Check Point Threat Alert: Cryptowall 4
ByCheck Point Research Team
Executive Summary
- Ransomware is a type of malware that restricts access to an infected computer system and demands a ransom payment to remove the restriction.
- Some ransomware encrypt the files on the system’s hard drive, while others may simply lock the system and display threatening messages to force the user to pay.
- Cryptowall is a ransomware Trojan which targets Windows. It first appeared in early 2014.
- The latest version, Cryptowall 4.0, appeared in November 2015 and it is considered a very prevalent ransomware.
Description
- Cryptowall 4.0 is the fourth version of the popular ransomware. It recently emerged with improved encryption tactics and better evasion techniques that help it deceive some antivirus platforms.
- Cryptowall 4.0 can exploit many more vulnerabilities than the previous versions. It is also better at staying under the radar and avoiding sandbox detection.
- Cryptowall 4.0 includes advanced malware dropper mechanisms to avoid antivirus detection.
- Detection rates of Cryptowall 4.0 in certain anti-virus and firewall products have decreased significantly compared to the previously successful Cryptowall 3.0 ransomware.
Check Point Protections
- Check Point Anti-Virus and Anti-Bot blades protect against Cryptowall 4.
- This includes a wide variety of network signatures, C&C URLs and file hashes.
- Check Point protections block Cryptowall’s communication with its C&C, preventing it from fetching encryption keys and encrypting the victim’s files.
Check Point Observation & Guidance
- Check Point analysis showed that almost no changes in the communication methods with the C&C domains occurred between Cryptowall 3 and Cryptowall 4. Therefore the same network signatures apply to both.
- Check Point continues to monitor and follow up on C&C domains for all versions of Cryptowall.
REFERENCES
Encrypting Ransomware: https://en.wikipedia.org/wiki/Ransomware#Encrypting_ransomware
Technical Description: http://www.theregister.co.uk/2015/11/09/cryptowall_40/
You may also like
November 2024’s Most Wanted Malware: Androxgh0st Leads the Pack, Targeting IoT Devices and Critical Infrastructure
Check Point Software’s latest threat index highlights the rise of ...
The Exploitation of Gaming Engines: A New Dimension in Cybercrime
Executive Summary Check Point Research discovered a new technique using ...
Navigating the Evolving Threat Landscape Ahead of Black Friday
As Thanksgiving and Black Friday approach, so do the risks ...
Spotlight on Iranian Cyber Group Emennet Pasargad’s Malware
Executive Summary On October 21, 2024, multiple emails impersonating the ...