Ransomware is (Still) Here – Cryptowall 4

loughtecBlog: IT support | Virtual Desktop | Cyber Security- Loughtec: NI / ROI / UK

Cryptowall, the now-infamous encryption malware that locks files for ransom, has been updated.  Known as Cryptowall 4, the ransomware infects Windows machines, encrypts files, and demands users cough up crypto-cash to unlock their documents.
The new variant, thought to have been developed by Russian hackers, emakes it even harder to crack the files by scrambling file names.  While Cryptowall remains by far one of the most common families of the malware, its success has given rise to new families and variants.
Users are tricked into opening a zipped attachment from a spam campaign, which contains a malicious file, triggering an executable payload. The ransomware, upon install encrypts files making it almost impossible to regain access; it scrambles file names making it harder for victims to know which files are which.  System restore points are also erased, taking away the option of returning to a previously saved state.
The malware mocks the user, congratulating the user for becoming ??? a part of large community,??? according to BleepingComputer, which first detailed the changes.

The ransomware uses bitcoin as the means of payment, which like in previous versions is handled by a centralized Tor-based command-and-control server to store decryption keys, making the attackers almost impossible to trace.

Ransomware hits thousands every week, and costs users $18 million in losses, according to estimates from the FBI. Other figures suggest the Cryptowall family alone has generated about $325 million in bitcoin ransoms.

Prevention

It is critical for CEOs and CIOs to minimize risk of any virus.  Here are some common sense steps to take:
Keep regular backups:  This will mitigate the damage done by file-encrypting ransom-ware.
Keep anti-virus up to date