Ransomware Alert: Digitally Signed CryptoWall through Malvertising
Earlier this week, independent researchers uncovered a malicious advertising, or “malvertising,” campaign serving a digitally signed variant of the CryptoWall ransomware through banner ads found on a number of Alexa top 15,000 websites. Affected sites included:
Users who visited affected sites who clicked on malicious ads would be redirected to a website serving an exploit kit designed to look for and take advantage of vulnerabilities in common browser plug-ins and applications. If and when vulnerabilities were found, CryptoWall would be installed and the currently un-decryptable ransomware would execute, encrypting computer files and demanding payment for recovery.
Are Emsisoft Users Protected from this Threat?
Yes. Emsisoft users are protected from malvertising attacks and CryptoWall in a number of ways.
Our 3-layered protection approach:
- Prevents users from visiting websites that serve malware, such as ones you could be redirected to by clicking on a malicious ad.
- Recognizes over 100 million malware signatures using a database that is updated 24 times per day.
- Utilizes Behavior Blocking technology to recognize derivative malware patterns, if 1) and 2) should ever fail.
Additionally, Emsisoft was one of the very first vendors to detect this new CryptoWall variant. PCWorld reports that initial vendor detection rates on VirusTotal.com were close to 0/55, but Emsisoft detection was actually registered in a mere matter of hours.
What Should I do if I have a CryptoWall infection?
CryptoWall is currently recognized as the most destructive ransomware threat on the Internet today. There is currently no known way to recover encrypted files without paying the ransom to cybercriminals – and even this method is not guaranteed. If your computer has become infected with CryptoWall, Emsisoft does not recommend paying the ransom unless you absolutely must recover the files.
Sometimes, partial recovery is possible. Instructions on how this works have been published by Bleeping Computer, and can be found here. Anyone who needs assistance walking through these instructions is encouraged to contact Emsisoft Support.
In addition to using an anti-malware that offers real-time protection, the risk of CryptoWall malvertising can be greatly minimized by regularly updating every application that you use, and keeping backups of your most important files on an external drive (since ransomware is meaningless if there’s nothing left to ransom).
Have a great (CryptoWall-free) day!A Statement from Emsisoft on WikiLeaks and the FinFisher malware