Improved CryptoLocker Clone "Cryptowall" Has Locked Over Half A Million PCs, 5 Billion Files

A few months ago, the devastating CryptoLocker malware that has locked the files of half a million PC users across the world was finally neutralized. The US government managed to seize the computers that were spreading the CryptoLocker malware with support from some security experts. Later, a security firm made public a tool that people whose PCs were infected could use to decrypt and recover their files.

But Cryptolocker wasn't the only ransomware spreading on the Internet. Since Cryptolocker was taken down, Cryptowall, a similar piece of ransomware that has existed since November 2013, has taken Cryptolocker's place and has already infected 625,000 PCs and over 5.25 billion files.


Cryptowall has been using a variety of ways to infect so many PCs in so little time, including through spam mail with attachments; infecting websites that users visit and then downloading programs that are infected with CryptoWall; and through other malware that had already existed on people's PCs. The infection can affect not only local hard drives but also mapped cloud drives, such as Google Drive or Dropbox.

Cryptowall assigns a unique identifier for each infection and a single key that can be used to decrypt those files, so unless someone gets access to all of these keys, then the infected PC owners won't ever be able to decrypt those files.

The alternative is to pay the ransomware makers somewhere around $500 through Bitcoin. The problem with that is that even if the file owners want to pay, not too many are able to use Bitcoin or know how to pay with it, so only 0.27 percent of people who had their PCs infected have paid the ransom to the creators of CryptoWall. That's a much lower number compared to 1.3 percent for CryptoLocker, which gained most of its money by using other payment methods such as MoneyPak.

The US seems to have the most CryptoWall infections: 253,521 (or about 40 percent), followed by Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and India with 22,582.

The best way to stay protected against CryptoWall is to avoid downloading strange files from random e-mails or places on the Internet, and you should avoid using Administrator accounts on your PC that could make it easier for such malware to be installed without your knowledge.

Follow us @tomshardware, on Facebook and on Google+.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
35 comments
    Your comment
    Top Comments
  • whiteodian
    These bad boys have hit my company a few times. Stupid users will click on anything.
    10
  • Other Comments
  • whiteodian
    These bad boys have hit my company a few times. Stupid users will click on anything.
    10
  • soccerplayer88
    That's really the biggest problem.

    We regularly go over safe browsing habits with customers but short of us "policing" their internet these problems will never go away.

    So at the very least we strongly encourage users to either purchase a backup external drive or setting them up to save files to a central server. Worse case scenario we can just roll back the backup and all is well.
    0
  • rayden54
    If they really wanted to be paid you'd think pick an easier way--or less money. I know people who've had computers for years and every file they've ever acquired will fit on a single DVD. It might be worth $10-$15 to unlock their files, but for $500 they'll just buy a new computer.
    7