Quite a few of our clients have reported, and some have fallen prey to, a new virus floating around in email attachments. If activated by simply clicking on the infected emails’ attachment, it corrupts/encrypts all your files and basically holds it for ransom demanding exorbitant amount of money to decrypt them back again.
The only avenue you have is to restore your files from backup. This is a stark reminder of the importance backups. So please make sure your backups are working. If you are unsure, you can always call or email your friendly Prosnet support team.
What is CryptoWall?
CryptoWall is classified as a Trojan horse, which is known for masking its viral payload through the guise of a seemingly non-threatening application or file. Its payload involves encrypting the files of infected computers in an effort to extract money for the decryption key.
CryptoWall and viruses similar to it are also known as “ransomware” in that the infection offers the end user a means with which to remove the threat and recover all their files in exchange for paying a ransom. After they pay, the user is allowed to download and run a file and/or application to cleanup the infection or, in this case, decrypt the encrypted files to return them back to a working state.
Where does it come from?
Geographically speaking, that is unknown as of this writing. What is known regarding origins of infection is that CryptoWall is most typically spread through email as an attachment and from infected websites that pass on the virus — also known as a drive-by download.
Additionally, CryptoWall has been linked to some ad sites that serve up advertising for many common websites users visit on a daily basis, further spreading its distribution.
What if I get it?
Simple, contact Prosnet.