Ransomware is typically spread through phishing emails that contain malicious attachments, Web-based instant messaging applications and drive-by downloading. Drive-by downloading occurs when a user visits an infected website or clicks on an infected banner. The malware is downloaded and installed without their knowledge.
Ransomware can encrypt files on local computers, shared network drives, synced cloud accounts and removable media. It can harvest your data and send it to cybercriminal servers to use it in future attacks. It may destroy your data if the encryption key is faulty or not downloaded correctly.
Ransomware may further enlist your computer in a botnet and use its resources to launch attacks on other victims.
What's new in CryptoWall v4.0?
CryptoWall 4.0 is more difficult to protect against than its predecessor, CrptoWall 3.0, according to Heimdal Security.
The CryptoWall code has been enhanced in several ways. It includes a modified protocol that enables it to avoid being detected, even by 2nd generation enterprise firewall solutions.
This lowers detection rates significantly compared to the already successful CryptoWall 3.0 attacks.
The second enhancement is that CryptoWall 4.0 encrypts file names as well as data. In previous versions of CryptoWall file names were left intact, so a victim only noticed the problem was when attempting to open a file. Although this development be more frustrating for the victim as it makes it more difficult to know what files need to be recovered, it can serve as an early warning to shut down the box and limit the spread of the malware.
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the help of a data recovery specialist.
Businesses may face:
- Temporary or permanent loss of sensitive or proprietary information
- Disruption to regular operations
- Financial losses incurred to restore systems and files
- Potential reputational damage