|Encryption Type||AES , RSA|
|Short Description||The ransomware, encrypts the files and makes it inaccessible and also scrambles the file names. Restoring and return to previous mode is also removed from the victim’s system. Opens a ransom note as shown below in a notepad window.|
|Symptoms||Spam campaigns are generated and spread through the internet with those regional brands that users use in their day to day life. In such a way the User gets tricked by making the user open the mail and download the attachment which contains the malicious file that executes the ransomware into the victim’s system.|
|Distribution Method||This ransomware uses various techniques for its distribution such as spam campaigns – zip attachments, malvertising, exploit Kits|
The users are prompted to pay ransom in bitcoins which starts at bitcoins equivalent to $500 and after 7days to $1000, if not paid the data are encrypted and the original data is deleted and lost for ever.
The bitcoin payment address is same for many victims which made people to steal other payments to pay their own ransom payments.
However, the data can be possibly recovered using data recovery tools.
CryptoWall usually encrypts most of the extensions, the following are few of the extensions widely known,
xls, wpd, wb2, txt, tex, swf, sql, rtf, RAW, ppt, png, pem, pdf, pdb, PAS, odt, obj, msg, mpg, mp3, lua, key, jpg, hpp, gif, eps, DTD, doc, der, crt, cpp, cer, bmp, bay, avi, ava, ass, asp, js, py, pl, db, c, h, ps, cs, m, rm
It encrypts the files and demands a ransom in bitcoin $500