Over 625,000 Computer Systems Infected by CryptoWall Ransomware

Over 625,000 Computer Systems Infected by CryptoWall Ransomware

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Over 625 000 Computer Systems & 5.25 Billion Files Hostages Thanks to CryptoWall

In the past six months, the users of more than 625 000 computers were attacked by the biggest and most destructive ransomware threat on Internet – CryptoWall. Spreading since November 2013, the threat remained in the shadow of another ransomware program – CryptoLocker. According to the estimations made by the malware researchers, the creators of this file-encrypting ransomware program have already earned more than US$1 million.

The Nature of CryptoWall Ransomware

CryptoWall is a trojan horse ransomware with aggressive distribution through spam emails with malicious attachments or links, download from infected sites and installations by other malware programs already running on the user’s PC. The command and control servers of CryptoWall give an identity number to every infection and generate RSA public and private key for each one. The public key is sent to the infected computers and is used by CryptoWall to encrypt files with popular extensions. These might be documents, movies, images, etc. usually stored on local hard drives, mapped network shares and cloud storage services.
The researches confirm that the files encrypted with an RSA public key can be decrypted only with the corresponding private key, which is kept by the cyber criminals and is provided only after the ransom has been paid.
The encryption of Cryptowall cannot be reversed without the key. So if the files get locked, the user has to pay up, or will lose the files.

The Ransom


According to the malware researchers, CryptoWall infected numerous computers in the United States, followed by computers in Vietnam, UK, Canada and India, Australia, France, Germany and Turkey. The ransom asked for is in Bitcoin crypto currency, however the earlier options included pre-paid cards like Paysafecard, MoneyPak, cashU, and Ukash.
In case the victim does not pay the ransom, the sum increases with the time. The payments range between 200 USD to 10 000 USD.
The malware specialists have found similarities between the CryptoWall samples and those of Tobfy – an older ransomware family. If the malware is from the same cyber criminals, this means that they have long experience in ransomware operations.

CryptoWall: How to Reduce the Risk of Infection

The users should follow these steps to in order to reduce the risk of infection from CryptoWall.

  • Performing system updates to fix vulnerabilities
  • Protect the file sharing
  • Disable the autorun
  • Follow best practices for instant messaging, browsing and email

How to Remove CryptoWall Safely?


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share