*t ransomware that leaves no option to move for victim.
What it does ?
It does encrypt all your files, with file names (Yeah! that’s scary). It confuses victims.
“Cryptowall 4.0 still includes advanced malware dropper mechanisms to avoid antivirus detection, but this new version possesses vastly improved communication capabilities,” heimdal security says.
It drops files on your desktop named like HELP_YOUR_FILES.TXT, HELP_YOUR_FILES.PNG and HELP_YOUR_FILES.HTML, which includes congratulations message and how to help you files (by paying large amount via Bitcoin).
It uses Nuclear Exploit kit to spread this ransomware. This kit is capable to deploy a wide range of attacks, from Flash, Silverlight, PDF, and Internet Explorer exploits to the possibility of launching advanced pieces of malware and ransomware.
How to Prevent infection ?
- Keep your Windows operating system up-to-date. (If you are *nix user, lean back and have some beer, you’re safe)
- Above listed software pieces are vulnerable, minimize use of it. If you are not using Flash Player of PDF Reader frequently I recommend to uninstall it. For PDF’s use online readers.
- Create backup of your most important data or operating system. Take backup out from same machine, otherwise you will not be able to access it (after infection. of course! ).
- Use a free patch management software to update the software automatically for you.
- Use updated Security solution and make sure that it detects exploit kits and ransomware.
- Do not open any suspicious mail with/without attachment. See an example of such mail. As you can see this mail is from sender which I don’t know and with attachment and suspicious name of attachment. Which is again non of my business. So just delete. 🙂
- Use Ad Blocker extension to block affected ads.