CryptoWall 4.0 users have discovered that Russian users are spared any encryption after the malware is deployed onto their system. This is because the ransomware checks to determine which keyboard is being used, and when Russian is detected as the language, the ransomware kills itself before encryption.
This news comes as no big surprise to anyone, as it has always been known that the attackers were Russian, at least the spam servers, targeting mainly the US and Europe. However, everyone is equally susceptible to encrypting ransomware.
The encrypting ransomware may appear slightly different, but in reality, it is the same as the rest. It encrypts your files from a phishing email, holding them ransom for bitcoin payment. The encryption is done using a GPG Tool, which is an open source encryption tool that appends the file extension to “.vault”
This variant is based off of the “freebie” structure, allowing 4 free file decrypts. This is intended to let the user know what the decryption routine is like, and to verify that files will be returned upon the ransom being paid.
Once the ransom has been paid, the user will have access to download the decryption tool from the portal.
Analyzing MD5
The specific variant will be caught by Webroot, in real time, before any encryption is able to take place. Measures are always being taken to find more, but in the case of new zero day variants, it is important to understand that with encryption ransomware, the most dependable protection is a good backup solution, using either the cloud or external storage.
It is also critical to keep this backup solution up to date so productivity is not lost. Webroot has built in backup features in the consumer product, allowing directories to be constantly synced to the cloud. Should a zero-day variant infection occur, the user can simply restore any files using a snapshot history.
Find out more about the latest variants of malware. Call Alary Clinitech at (416) 291-7377 or email us at info@clinitech.ca to learn about our managed IT services. We keep you safe from all types of threats for a flat-rate monthly fee.
