Microsoft warns of new version of CryptoWall ransomware
Microsoft warns that a new version of CryptoWall has come into circulation. The malware “hostages” files by encrypting them. The criminals behind CryptoWall 3.0 demand a payment of approximately 500 euros in bitcoin for the key.
Microsoft’s security researchers report that the company has detected 288 compromised machines with CryptoWall 3.0 so far. Like previous versions of CryptoWall, all data on an affected computer is encrypted. For a fee, the victim can ‘buy’ the key required for decryption. An amount of approximately 500 euros has to be paid in bitcoin for this; with previous versions it was still about 1000 euros. If the user does not pay in time, the ransomware doubles the ‘ransom’.
The new version of CryptoWall communicates partly via the I2P protocol, an anonymization protocol, reports the blog Malware Don’t Need Coffee. Previous versions of CryptoWall still used the Tor network. The malware makers may have switched to I2P in an attempt to better hide their identities.
The return of CryptoWall is not unexpected, although no new versions were released for several months. Previous versions are estimated to have infected over 830,000 systems. In May, organizations worldwide took a joint action that disrupted the Gameover Zeus botnet. This botnet was used for the distribution of CryptoWall.