Updated ‘Cryptowall 2.0’ Targets Windows Using the TOR Network

CiscoThe latest ransomware attack comes from an updated Cryptowall 2.0 targeting Microsoft Windows 32 and 64 bit operating systems. This ransomware is the latest in the hackers arsenal in which it takes user’s data hostage for ransom. Cryptowall 2.0 uses the TOR network to mask and obfuscate its command and control channels. The TOR network is a collection of community networks that are used together in order to conceal network traffic. Cisco Talos Security and Intelligence Research Group released their research findings earlier today stating that the ransomware uses several layers of encryption making it nearly impossible to trace.

Cryptowall 2.0 has various attack vectors such as phishing through email from unsuspecting users, and executes when a user opens a malicious attachment in the email such as a .PDF file. Cryptowall uses an ‘Asymmetrical’ encryption method that encyrpts the users data. The malware will then ask for  a ransom. If paid, the hackers will unencrypt the user’s data with their private key and give the useful data back to the user. Based off of the Talos Security Group analysis, Cryptowall 2.0 uses the RSA-2048 bit key which is nearly impossible to crack.

Protect your data – stay vigilant against email phishing attacks!

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Be sure to have Emsisoft Internet Security running to stop malware cold in its tracks. However, the first and best line of defense is user awareness – do not follow any links or download any attachments that are you not familiar with. By doing so you are reducing the methods that the hackers use to launch ransomware attacks.

Arief Prabowo

What to read next