.png)
CryptoWall ransomeware has already taken millions of files hostage
The fight against malware has always been a game of cat and mouse, and that much didn’t change with the rise of CryptoLocker. Shut down one strain and its engineers often had a new variant to distribute days later after making a few modest tweaks. CryptoLocker’s creators raked in a reported $30 million in the first 100 days of its distribution. With numbers like that, there was no doubt that someone, somewhere was going to follow in its footsteps — especially when the software kit to build that malware only costs $100.
CryptoWall appears to be spreading the way most nasty malware does today: through inboxes. Criminals and researchers alike know that the must vulnerable component of any cybersecurity scheme is the person sitting in the chair. Users are being phished with fake shipping notices and invoice and being duped into running executable attachments.
Early on, Dell Secureworks reports, there was a chink in CryptoWall’s armor. A flaw in its encryption system allowed the private key to be extracted and files to be recovered without paying the ransom. That changed on April 1, however, and today paying up seems to be the only way to decrypt files. Even without a decryption tool, there may be a simple way to get your files back — even if you don’t have any backups.
If you’re running Windows Vista Windows 7, you can restore unencrypted versions of your files through the properties dialog. Just right click a file (or folder to do it in bulk) and click the previous versions tab. If you’re not sure when the infection hit, just take a quick look at your directory: the date modified for all the files CryptoWall has hit is a safe bet. Pick a date prior to that, click restore, and you’re back in business.
The tab was removed from Windows 8, but the plumbing is intact. There’s an awesome piece of freeware called ShadowExplorer that will let you recover previous file versions with minimal effort.
0 comments: