|Encryption Type||AES, RSA|
|Short Description||The ransomware, encrypts the files and makes it inaccessible and also encrypts the file names. Restoring and return to previous mode is also removed from the victim’s system. The decryption key payment uses two anonymity networks – Tor and 12P|
Spam campaigns are generated and spread through the internet with those regional brands that users use in their day to day life. In such a way the User gets tricked by making the user open the mail and download the attachment which contains the malicious file that executes the ransomware into the victim’s system.
Location based ransom notice in different languages are received.
|Distribution Method||This ransomware uses various techniques for its distribution such as drive-by download attacks that exploit the vulnerability in outdated browser plugins or through other malwares that are already present in the system.|
CryptoWall usually encrypts most of the extensions, the following are few of the extensions widely known,
xls, wpd, wb2, txt, tex, swf, sql, rtf, RAW, ppt, png, pem, pdf, pdb, PAS, odt, obj, msg, mpg, mp3, lua, key, jpg, hpp, gif, eps, DTD, doc, der, crt, cpp, cer, bmp, bay, avi, ava, ass, asp, js, py, pl, db, c, h, ps, cs, m, rm
Users are prompted to pay bitcoins equivalent to $500 to receive the decryption key and given a deadline of 7 days, where the ransom value increases.
Here the decryption key ransom site is no longer hosted on Tor as in Cryptowall 2.0 but in I2P where the taraffic is passed from one anonymity network Tor to I2P as in 3.0
Compared to the previous version crypto wall 4.0 encrypts the file names – where each file name is unique, has more fast shadow volume copy details, new rasom notes, new Tor payment gateways, redesign of HTML ransom note with arrogant words.