CryptoWall and bitcoin have been the two most annoying words I have become way too familiar with over the past few months. As a computer consultant I make a living advising clients how to setup and maintain their computer systems. I am sensitive to people losing data and have always been a proponent of redundant backup stratagies as hard drives will always fail as they age. But now the rules have changed regarding how data is lost.

Here are the fast facts you need to know:

Do not open emails that mention anything that you know is fake. For example – “you have an e-fax” “your adp payroll records” “your FedEx tracking number” are 3 examples of the kind of bait being offered to unsuspecting people.

Typical backup strategies that run an automated script overnight are now a problem and the software either needs a modified script or the actual backup drives must be swapped daily

Website links on reputable websites have been used to deploy computer viruses. Usually you can hover on a link and see where it is taking you. If the link looks wrong don’t click on it

It’s time to pay up and stop using free anti-virus software. Paid versions auto update.

Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).

Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.

Update your supported operating system with all service packs and only use a supported (non discontinued) operating system.

Here is a geek description of how this infection propagates itself:

As techworld explained in October 2014 CryptoWall ransom infections spike to 830,000 in matter of weeks

000 in matter of weeks. I can say with complete certainty that these numbers are massively underestimated as no public or private company is going to admit to this kind of data breach.

CryptoWall asks victims to pay the ransom in bitcoin cryptocurrency. The ransom amount grows if a victim doesn’t pay the ransom within the initial allotted time, which is usually seven days. The CTU [Counter Threat Unit at Dell SecureWorks] researchers observed payments that ranged between $200 and $10,000 in value, the majority of them (64 percent) being of $500.

A Microsoft TechNet blog gets geeky and details how the deployment looks A more potent form of CryptoWall, known as version 3.0, appeared in January of this year.

The culprit: an ancient file format known as Compiled HTML Help. CHM files were introduced in 1997 as a way to simplify navigation in — and construction of — Windows help files. CHM was a key feature of Internet Explorer 4, 5, and 6, and Windows 98, 2000, Me, and XP.
In 2004, Microsoft removed the most obvious security problem with CHM files in MS04-023/KB 840315. A year later, MS05-026/KB 896358 blocked access to CHM files on network shares, to thwart another class of malware.

CHM was so bad that Microsoft more or less officially abandoned it with the release of Windows Vista in 2007, but it persists. As recently as a year ago, Microsoft was still publishing official documentation in CHM format.

Double-clicking on the downloaded and unzipped CHM malware file brings up the ancient Help infrastructure. Once the content of the CHM archive is accessed, the malicious code downloads from this location http:// *********/putty.exe, saves itself as %temp%\natmasla2.exe and executes the malware. A command prompt window opens during the process… the spam servers appear to be in Vietnam, India, Australia, U.S., Romania, and Spain.

Articles also mentions fake incoming fax report emails, originating “from a machine in the user’s domain,” but it isn’t clear if all the infected pieces of spam were formulated that way.

Wow you read the entire post! If you have any questions please feel free to email me or call my office at (732) 679-7799