CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware

Less gimme all your money, more please buy this software package.

A sweet-talking, stealthier, new version of the CryptoWall ransomware, CryptoWall 4.0, is in the wild, according to researchers at Heimdal Security and BitDefender.
The previous version, CryptoWall 3.0, just came out in January, and according to figures released last week by the Cyber Threat Alliance, it has already
extorted $325 million
from tens of thousands of victims worldwide. CryptoWall 4.0 aims to surpass that performance.
Ransomware is not exactly shy; it will always make itself known eventually. Yet security tools hope to catch it when it first creeps onto a machine, and stop it before it springs into action. Yet, CryptoWall 4.0 has made modifications to help it evade detection by security tools even by 2nd generation firewall solutions, according to Heimdal Security.
When the malware makes its move, the new CryptoWall not only encrypts files, as it always has done, it also encrypts filenames. Heimdal Security states this new technique increases victims confusion, and thereby increases the likelihood that theyll pay the ransom, and quickly.
4.0 also contains a strikingly different ransom message than earlier CryptoWalls. Previous versions have always aimed to frighten and harass victims, but as BitDefender explains, the new ransom message is longer, less alarming and with a hint of irony.
Instead of being an obvious threat from an attacker, the new message hides the threat inside a welcome wagon. Rather than simply demanding a ransom to decrypt the files, they recommend purchasing the software package for $700, payable in Bitcoin.
The ransom itself has the cuddly filename HELP_YOUR_FILES, comes in TXT, HTML, and PNG form, and includes the text Congratulations! You have become a part of large community CryptoWall! and the instructions that you find in folders with encrypted files are not viruses; they are your helpers.
The message urges victims to think logically and not get security products involved, because their attempts could prove fatal to their files.
It isnt all soft-sell, cajoling, and reason, though. The message has some bite, stating: In case if these simple rules are violated we will not be able to help you, and we will not try because you have been warned.
As Heimdal Security explains Cryptoware creators act like they run software companies, continuing to enhance their code, addressing advancements in security controls, and using all possible social engineering techniques at their disposal to trigger payment.

Black Hat Europe returns to the beautiful city of Amsterdam, Netherlands November 12 & 13, 2015.
Click here
for more information and to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware