Topic: CryptoWall
Vendor: Malicious
Purpose: Informative.
Overview:

This is a rather nasty infection that is typically spread malicious links sent by email but this is not the only method of infection. In the past, ZIP and EXE distributions but the disguised link seems to be the method of choice at the moment however. Also reported, have been distribution methods of pop-ups and anti-malware websites that have malicious scripts and advertisement prompts. All of which require the end-user to Click on the request to be allowed into the environment.

This form of malware is referred to as “Ransomware” due to the fact that it literally holds your data hostage. Once installed, the variants will systematically “encrypt” data leaving it essentially useless.

A nastier characteristic that is common amongst these infections, is its ability to traverse any Network Share that the End User has access to.

Upon encryption of the data, the malware will then generate instructions on how to pay the software a “Ransom” in which it will provide a “key” that will allow you to unlock your data. This is of both illegal and there is no guarantee the criminals will live up to their part of the bargin.

Unfortunately there is currently no way to decrypt the data once infected and the data will have to be restored from backups.

7 Quick facts about CryptoWall
1. CryptoWall is a ransomware that is an improved version of “Crypto” malware family, a superior extention of Cryptolocker. It is affecting a variety of end users, businesses, and IT consultants.
2. CryptoWall targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8
3. CryptoWall is most likely to spread through websites by using malicious advertisements on well-known domains, such as The Guardian, Disney or Facebook.
4. Like other forms of ransomware CryptoWall encrypts the local files on end user’s computer system until a ransom is paid.
5. To arrange for ransom payment, CryptoWall displays a graphic file that instructs user to access a payment site that can be used to send in the money through the Tor network (Anonymity Online project). It only accepts the Bitcoins for payment.
6. There is no proven guarantee that paying ransom will result in restoring your data – just remember that if you choose to pay the ransom.
7. CryptoWall appears to have the ability to circumvent just about every Internet Security programs on the market.

Reference: http://iqonq.com/cryptowall-infections-on-the-rise/
http://www.engadget.com/2014/10/24/cryptowall-ransomware-attack-proofpoint-report/
http://stopmalvertising.com/malware-reports/cryptowall-behind-the-scenes.html