A new variant of the notorious CryptoWall strain has now surfaced after security researchers discovered new features with the latest version of the ransomware now dubbed CryptoWall 4.0.
A new ransom note, new file names and a new encryption technique that covers individual file names along with the data are all hallmarks for the newest CryptoWall 4.0. Security researchers at BleepingComputer have discovered and spread word of the new variant of the ransomware that was initially dubbed help_your_files ransomware.
CryptoWall 4.0 – What’s new?
Researchers note the encryption of filenames along with the encrypted files and data to be the biggest and most significant change in the latest version of CryptoWall. For instance, every filename such as OctoberExpenses.xls will be encrypted into a unique string such a 9575s1ad.56f59e.
This deals a substantial blow for those who are looking to regain their data without paying the ransom, as the new hack instantly makes the process of identifying important files frustrating for the victim.
The other visible change in the newest version of the malware strain is a complete redesign of the ransom note in HTML. The file name of the note mocks victims with its name : help_your_files.html.
Related Article: Cryptowall Ransomware May Have Banked $325 Million for Its Developers
Amusingly, the developers behind the CryptoWall ransomware family claim the entire ransomware strain — that has affected hundreds of thousands of victims to claim hundreds of millions of dollars — is not mean to be malicious and contend its purpose is for the betterment of information security.
An excerpt from the new ransomware note read:
CryptoWall Project is not malicious and is not intended to harm a person and his/her information data.
The project is conducted for the sole purpose of instruction in the field of information security, as well as certification of antivirus products for their suitability for data protection.
Together we make the Internet a better and safer place.
Several intrusion methods remain the same as the previous strains. Notably, the distribution technique used to spread the malware is via zipped email attachments that pretended to contain a resume. As CryptoWall victims from all around the world will now point out, the resume contains a malicious JavaScript file that, when executed, downloads an executable file to the Windows temporary folder before triggering the payload.
CryptoWall 4.0 also continues to use digital currency Bitcoin as its means to demand ransom payments.
Researchers and security software companies are certain to be working on ways to protect users’ computers from the latest variant. However, it is crucial to note that at this time, there is no way to recover your encrypted files if you do not have a previous backup. The only other way is to actually pay the ransom demand, unfortunately.
Suffice to say, backup your files immediately and watch out for suspicious zipped email archives.
