
Check Point Threat Alert: Cryptowall 4

ByCheck Point Research Team
Executive Summary
- Ransomware is a type of malware that restricts access to an infected computer system and demands a ransom payment to remove the restriction.
- Some ransomware encrypt the files on the system’s hard drive, while others may simply lock the system and display threatening messages to force the user to pay.
- Cryptowall is a ransomware Trojan which targets Windows. It first appeared in early 2014.
- The latest version, Cryptowall 4.0, appeared in November 2015 and it is considered a very prevalent ransomware.
Description
- Cryptowall 4.0 is the fourth version of the popular ransomware. It recently emerged with improved encryption tactics and better evasion techniques that help it deceive some antivirus platforms.
- Cryptowall 4.0 can exploit many more vulnerabilities than the previous versions. It is also better at staying under the radar and avoiding sandbox detection.
- Cryptowall 4.0 includes advanced malware dropper mechanisms to avoid antivirus detection.
- Detection rates of Cryptowall 4.0 in certain anti-virus and firewall products have decreased significantly compared to the previously successful Cryptowall 3.0 ransomware.
Check Point Protections
- Check Point Anti-Virus and Anti-Bot blades protect against Cryptowall 4.
- This includes a wide variety of network signatures, C&C URLs and file hashes.
- Check Point protections block Cryptowall’s communication with its C&C, preventing it from fetching encryption keys and encrypting the victim’s files.
Check Point Observation & Guidance
- Check Point analysis showed that almost no changes in the communication methods with the C&C domains occurred between Cryptowall 3 and Cryptowall 4. Therefore the same network signatures apply to both.
- Check Point continues to monitor and follow up on C&C domains for all versions of Cryptowall.
REFERENCES
Encrypting Ransomware: https://en.wikipedia.org/wiki/Ransomware#Encrypting_ransomware
Technical Description: http://www.theregister.co.uk/2015/11/09/cryptowall_40/
You may also like
Cyber Criminals Exploit Pope Francis Death to Launch Global Scams
Following Pope Francis’ death, as is common with global events ...
Securing the Hybrid Workforce in the Age of AI: 5 Priorities for 2025
Generative AI is transforming the modern workplace. It offers new ...
The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases
Key Findings The number of publicly-mentioned and extorted victims in ...
Microsoft Dominates as Top Target for Imitation, Mastercard Makes a Comeback
Phishing attacks are one of the primary intrusion points for ...