1 min read

Russian Hackers are Behind Cryptowall 4.0; Bitdefender Creates Vaccine

Alexandra GHEORGHE

November 09, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Russian Hackers are Behind Cryptowall 4.0; Bitdefender Creates Vaccine

[UPDATE] The Cryptowall operators have modified the way they check whether a system has been infected or not, which renders the Cryptowall Vaccine ineffective in some cases. Because we cannot guarantee the proper functioning of the vaccine anymore, we decided to retire the project. Stay tuned for further updates.

Cryptowall 4.0 spam servers are located in Russia, according to ongoing analysis by Bitdefender’s anti-malware team. The Javascript-written malware downloads the CriptoWall component from a Russian server.

The investigation also reveals the encryption algorithm used is AES 256. The key is encrypted using RSA 2048, most likely because this second algorithm is resource-intensive.

Targeted countries we have identified so far include: France, Italy, Germany, India, Romania, Spain, US, China, Kenya, South Africa, Kuwait and the Philippines. Russian users seem to be safe. The malware doesn’t proceed with the encryption process if it detects Russian as a keyboard language.

How to prevent getting infected

Following the footsteps of its predecessors, CryptoWall has become a financial success for its creators. Recent numbers show that Cryptowall 3.0 inflicted an estimated $325 million in damages in the US alone. Its high turnaround prompted other cybercriminal groups to write new code that uses more sophisticated encryption algorithms. Therefore, it’s becoming harder for AV vendors to crack the code and come up with a solution.

To stop the spread of this threat, Bitdefender anti-malware experts have developed an antidote, a piece of software that allows users to immunize their computers and block file encryption attempts.

Download CryptoWall 4.0 vaccine here. [link removed]

Please remember that this tool acts as an extra layer of protection, together with your anti-malware solution. If your computer is already infected with CryptoWall 4.0, the vaccine will not help disinfect it. The tool should be installed and used as a proactive measure against this specific strain of ransomware.

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
Bogdan BOTEZATU

November 08, 2021

2 min read