The Nightmare Called CryptoWall

Imagine a day like any other day, you wake up and check your email.  You are going down your list of new emails to see what spam emails you can immediately delete but wait! You see an email from PayPal telling you that someone has sent you a payment. Awesome, right? You open the email and click on the link for details. BLAMMO!  You are smacked with the latest type of virus – ransomware. You suddenly see a message displayed that tells you your files have been encrypted and the only way to get them back is to pay up using bitcoin. And, time is ticking… if you wait too long, the price will double. 

It sounds like a nightmare, and for many, it is. Ransomware is a huge disruption, negatively impacts productivity and unfortunately our clients are facing it more and more. It not only encrypts local files, but also shared network files and even removable data like a flash drive or external hard drive that is plugged in… which means even your backup could be infected. Previous versions of ransomware were called CrytpoLocker, newer versions are being called CryptoWall or CryptoDefense. The newest version is CryptoWall 2.0 and it makes it even more difficult to recover your data because it encrypts your files and then deletes the originals. 

The best way to recover your files is not by paying the ransom, but by turning to the offsite backup that you’ve been faithfully keeping… you have been faithfully keeping offsite backups, right? If not… cross your fingers and hope that you enabled System Protection on your Windows 7 device without realizing it. You may be able to restore a Previous Version, from before CryptoWall took over. If that isn’t an option… then you’re in a tough spot. There are reports of people who have paid the ransom and still not been able to recover their files. 

If you haven’t experienced an attack yet, thank your lucky stars!

We'd like to offer some tips to help prevent you from becoming the next victim:

  1. Always be cautious before opening emails. Note we said “before”, not “when”! You need to be on alert with every email: not only from unknown addresses, but even from addresses you recognize. If anything seems out of the ordinary, contact the sender by phone to ensure its authenticity. For example, I would never expect to receive a Valentine’s email from my brother-in-law, so that email “from him” went straight to the trash. 
  2. Be even more cautious before opening email attachments. Now that you’re paying attention to the email sender before opening the email, you want to be doubly cautious before opening attachments – some viruses hide executable files there.
  3. Watch out for links too. Cyber criminals use links to launch viruses too! 
  4. Clear your cache regularly. Viruses like to store information in cache files, making you susceptible even after you think you've cleared things up. Clearing your cache also has the added benefits of improved speed and performance of the computer and the most current version of websites are displayed. 
  5. Install a firewall for your network. Fortinet’s firewall technologies are designed to avoid bottlenecks from slowing down your network and work well with VPN, anti-spam and many other security features.  Speaking of that…
  6. Install an antivirus program. Then install an antispyware program. 
  7. Patch your computer. Microsoft regularly issues patches to address known vulnerabilities. Ensuring that your devices have the latest version of Windows can help reduce your exposure.  
  8. Back up your data. This goes without saying! Viruses aside, backing up your data offsite is critical for business continuity and disaster recovery. You want to have the peace of mind knowing that even if your server or storage device fails, you have a backup plan in place.
  9. Educate your employees.  They are good people; they don’t mean to do harm.  Education is power – the more they know, the more they can do to help to prevent future issues.


If you want to learn more about how to prevent issues from occurring, or what your options are if you have been infected, give us a call!  We are here to help.