The FBI's Internet Crime Complaint Center (IC3) issued an alert yesterday identifying a virulent form of ransomware known as CryptoWall as “the most current and significant ransomware threat targeting U.S. individuals and businesses.” Since April 2014, IC3 said it received 992 CryptoWall-related complaints, with victims' collective losses totaling over $18 million.
CryptoWall and its variants have been attacking targets in the U.S. since at least April 2014. The IC3 said that:
The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.
Demanding a ransom payout
As with most ransomware infections, CryptoWall is usually spread after the victim clicks on an infected link, opens an infected email, downloads an infected file or visits an infected website. Once it gets on your device, it encrypts your files so that you can't read them, and demands a ransom payout (usually via Bitcoin, because it's untraceable) to decrypt your data again.
In April, Karen from Raleigh, North Carolina fell victim to CryptoWall, which she suspects came from a Trojan virus infection on the TaxACT website. She wrote ConsumerAffairs in April to report:
When I downloaded the tax program, a notice popped up along with it that said all of our files were now encrypted and will not open. I closed the message and ran my virus scan. … This virus gets around your virus scan. I had to run the scan in Safe Mode in order to find it and delete it. But all our files, photos, etc. are corrupted and will not open. This type of virus demands you pay a "ransom" to get encryption code. We will have to bring our computer to someone to take it back to factory settings, but we lost all documents and photos.
Bad as Karen's experience was, Christine from Washington State, who wrote us in February, suffered even worse losses. Like Karen, she learned that virus scans won't necessarily detect CryptoWall; she didn't mention (or doesn't know) where she caught the virus, but:
[The virus scan] failed to stop the Cryptowall virus from infecting our computers. This resulted in over 20+ years of client data to be destroyed, a significant loss of income, additional financial expense in having to replace the computers, and on-going problems in attempting to rebuild lost data. Our e-mail program was destroyed as well.
Protecting yourself from malware
How can you protect yourself from CryptoWall and other forms of ransomware? By following the same protection rules for all malware, including:
Make sure your operating system, anti-virus, firewall, and other security software are all up-to-date.
Install and enable pop-up blockers. Criminals often use pop-up ads to spread malware, and the easiest way to avoid accidentally clicking a malicious pop-up is if it never pops up in the first place.
Never click on a link in an unsolicited email, text, or other messages.
Never download a zip file or any other attachments in emails from senders you don't know and trust.
Make sure the settings on your phone, tablet, computer or any other Internet-connected device are set so that nothing can be downloaded without your permission.
When getting messages allegedly from some company or service provider, remember the anti-scam rule “Don't call me; I'll call you” – and don't interact with anyone who breaks it.
In addition to these anti-malware rules, you should also remember to always make regular backup copies of your data and files, just in case some nasty malware (or an ordinary bad-luck hard-drive crash) damages or destroys your files.
The FBI's Internet Crime Complaint Center also recommends:
If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the Internet to avoid any additional infections or data losses. Alert your local law enforcement personnel and file a complaint at www.IC3.gov.