Bitdefender antimalware researchers have put together a checklist of things to do to avoid getting infected with Cryptowall.
Cryptowall is a form of ransomware that uses the same encryption and extortion mechanisms as a previous threat, dubbed Cryptolocker. Local files are encrypted using a randomly generated 2048-bit RSA key pair that’s associated with the infected computer.
While the public key is copied on the infected computer, the private key can only be obtained by paying for it within an allocated amount of time. If payment is not delivered, the private key is supposed to be deleted, leaving no possible unencrypting method for recovering the locked files.
One of the most common infection vectors relies on drive-by-attacks through infected ads on legitimate websites, but it has also been known to infect via infected downloaded apps.
Cryptowall infection can be limited and sometimes prevented with:
Aside from these general recommendations, you should also:
System administrators need to enforce group policy objects into the registry to block execution from specific locations. This can only be achieved if you’re running a Windows Professional or Windows Server edition. The Software Restriction Policies option can be found in the Local Security Policy editor.
After clicking the New Software Restriction Policies button under Additional Rules, the following Path Rules should be used with “Dissallowed” Security Level:
o “%username%\\Appdata\\Roaming\\*.exe”
o “%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\\.*exe”
o C:\\<random>\\<random>*.exe
o “%temp%\\*.exe”
o “%userprofile%\\Start Menu\\Programs\\Startup\\*.exe”
o “%userprofile%\\*.exe”
o “%username%\\Appdata\\*.exe”
o “%username%\\Appdata\\Local\\*.exe”
o “%username%\\Application Data\\*.exe”
o “%username%\\Application Data\\Microsoft\\*.exe”
o “%username%\\Local Settings\\Application Data\\*.exe”
Setting these mechanisms in place could limit or block Cryptowall.
tags
Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. Recruited by Bitdefender in 2004 to add zest to the company's online presence.
View all postsJune 08, 2023
May 02, 2023
January 11, 2023
January 05, 2023