Thursday, October 23, 2014

How to Prevent Being Hit by CryptoWall 2.0

CryptoWall 2.0 is a trojan that encrypts data files found on infected computers, rendering the data useless. If the data can be found in a place that is given a drive letter, then it is at risk of being encrypted, whether it is on a network drive, connected external hard drive, USB thumb drive, or other removable media (CD-ROMs and DVDs are safe due to the read-only nature of these media). The trojan targets files in an array of file types, generally Excel files, Word documents, pictures, and audio files (when I was hit by it, the .PNGs in my encrypted folders were spared, but the .JPGs and .GIFs were lost), and when it is finished encrypting, three files with instructions on how to get your data back are left in effected folders. To make matters worse, it deletes shadow volume copies so a system restore will not work to recover your data.


Since the only sure way to get your files back (at the time of this writing) is to pay a fee to the bad guys to decrypt your data, CryptoWall 2.0 falls under the category of ransomware. It is scary to know that our important information, precious memories, and even livelihoods can be held hostage and lost forever if we refuse to pay up. I was hit by this devastating trojan, but I refuse to pay them a penny. Luckily for me, I followed my own advice and have backups of my most important data, so I only lost a few files of any circumstance. However, I would like to do my best to prevent this from happening again since restoring files is time-consuming. After doing some research, I've come up with a few ways to stop CryptoWall before your computer is infected by it. Some of this is common sense, and there are no guarantees of safety, but these methods can offer a bit of security.

Do Not Open Strange E-Mail Attachments

One of the most common ways that CryptoWall spreads is through e-mail attachments. These attachments may appear to have file extensions like .PDF or .DOC, but in reality they are executable files that will install the trojan on your computer. Only open attachments from people that you trust, and even then, scan them for viruses.

Use AdBlocker

It is unfortunate to have to say this since some people make their livings off of advertisements, but blocking ads may be essential for the time being in order to prevent CryptoWall infestation. I never open strange e-mail attachments, and I always scan attachments with my anti-virus program (which I make sure to keep updated), but CryptoWall still got through. It has been reported that this trojan can tacitly install itself using exploits in Adobe Flash Player, and it has been transmitted through advertising networks.

Install CryptoPrevent

CryptoPrevent by FoolishIT adds a layer of protection to your computer by disallowing the installation of CryptoPrevent, as well as preventing programs from running from the folders where the trojan is typically installed. I would advise you to download and install this utility, especially if you do not elect to block ads (those of us that make our livings, or at least a bit of extra spending cash from ads thank you).

Do Not Leave Physical Backup Devices Connected

If you keep physical backups of your data on external hard drives or other storage media, then you should not leave them attached to your computer after you are finished saving your files to them. Should you choose to do otherwise, CryptoWall might encrypt your backup copies, and if that happens, you're screwed. The same applies to online storage such as DropBox if you have your folders synced. Luckily, most online storage services allow users to rollback to previous versions, so you would be able to go back to the non-encrypted versions of your files.

Hopefully these tips can help you to prevent being infected by CryptoWall. Protect yourself at all times and keep your data safe!

No comments:

Post a Comment