CryptoWall 3.0 is a ransomware virus (system blocker) that infiltrates the user’s operating system through an infected email message or a fraudulent download, for example, alleged video players or flash updates. After entering the system successfully, this malicious program encrypts the files stored on the user’s PC (* .doc, * .docx, * .xls, * .ppt, * .psd, * .pdf, * .eps, * .ai, * .cdr, * .jpg, etc.) and requires the payment of a ransom of 500 dollars (in Bitcoins) to decrypt the files. The cybercriminals responsible for launching this fraudulent program made sure that it runs on all versions of Windows (Windows XP, Windows Vista, Windows 7 and Windows 8). The ransomware virus creates the files: DECRYPT_INSTRUCTION.txt, DECRYPT_INSTRUCTION.html and DECRYPT_INSTRUCTION.url in all folders where there are encrypted files.
These files include instructions for users to decrypt files, including the use of the Tor browser (anonymous web browser). Cyber ​​criminals hide their identity behind the Tor browser. Users should be aware that, although it is not complicated to eliminate the infection, the decryption of the affected files (encrypted with the RSA 2048 cryptographic system) by this malicious program is not possible if the sum of the ransom is not paid. On the date of our analysis, no tools or solutions capable of decrypting the files encrypted by CryptoWall were found. Note that the private key that can be used to decrypt the files is found on the command and control servers of CryptoWall, managed by the cybercriminals. The ideal solution would be to remove this ransomware virus and then restore the files from a backup.

Share your thoughts