A new version of the world's most widespread ransomware CryptoWall has migrated to the TOR network. It has been upgraded to version 2.0, and continues to encrypt files so that ransom can be extracted if there are no backups or if the backup process fails (which happens more often than you think).
Earlier versions of CryptoWall were not using TOR but HTTP, which allowed researchers to analyze the communication between the infected machine and the command & control server so they could take down the servers that delivered the malware.
October 1st, CryptoWall went live after a few months of testing, and now only uses the TOR network, which makes it much harder to analyze its communications and take down malware servers. You can expect this new version to spread like wildfire and use innovative ways to propagate itself, like using ads on websites that utilize vulnerabilities in browsers and browser plug-ins that were not patched by the user.
So, here are three things you HAVE TO, HAVE TO do:
- Make regular backups, and have a backup off-site as well. TEST your restore function regularly to make sure your backups actually work.
- Patch browsers AS SOON AS POSSIBLE, and keep the amount of plug-ins as low as possible. This diminishes your attack surface.
- Step all users through EFFECTIVE SECURITY AWARENESS TRAINING to prevent malware infections to start with.
Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth!
Find out how affordable this is for your organization. Click the button:
