New Variation of Devastating Rasomware, Cryptowall, Infecting Systems

Watch KKCO 11 News' Coverage of Cryptowall here 

Watch KKCO 11 News' Coverage of Cryptowall here 


After a few months of inactivity, Cyptowall is back wreaking havoc and devastation.  Now, in its third variation, this destructive malware has generated over 1 million dollars in profits for cybercriminals.

What does Cryptowall Do?

Cryptowall is a form of ransomware. Once a computer is infected, a message appears stating that the user’s files have been encrypted. The program demands a ransom be paid in order to access, or unlock files. Currently,  ransom is set to $500 in the internet currency, bitcoins. In past versions of this malware, even after the ransom was paid, there were reports that victims did not receive a key to unlock their files. The Networks Unlimited Help Desk also reports that they have never witnessed a paid Cryptowall ransom that worked in restoring encrypted files.  

How Do You Get Cryptowall 3.0?

This new version of Cyrptowall is being distributed by drive- by downloads, or unintentional downloads. Commonly these are warnings that pop-up when you visit a new website. Examples are, “Your Java is out of date,” and “You need to update Adobe Flash Player.” Users essentially download these programs, thinking the program updates are needed to visit the website, but instead download the disguised ransomware. This happens when a website is compromised. Generally, the website itself is not malicious, but hackers have taken over and then begin distributing the malware through otherwise legitimate websites. Major websites have very strong security and are unlikely carriers of rasomware such as Cryptowall.

If you get an update request , or similar pop up, upon opening a new web page, immediately close your browser. 

**Legitimate warnings about updating software will never appear when visiting a new webpage. Instead, real warnings about updates will appear directly after starting up your computer.

How Can I Prevent Cryptowall?

As with any internet browsing and email-opening, practice caution. Just because you have anti-virus, does not mean that your system is protected. By clicking, downloading, and prompting a virus in any way, you bypass any protection your anti-virus would otherwise offer.

Have backups in place!

In the event that your system becomes infected, you can prevent paying the ransom AND losing your files by having backups. Your backups should be current, offsite, and in multiple locations.