CryptoWall….It’s Baaaack!

CryptoWall….It’s Baaaack!


Cryptowall is a variant of the old Cryptolocker Virus or Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted. We call that type of exploit Ransomware! The Department of Justice infiltrated the Cryptolocker servers and put up a website to allow victims to decrypt their files for free. The threat typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware. Once the Trojan is executed on the compromised computer, it creates a number of registry entries to store the path of the encrypted files and run every time the computer restarts. It encrypts files with particular extensions on the computer and creates additional files with instructions on how to obtain the decryption key.

However the new variants of the Cryptolocker virus can’t be decrypted at this site and is infections are starting to rise. The Trojan is mainly distributed through spam campaigns, compromised websites, malicious ads, or other malware.

5In Cryptowall spam campaigns, the emails usually contain a malicious attachment and include a message attempting to convince the user to download the file. The email could claim that the attachment is an invoice, an undelivered package notice, or an incoming fax report. If the user opens the attachment, then their computer will be infected with Trojan Cryptowall. The Trojan may also be distributed through exploit kits hosted on compromised websites or malicious ads. Some of the exploit kits that have been used to compromise users’ computers with the threat include the Rig exploit kit and the Nuclear exploit kit. The Trojan may also arrive through other threats that have already compromised the computer.

Don’t let cyber criminals hold your files hostage!

Multiple layers of protection are the best protection.

What are multiple layers of protection?

Layer 1: Desktop Antivirus – Installed, Licensed, Updated, Real-time Scanning turned on, and regular scans for Virus and Spyware.

Layer 2: Firewall with a Gateway Antivirus feature– A good Firewall (like a Sonicwall), will scan all packets for known signatures at the firewall level.

Most people stop there because it is the normal protection suite from most security vendors, but it doesn’t seem to help on certain kind of attacks like Spyware, Phishing and Malicious Website links. Short of turning off the internet, what can be done to protect our users from the new Zero Day Viruses (viruses so new the signatures are not known yet) or Ransonware that hides in an innocent website?

Layer 3: Cloud Based Antivirus, Antiphishing, AntiSpyware – Controlling what content can be delivered to the protected client PC or server.

We call this product MDICloudCare. It is a little agent that sits on each PC that steers you around all the pitfalls on the web. It won’t let you wander off onto websites that attack you with viruses, kidnap you with malware, ransomware, or threaten you with phishing sites and other internet based threats. Feel free to just take a stroll on the internet at ease now and let MDICloudCare navigate you and your staff away from the dangers lurking in the dark. Because the protection is Cloud based, it is constantly being updated and catches even Zero Day Viruses, such as the FBI Virus and Cryptolocker. In a study done in Minneapolis this year, not a single subscriber to MDICloudCare got any viruses, not even the debilitating Cryptolocker.

MDICloudCare is protecting our customers on our Premium Support Plans. Find out how this inexpensive cloud layer, DNS protection could help you avoid the pitfalls of CryptoWall and its variants.

Tired of lost productivity, slow unresponsive PCs and high IT virus removal bills? You can eliminate those with this subscription. To find out more contact us at 330-898-2100 or email or visit us at

Article written by Mark Richmond, CEO of Micro Doctor Inc.


Leave a comment!

You must be logged in to post a comment.