- Apr 25, 2013
- 5,354
After almost two months of hiatus over the holidays, a new campaign of Crowti tagged as 'CryptoWall 3.0' has been observed. It uses a similar distribution channel as before, having been downloaded by other malware and serving as a payload through exploits.
The graph below shows the spike after two days of no activity from 288 unique machines affected by this malware:
Figure 1. Sudden spike from CryptoWall 3.0 activity this month.
It still follows the same behavior as previous variants, with minimal modifications such as changes in ransom notification file names:
Figure 2. HELP_DECRYPT.PNG displays after the files have been encrypted in the system indication information about the malware attack.
Figure 3. HELP_DECRYPT.TXT details the instructions to go to the decryption page that is customized for each infected user.
Figure 4. HELP_DECRYPT.HTML details the instructions to go to the decryption page that is customized for each infected user.
Figure 5. Decryption service or payment page that requests 500 USD/EURO for the first 167 hours or the ransom demand, which increases over time.
Full Article - blogs.technet.com
The graph below shows the spike after two days of no activity from 288 unique machines affected by this malware:
Figure 1. Sudden spike from CryptoWall 3.0 activity this month.
It still follows the same behavior as previous variants, with minimal modifications such as changes in ransom notification file names:
- HELP_DECRYPT.HTML
- HELP_DECRYPT.PNG
- HELP_DECRYPT.TXT
- HELP_DECRYPT.URL
Figure 2. HELP_DECRYPT.PNG displays after the files have been encrypted in the system indication information about the malware attack.
Figure 3. HELP_DECRYPT.TXT details the instructions to go to the decryption page that is customized for each infected user.
Figure 4. HELP_DECRYPT.HTML details the instructions to go to the decryption page that is customized for each infected user.
Figure 5. Decryption service or payment page that requests 500 USD/EURO for the first 167 hours or the ransom demand, which increases over time.
Full Article - blogs.technet.com