Cryptolocker Virus Alert

CryptoLocker2

Cryptowall 2.0

In the wild this month is a new version of the ongoing cryptography based viruses.  This new version calls itself Cryptowall 2.0.  From research there are a few key differences in this new version.  In the original Cryptolocker viruses the payments were to be made by using Bitcoins.  In the way the virus author crafted the payment gateway, people if they knew enough, could “steal” or fake the payments made by others and use these stolen payments as their own.  In this new version this is “fixed.”  Each infected computer is tied to a unique bitcoin wallet id that the virus generates.  You can’t steal someone else’s payment or send a fake payment anymore.  The original cryptolocker code upon encrypting files would delete the originals.  The deletion process was similar to a user putting a file into the recycle bin and hitting empty recycle bin.  In this way, most files are easily recovered as long as not a lot of data has been changed or written to the hard drive in question.  With Cryptowall 2.0, this bypass is no longer available.  This version issues a hard drive secure delete command to each and every file it encrypts.  This means recovery is impossible via this avenue.  The third change is with how the author is masking the activity back to him or her.  This is going to make it very tough for the authorities to make a break in this case where they were able to with the original cryptolocker virus.

If you are concerned that your system may be infected please submit a request at /support-request/ and we will be happy to help.

Stay Safe