Skip to main content

Inside CryptoWall 2.0: Ransomware, professional edition



It’s been over a year since the first wave of cryptographic extortion malware hit computers. Since then, an untold number of individuals, small businesses and even local governments have been hit by various versions of malware that holds victims’ files hostage with encryption, demanding payment by Bitcoin or other e-currency in exchange for a key to reverse the damage. And while the early leader, CryptoLocker, was taken down (along with the “Gameover ZeuS” botnet) last June, other improved “ransomware” packages have sprung up to fill its niche—including the sound-alike CryptoWall.

Ransomware is a strange hybrid of digital mugging and commercial-grade coding and “customer service”—in order to continue to be able to generate cash from their malware, the criminal organizations behind them need to be able to process payments and provide victims with a way to get their files back, lest people refuse to pay because of bad word-of-mouth. And to grow their potential market, the extortionists need to find ways to make their “product” work on a wide range of potential target systems. The apex of this combination of crime and commerce is (at least so far) the latest version of CryptoWall—CryptoWall 2.0.

In a blog post this week, researchers Andrea Allievi and Earl Carter of Cisco‘s Talos Group presented a full code dissection of CryptoWall 2.0 and found a few surprises, aside from using a number of different, sophisticated features to attack systems and evade detection before it can strike. And while the malware is 32-bit Windows code to ensure the widest reach possible, it can detect when a 64-bit Windows environment is available and switch some of its functionality to run in full 64-bit native mode—ensuring it can do maximum damage on the most recent Windows client and server platforms.

Aside from the professionally written code, CryptoWall 2.0 also apparently comes backed by a professional “support” team. As essayist Alina Simone reported in a recent story for the New York Times (“How My Mom Got Hacked”), when her mother missed a deadline for making a Bitcoin payment to the CryptoWall crew because of trouble obtaining Bitcoins and fluctuations in their value—and was slammed with a doubling of the ransom for her files— she was able to talk to the ring through the malware’s messaging interface and explain her situation. The CryptoWallers responded by providing her with the decryption key. Hooray for honor among thieves.

CryptoWall 2.0, like most of the other ransomware variants, is a Windows-specific malware package—though it can run on nearly any version of Windows currently deployed. On the version tested by Talos, it exploited a known 32-bit Windows privilege elevation vulnerability (which executes in “Windows on Windows” mode in 64-bit versions of the Windows OS) to install itself. While that exploit was patched by a Microsoft security update for nearly every Windows operating system up to Windows 8 and Server 2012, other exploits can be used by other versions of the dropper. Typically, the dropper is delivered as part of an e-mail “phishing” attack, but it could also be delivered through a malicious website using an exploit kit. Some samples of CryptoWall have come in on malicious PDF files; Palo Alto Networks discovered one in a spam e-mail disguised as an "Incoming Fax Report."

Read More

Comments

Popular posts from this blog

ASUS VivoBook X202E Windows 8 Touchscreen Laptop Review And Giveaway

It wasn’t very long ago when prices of touchscreen Windows 8 laptops soared beyond $1000. Thankfully, those days are behind us, and portable computers can easily be purchased – touchscreen and all – for under $500. That’s precisely the demographic in which the ASUS VivoBook X202E falls. When compared to a high-end laptop, its specifications might seem modest, but for laptop buyers just looking for a way to browse the web, watch videos, use basic apps, and not spend too much money, something in this budget is perfectly suitable. The question is, of course, how does the ASUS VivoBook X202E compare to others on the market, and is it the one which you should be spending your hard-earned money on? Well, you’re just going to have to keep reading to find out. Best of all, we are giving away an ASUS VivoBook X202E to one lucky winner. Keep reading for your chance to take home this Windows 8 touchscreen laptop! Introducing the ASUS VivoBook X202E Laptop The ASUS VivoBook X202...

Samsung Galaxy Note 3 N9000 Review and Giveaway

When it comes to massive phones, nothing is more iconic than the Samsung Galaxy Note. It has gained popularity not only due to its size, but its additional features such as a stylus and a larger battery make it a more useful phone. Samsung released the third generation of the Galaxy Note in October, updating the phablet with a larger screen and improved hardware. Read through our review, then join the giveaway to win the  Samsung Galaxy Note 3 ! Competitors Of course, other Android competitors haven’t let the $640  Galaxy Note 3  be the only player in the phablet market. There are others such as the  Sony Xperia Z Ultra , the Samsung Galaxy Mega , and the other more common phones that are reaching 5″ screens such as the  Samsung Galaxy S4 , the  HTC One , and the  Nexus 5 . Unlike the normal-sized top contenders, the Galaxy Note 3 has a bigger screen and larger battery. It also offers specific features (surrounding the S Pen stylus) th...

Samsung Galaxy S5 Review and Giveaway

Few smartphones are as aggressively marketed as Samsung’s Galaxy S5. The S5 can no longer be considered brand-new — but it  is  Samsung’s flagship, at least for the next few months. With a gorgeous screen, a capable camera, a waterproof build, and a user-replaceable battery, the Galaxy S5 has a lot to offer… at least on paper. Let’s find out how good it really is. What Makes This Review Different There are about a million Galaxy S5 reviews out there. Why should you read this one? Two keys points make our review different: We bought our own device . Unlike many tech blogs, we don’t use a review unit Samsung gave us. We went out to the store and bought one, just like you would. This means everything you read here is truly impartial – we owe Samsung nothing. We used it for more than a month . Some sites rush to be the first to publish a review on a new device. That’s not how we do things. I used the Galaxy S5 as my main (and only) Android phone for nearly two months,...