CryptoWall .aaa Files Ransomware Description, Protection and Removal - How to, Technology and PC Security Forum |

CryptoWall .aaa Files Ransomware Description, Protection and Removal

Short DescriptionAfter infection encrypts files important for the user, demanding ransom in bitcoin currency or any other currency paid online. May not restore files after.
Symptoms The .txt and .html files on the user Desktop with ransom instructions. Redirect to ransom payment page.
Distribution MethodVia opening spam mail, By opening a malicious file, MiTM attack, From suspicious sites.
Detection toolDownload SpyHunter, to See If Your System Has Been Affected By CryptoWall

p10_0000CryptoWall– the master of all ransomware trojans has a new variant of its 3.0 version that begun to infect users. Security researchers report that the new variant features modified files that it may drop on the user PC (.txt and .html files). They feature a message from the attackers to contact them for a key to decrypt their files. This variant proves that the danger from CryptoWall 3.0 has not passed, demonstrating that it finds yet another method of getting into the user systems.

What Is CryptoWall?

CryptoWall is the one ransomware virus that has infected more machines globally than any other of its rivals – Cryptolocker, CryptPKO, Rector Ransomware , Troldesh Ransomware and several others. This particular variant is believed to use RSA 2048 bit encryption that is very strong. Files encoded by an RSA encryption algorithm which means that you are pretty hosed no matter what you try. The specifics of RSA is that the unlock keys it uses are private and only they can uniquely correspond to the encrypted file itself. This is very similar to a digital signature – they are unique for every file. So yeah, you can attempt to encrypt the data, using a public key and software, but the chances are hilariously small. Of course, there is special software that decrypts data, but there is no guarantee that it will do the job for you.

You may have been infected by opening an infected document from a spam or a spoof email. Spoof mailing is a method where the attacker conceals the sender address, changing it to one that is familiar to the user with special software. Another way you may have been infected by this devastating ransomware is by a dangerous redirect to a malvertising website. One more less likely way is if someone deliberatly inserts a USB stick or sends infected files with this very purpose. This may happen when a targeted attack is commenced.

The methods cyber criminals use haven’t changed, regarding ransomware. They still use emails and still demand to contact them via the private browser Tor. Sometimes they use direct redirects to the payment page that is usually PayPal, a debit card supported or in bitcoin.

CryptoWall 3.0 Protection

If you are seeking to defend yourself because you have seen the horrors of this vile threat, be sure to follow the instructions below to backup and protect your data. They also include a method on how to restore your files, once you protected them. But bear in mind that because CryptoWall 3.0 is believed also to delete backups, make sure you choose to backup your files on an external flash drive or any other external memory carrier.

Security engineers recommend that you back up your files immediately in order to be able to restore them. In order to protect yourself from CryptoWall (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
2-Type Backup And Restore
3-Open it and click on Set Up Backup
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by CryptoWall.
For Windows 8, 8.1 and 10:
1-Press Windows button + R
2-In the window type ‘filehistory’ and press Enter
3-A File History window will appear. Click on ‘Configure file history settings’
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from CryptoWall.
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
3- A System Properties windows should appear. In it choose System Protection.
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from CryptoWall is on.
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
2-Click on the Previous Versions tab and then mark the last version of the file.
3-Click on Apply and Ok and the file encrypted by CryptoWall should be restored.

CryptoWall3.0 Removal

To remove CryptoWall 3.0, it is highly recommended to follow the instructions below and boot your PC in Safe Mode. Then, due to the sophistication of this attack and the fact that it uses essential processes, like svchost.exe to inject malicious code. It also manipulates registry entries to modify settings and save encrypted files. And the directories it uses may vary since the attackers can modify the ransomware variants. This is the best situation to download an advanced anti-malware program that will scan your computer and remove CryptoWall 3.0 associated files from your computer.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Also, you should read these instructions on how to boot and scan your PC in safe mode:

For Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

For Windows 8, 8.1 and 10 systems:
Step 1: Open the Start Menu
Windows-10-0 (1)
Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Windows-10-2 (1)
Step 5: After the Advanced Options menu appears, click on Startup Settings.
Windows-10-3 (1)
Step 6: Click on Restart.
Windows-10-5 (1)
Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share