What is CryptoWall?
Cryptowall is a encrypting ransomware
that was made to target all versions of Windows operating systems that includes
Windows XP,Windows Vista, Windows 7, Windows 8. The deployment of Cryptowall
goes through infected email messages & fake downloads. Once it deployed on
your computer first it stops the shadow copy service so no restore point can be
created, then it upload all document, picture files to server, encrypt on
server then delete the original data file and replace them by copy of encrypted
files. Now as this ransomeware will ask for money ($500) in bitcoins within a
specific time limit to pay for decrypting the files. As it Cryptowall uses RSA Algorithm
2048 to encrypt the file it’s impossible to decript until we have the key. As
RSA 2048 algo is made for security which cannot be decrypt this thing made
impossible to decrypt a file encrypted by this Cryptowall. Cryptowall encrypt
the file with extension of (*.doc, *.docx, *.xls,
*.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.),This cyber criminals are
targeting customers who have importance to their data and they can pay for it.
As Cryptowall
gives you the files HELP_DECRYPT.PNG,HELP_DECRYPT.HTML and HELP_DECRYPT.TXT. To show how to decrypt this files
but any how it will redirect you to the specific page which will give you
information that how you can pay.How to use Tor browser (proxy browser).Cyber
criminal use this Tor browser to hide their identity and the place from where
they are operating all this cyber crime. PC user should know about the Fact
that infection can be removed by formatting the computer and put some
anti-ransomware to prevent all this in future but at the same side for
decrypting your data there is no possible way without paying ransom. Till now
there is no tool which can decrypt or resolve RSA 2048 without using private
key which is stored in command-and –control servers managed by cyber criminals.
Screenshot of a message presented within the HELP_DECRYPT.PNG, HELP_DECRYPT.HTML and HELP_DECRYPT.TXT files:
How to save
your computer and data from ransomware is not a big task, by using backup on an
external drive or on cloud you can
simply restore your important data without paying to this cyber criminals. By
paying the ransome asked by this ransomeware you are supporting these cyber
criminals. When you send the money you support their malicious business model.
And there is no guarantee that you will get your files
decrypted. So we suggest prevention is the only solution as there is no cure
for Cryptowall till now. For prevention please make sure don’t open junk emails
attachments as this is the primary source for infecting your computer.
According to research Cyber criminals use P2P networks and fake downloads. This
ransomeware comes as bundled with some free fake software download.
As every
software updates in this same manner this cyber criminal who made this have
been updating this ransomware time to time. The latest Cryptowall is version
3.0, some features which have been added lately are as follows:-
·
Cryptowall
2.0 uses it own Web to TOR Gateways (pay2tor.com, tor2pay.com, pay4tor.com and tor4pay.com)
·
New
version of Cryptowall generate unique bit coin payment address for each
victim.(Previously it was using common payment address for all victims)
·
The
new version turn off shadow copy services so no recover tool can recover the
original files.
Screenshot of an infected email message used in CryptoWall distribution:
CryptoWall virus removal:
Step 1
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced startup options, in the opened "General PC Settings" window select Advanced startup. Click on "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on the "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
STEP 2:
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the CryptoWall ransomware virus infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remaining CryptoWall files.
FOR HELP CALL US ON OUR TOLLFREE NO. 1-800-862-6504
SOURCE BY: PCRISK.COM
No comments:
Post a Comment