Ransomware – stay protected against Cryptowall

Ransomware – stay protected against Cryptowall

You may have read our post a while back about how to stay protected against a “ransomware” virus called Cryptolocker.  A new variant has been spreading called Cryptowall.  Since the release of Cryptolocker and it’s “cousins”, there have been successes with removing the virus and restoring infected files  But unlike it’s predecessors, Cryptowall has not been “cracked” yet.  If you get infected there are only 3 things you can do:

  • Restore from Backup:  You do have backups of all your critical business files, right?
  • Pay the Ransom: They want payment with an anonymous currency called BitCoin.  But it’s not an easy process to obtain the amount they demand in a timely manner, if at all.
  • Take the Loss: Wipe the infected computers and start from scratch.  Not an ideal option, that’s for sure!

What does Cryptowall do?   How do I stay protected?

  • Cryptowall modifies your files, rendering them unusable through encryption.  The files can’t be un-encrypted without paying the ransom.  The virus writers demand $500 in Bitcoin within 1 week, and it doubles after the 1 week mark to $1000.
  • The virus attacks office documents and images.  It also has the ability to infect database files, such as those used in some dental software.
  • It will spread over the network.  Meaning it can spread from a workstation to a server, or into your online storage services (such as Dropbox , Google Drive or Amazon Cloud Storage).

Many anti-virus programs cannot stop the virus before it begins the encryption process.   Here are some tips to make sure it doesn’t attack your systems:

  • Be very careful with email attachments.  Check out our tips on how to handle email attachments. Here are some examples of recent emails that have been used to spread this virus.  (Click to view):


cw5     cw4

cw1        cw3

cw2      cw6



What do I do if I’m infected?

Please, let us know as soon as possible.  The sooner it’s addressed the better the chances are for recovery.

  • Turn off the infected computer immediately!  The virus will continue to encrypt all possible files as long as it’s connected to the network.  Any removable or network drive that was connected to the PC may also be infected.  Place items like USB sticks or camera memory cards aside if they were inserted into the PC when it was infected.
  • Be prepared to start over on the infected PC(s).  Any infected computers will need to be restored to factory settings, and all applications reinstalled.
  • Restore from backup: Healthy IT can restore files from an earlier date with Healthy IT backup, as long as we are notified in a timely manner.
  • The last resort is to pay the ransom.  This has been reported to work and restore files to an unencrypted state.  But buying BitCoin is difficult in the time frame offered, and you can never really trust those files again.

We can help!

Contact us if you’d like us to perform updates or health checks on your systems.  We can perform malware/virus removals if you think you are already infected.  But the best option is the power of prevention, so it’s best to stay out of harms way!

Posted in: Tech Tips

Leave a Comment (0) ↓