Cryptowall 2.0 Ransomware Further Developed by its Authors

The newest ransomware from an upgraded Cryptowall 2.0 attacks Windows 32 as well as 64 bit OSs (operating systems). Blog.emsisoft.com reported on 7th January, 2015 stating that this ransomware is the newest in the hacker's armory in which it takes data of user and uses it as captive for ransom.

Cryptowall 2.0 employs the TOR network to cover and confuse its command and control servers. The TOR network is a compilation of community networks which are used together to conceal traffic of the network. Cisco Talos Security and Intelligence Research Group lately launched their research findings noting that the ransomware employs many layers of encryption making it almost undetectable.

Threatpost.com reported on 6th January, 2015 quoting Earl Carter, Security Research Engineer of Talos, as saying "They went through a lot of work to veil the executable in encryption to check if it's running in a virtual machine and the potentiality to abuse multiple environments. So much was placed inside Cryptowall 2.0 and someone labored a lot on the front end to shun detection."

Cryptowall was discovered around one year ago and threat actors have used it to produce notable profits. First-generation ransomware would bolt a system and thereon generate false messages informing the victims that their system had been seized cause of illegal online activities whereas Cryptowall and its close relative Cryptolocker upped the ante and encrypted files on compromised systems. The malware insists for ransom for getting the decryption key in an attempt to restore data of the user which is not delivered many times even if the ransom is paid over.

CryptoWall 2.0 is delivered through email attachments, exploit kits and malicious PDFs. It uses privilege-escalation vulnerability in X86-based machines to exploit 32-bit OSes - starting with Windows Vista - and includes a 64-bit DLL to work on AMD64 systems.

Ransomware is a growing threat to users of computer with new variants continuing to develop. Layered security approach is needed to identify and stop these new complex variants and breaking any step in the attack chain will successfully stop this attack. Hence, blocking initial phishing emails and blocking network connections to known malicious content and also stopping malicious process activity are critical to fight ransomware and stopping it from being hostage of your data.

» SPAMfighter News - 1/14/2015