For HomeFor BusinessFor Partners
Anti-Malware Research
1 min read

Russian Hackers are Behind Cryptowall 4.0; Bitdefender Creates Vaccine

Alexandra GHEORGHE

November 09, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Russian Hackers are Behind Cryptowall 4.0; Bitdefender Creates Vaccine

[UPDATE] The Cryptowall operators have modified the way they check whether a system has been infected or not, which renders the Cryptowall Vaccine ineffective in some cases. Because we cannot guarantee the proper functioning of the vaccine anymore, we decided to retire the project. Stay tuned for further updates.

Cryptowall 4.0 spam servers are located in Russia, according to ongoing analysis by Bitdefender’s anti-malware team. The Javascript-written malware downloads the CriptoWall component from a Russian server.

The investigation also reveals the encryption algorithm used is AES 256. The key is encrypted using RSA 2048, most likely because this second algorithm is resource-intensive.

Targeted countries we have identified so far include: France, Italy, Germany, India, Romania, Spain, US, China, Kenya, South Africa, Kuwait and the Philippines. Russian users seem to be safe. The malware doesn’t proceed with the encryption process if it detects Russian as a keyboard language.

How to prevent getting infected

Following the footsteps of its predecessors, CryptoWall has become a financial success for its creators. Recent numbers show that Cryptowall 3.0 inflicted an estimated $325 million in damages in the US alone. Its high turnaround prompted other cybercriminal groups to write new code that uses more sophisticated encryption algorithms. Therefore, it’s becoming harder for AV vendors to crack the code and come up with a solution.

To stop the spread of this threat, Bitdefender anti-malware experts have developed an antidote, a piece of software that allows users to immunize their computers and block file encryption attempts.

Download CryptoWall 4.0 vaccine here. [link removed]

Please remember that this tool acts as an extra layer of protection, together with your anti-malware solution. If your computer is already infected with CryptoWall 4.0, the vaccine will not help disinfect it. The tool should be installed and used as a proactive measure against this specific strain of ransomware.

tags

Anti-Malware Research

Author

Alexandra GHEORGHE

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs.

View all posts

Right now Top posts

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

AI meets next-gen info stealers in social media malvertising campaigns
Anti-Malware Research Scam Research

AI meets next-gen info stealers in social media malvertising campaigns
When Stealers Converge: New Variant of Atomic Stealer in the Wild
Anti-Malware Research

When Stealers Converge: New Variant of Atomic Stealer in the Wild
Andrei LAPUSNEANU

February 27, 2024

6 min read
Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
Anti-Malware Research

Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
Jubaer Alnazi JABIN

February 22, 2024

4 min read

Bookmarks

loader