Right after a new, badder version 4.0 of CryptoWall came out, Romanian security company Bitdefender has released a vaccine they claim will block ransomware infections.
Andra Zaharia of Denmark-based Heimdal Security stated that Cryptowall 4.0 is employing "vastly improved" communications and better code, so it can exploit more vulnerabilities. "Cryptowall 4.0 still includes advanced malware dropper mechanisms to avoid antivirus detection, but this new version possesses vastly improved communication capabilities," Zaharia says. "It includes a modified protocol that enables it to avoid being detected, even by second generation enterprise firewall solutions. "This lowers detection rates significantly compared to the already successful Cryptowall 3.0 attacks."
Bitdefender said: "The advent of ransomware in 2014 marked a turning point for the cyber-crime ecosystem. It poses one of the most dangerous threats to both consumers and organizations and ransomware writers have wielded it to extort more than $30 million in the Cryptolocker campaign alone. They’ve also destroyed user files such as database backups, source code, documents and spreadsheets that can be priceless assets for companies.
"We have now developed a vaccine that allows users to immunize their computers and block any file encryption attempts, even if they become infected with CryptoWall, one of the most powerful clones of the Cryptolocker malware. As usual, we advise customers to run a fully dedicated Internet Security solution such as those provided by Bitdefender to protect against all threats. The CryptoWall Immunizer is only effective in protecting systems that may get infected with the latest version of Cryptowall ransomware, version 4.0. While we are making all efforts to update the tool as soon as Cryptowall is modified, we recommend that you keep your antivirus solution always on and use this tool as an additional layer of protection." You can download the code here.
We have the vaccine running on some machines but have not had a chance to test this in our lab yet. Bitdefender has a very good reputation in the industry though, and comes recommended. I have all my machines at the house running it.
Having an extra safeguard against ransomware is a great idea, the current version looks like it was made for consumers though, it has no centralized management yet. And of course, having a "human firewall' made up out of well-trained end-users is a must these days. Effective security awareness training will provide a necessary additional security layer. Find out how affordable this is and be pleasantly surprised.
