CryptoWall has been a huge threat for computer users since its release. Silently, it encrypts all local data and any data it can see on network shares. After the damage is done, it then requests "ransom" in return for decrypting your files – with no guarantee that paying the ransom will actually get your files back.
If your computer is infected and is attached to a network, the infection can spread to files on your server and potentially the other computers on the network. The infection can also spread to your backup.
CryptoWall 2.0 has changed, making it harder to prevent and harder for a victim to recover their files. These changes include unique wallet IDs to send ransom payments and secure deletion of original unencrypted files. Sadly, the Group Policy safeguards that we implemented on your network in the past can no longer provide protection.
Previously the most common source was via email. This version is exploiting add-ons used by advertisers on many websites including common sites such AOL, Yahoo and more.
What to do:
• Advise all staff to look out for emails posing as receipts or invoices with attachments.
• Do not open unknown PDF's or attachments of any kind.
• Avoid unknown or suspect websites.
• Let staff know that if they do accidentally open something, they should alert you immediately – the malware will NOT notify the user of the infection until the damage is already done – and that could be hours or days. Do not wait and hope for the best.
• Make sure your machines are fully patched for not only Microsoft updates but also add-ins such as Java, Flash, Silverlight, Adobe, and all your web browsers such as Firefox and Chrome.
• Make sure your backup runs every day. The only certain way to recover your files once they are encrypted is to restore from a backup prior to the infection.
If you suspect you have been hit:
• At first sign of trouble turn off the infected computer and take it off the network.
• Call us!