Bitcoin Ransomware Education – CryptoWall

One of the more recent forms of Bitcoin ransomware will still linger in the minds of many computer users all over the world. CryptoWall was one of the latest types of malware to target Windows users, as this type of software is always designed to go after the most commonly used operating system. It all begin in 2014, which was quite a popular year for Bitcoin ransomware, all things considered.

Also read: New York Bitcoin Exchange Gemini Unveils New Fee and Rebate Schedule

CryptoWall Claimed Many Victims

There were various strains of CryptoWall over the course of the year and a half, although most of them are no longer a threat to computer users these days. When CryptoWall was first discovered, however, it had security researchers from all over the world quite concerned.

This particular type of Bitcoin ransomware spread through malicious website advertisements, spread by the Zedo ad network. As one would come to expect from these evil intentions, some of the world’s biggest websites were targeted by the Zedo ad network in an attempt to spread CryptoWall to as many computers as possible.

Advertisements with the CryptoWall payload were designed to redirect visitors to rogue websites, which would then execute code to exploit vulnerabilities found in various browser plugins. Keeping in mind how most people use plugins these days, a perfect scenario was created to make CryptoWall a storm waiting to wreak havoc on the world.

What made matters even worse is how the Cryptowall payload remained undetected by antivirus and other security software tools. Thanks to a digital signature attached to the Bitcoin ransomware, the software appeared to be “clean”, bypassing any security measures the end user or company had put in place.

Other strains of CryptoWall disguised themselves as email attachments written in JavaScript, which would then download executable files disguised as images in JPEG format. If there is one type of email attachment that gets downloaded more often than not, it has to be image files of any extension.

If you thought that was the peak of CryptoWall’s worrisome aspect, you are sadly mistaken. CryptoWall 3.0 created new process instances on the computer resembling explorer.exe and svchost.exe, both of which are critical Windows operating system processes. This allowed the Bitcoin ransomware to evade further detection by security tools, as it appeared to be a regular Windows process.

But there was an even bigger threat to Cryptowall than just encrypting computer files and forcing infected users to pay a fee. Spyware was installed as well, which would hunt down any username and password combination used. Additionally, this spyware was capable of stealing Bitcoin wallets and its private keys. Needless to say, CryptoWall once was the biggest threat to Bitcoin users themselves, both on the infection and wallet-stealing front.

The fourth iteration of CryptoWall is still making the rounds to this very day and is not always detected by antivirus programs. Rather than just encrypting the files itself, this Bitcoin ransomware strain will also encrypt file names, making it all but impossible to restore file access without paying the fee.

Source: Wikipedia

Images credit 1.2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.