The malware researchers also confirmed that encryption algorithm used to encrypt the victim’s files is the unbreakable AES 256 and the key is encrypted using RSA 2048.
The Cryptowall 4.0 infections were observed across the world, including in France, Italy, Germany, India, Romania, Spain, US, China, Kenya, South Africa, Kuwait and the Philippines.
As observed for other threats coming from Russia, Russian users seem to not interested by the ransomware because Cryptowall 4.0 doesn’t encrypt the files if it detects that the computer is using the Russian language.
CryptoWall is a profitable instrument in the hands of criminal organizations, the security researchers of the Cyber Threat Alliance have conducted an investigation into the cybercriminal operations leveraging CryptoWall 3.0 ransomware discovering that the criminals behind the dreaded ransomware already made $325 Million.
The victims have two possibilities, pay the ransom hoping to restore the encrypted documents or waiting that AV vendors will integrate the key used to encrypt their documents in their anti-ransomware solution. Unfortunately, this is possible only if security experts seize one of the C&C servers used by crooks and find on these machines the key used to encrypt the victim’s file.
To hamper the diffusion of the Cryptowall 4.0 Bitdefender has developed a software that allows users to immunize their computers and block file encryption process implemented by ransomware, including the Cryptowall 4.0.
Be aware, if the PC is already infected with CryptoWall 4.0, the “vaccine” will not sanitize it.
The tool is not a complete antivirus solution, but it is a supplementary layer of protection that could increase the resilience of the machine to malware based attacks.
(Security Affairs – CryptoWall 4.0, ransomware)