Cryptowall 4.0 : Save your Ass (Prevention tips)

What this (Cryptowall 4.0) shit is ?

This is new Ransomware in family of Cryptowall. This is bullsh*t ransomware that leaves no option to move for victim.

What it does ?

It does encrypt all your files, with file names (Yeah! that’s scary). It confuses victims.

“Cryptowall 4.0 still includes advanced malware dropper mechanisms to avoid antivirus detection, but this new version possesses vastly improved communication capabilities,” heimdal security says.

It drops files on your desktop named like HELP_YOUR_FILES.TXT, HELP_YOUR_FILES.PNG and HELP_YOUR_FILES.HTML, which includes congratulations message and how to help you files (by paying large amount via Bitcoin).

CryptoWall 4 files on desktop

CryptoWall 4 – files on desktop

CryptoWall 4.0 prevention

It uses Nuclear Exploit kit to spread this ransomware. This kit is capable to deploy a wide range of attacks, from Flash, Silverlight, PDF, and Internet Explorer exploits to the possibility of launching advanced pieces of malware and ransomware.

How to Prevent infection ?

  • Keep your Windows operating system up-to-date. (If you are *nix user, lean back and have some beer, you’re safe)
  • Above listed software pieces are vulnerable, minimize use of it. If you are not using Flash Player of PDF Reader frequently I recommend to uninstall it. For PDF’s use online readers.
  • Create backup of your most important data or operating system. Take backup out from same machine, otherwise you will not be able to access it (after infection. of course! ).
  • Use a free patch management software to update the software automatically for you.
  • Use updated Security solution and make sure that it detects exploit kits and ransomware.
  • Do not open any suspicious mail with/without attachment. See an example of such mail. As you can see this mail is from sender which I don’t know and with attachment and suspicious name of attachment. Which is again non of my business. So just delete. 🙂
    Malicious mail with attachment

    Malicious mail with attachment


  • Use Ad Blocker extension to block affected ads.


Enjoy !!!

Shyam has written 22 articles

Shyam is senior full stack developer, who loves to explore new technologies and work on them. He's passionate about coding so can code 24/7. He uses PHP as a backend programming language.

He knows Laravel, MySQL, AngularJS, ReactJS, Redis, Kubernetes, Git, CodeIgniter, PHP, MVC pattern, Lodash, jQuery, VanilaJS, Teamcity and many other technologies and tools.

Shyam writes notes and hacks on his blog ( In spare time he can be found @ StackOverflow or crafting any new open source application.

Passionate Programmer and Meditator #PERIOD.