14 DAY TRIAL // Version 4.0 of the infamous CryptoWall ransomware has been detected in the wild for the first time, as the tech geeks from Bleeping Computer are reporting.
CryptoWall is a well-known ransomware family known for its extremely powerful and efficient file encryption system, which makes it nearly impossible to decrypt files without the original decryption key, that can be obtained only after having paid the ransom.
Very few things changed between CryptoWall 3.0 and 4.0
The latest version of CryptoWall was first spotted in real world attacks only a few days ago, and despite its version number that indicates a major branch, the ransomware changed very little when compared to previous versions.
The only things that are different are the new ransom page design, which at the moment sports a taunting text, and the fact that CryptoWall now also encrypts file names, making it impossible for victims to know which file was what before the CryptoWall infection took root.
Nathan Scott, the malware researcher that analyzed this new strain of CryptoWall, says the ransomware continues to use the same C&C server, the same ransom payment domains, the same RC4 encryption for C&C communications, and the same algorithm for generating unique MD5 hashes for identifying victims.
Version 4.0 of CryptoWall seems to have brought only a simple facelift, being in tune with the annoying "redesign" trend that's been currently plaguing the Web design and graphics community.
The new CryptoWall version has more annoying ransom messages
Here are two samples of the new text CryptoWall operators are showing to their victims:
"Congratulations!!! You have become a part of large community CryptoWall."
"Cannot you find the files you need? Is the content of the files that you have watched not readable? It is normal because the files' names, as well as the data in your files have been encrypted."
While some might call this humorous, it's not that funny when you're the one desperately crying for your files.
As for CryptoWall operators, they seem to be doing great about now, a recent report from the Cyber Threat Alliance estimating that the hackers behind this ransomware campaign made around $325 million only from version 3.0. Coincidentally or not, CryptoWall 4.0 appeared just a few days after the report was put out.
