We recently reported that CryptoWall 3.0 has allegedly caused over $325 million in annual damages. CryptoWall first emerged in April 2014. Its first major upgrade was dubbed CryptoWall 2.0, and first emerged in October 2014. CryptoWall 3.0 then emerged in January 2015 and terrorized organizations on a global scale. Now, in November 2015, CryptoWall 4.0 has emerged.
New features such as the encryption of the names and extensions of affected files have emerged with the 4th member of the CryptoWall family. Additionally, CryptoWall 4.0 has changed the name of its ransom notes to HELP_YOUR_FILES.TXTand HELP_YOUR_FILES.HTML.
The ransom note itself contains payment instructions and also mocks the infected user.
However, it’s likely that exploit kits will begin to deliver CW4 as a payload very soon, if they are not already (especially the Angler EK).
The C&C communication and behavioural activity of CryptoWall 4.0’s payload is quite similar to its earlier versions. The specific sample that I have analyzed performed the following actions, as can be evidenced by the below images.
Added Registry Keys
About the Author Michael Fratello
Edited by Pierluigi Paganini
(Security Affairs – CryptoWall 4.0, ransomware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.