Skip to main content

Improved CryptoLocker Clone "Cryptowall" Has Locked Over Half A Million PCs, 5 Billion Files

A few months ago, the devastating CryptoLocker malware that has locked the files of half a million PC users across the world was finally neutralized. The US government managed to seize the computers that were spreading the CryptoLocker malware with support from some security experts. Later, a security firm made public a tool that people whose PCs were infected could use to decrypt and recover their files.

But Cryptolocker wasn't the only ransomware spreading on the Internet. Since Cryptolocker was taken down, Cryptowall, a similar piece of ransomware that has existed since November 2013, has taken Cryptolocker's place and has already infected 625,000 PCs and over 5.25 billion files.

Cryptowall has been using a variety of ways to infect so many PCs in so little time, including through spam mail with attachments; infecting websites that users visit and then downloading programs that are infected with CryptoWall; and through other malware that had already existed on people's PCs. The infection can affect not only local hard drives but also mapped cloud drives, such as Google Drive or Dropbox.

Cryptowall assigns a unique identifier for each infection and a single key that can be used to decrypt those files, so unless someone gets access to all of these keys, then the infected PC owners won't ever be able to decrypt those files.

The alternative is to pay the ransomware makers somewhere around $500 through Bitcoin. The problem with that is that even if the file owners want to pay, not too many are able to use Bitcoin or know how to pay with it, so only 0.27 percent of people who had their PCs infected have paid the ransom to the creators of CryptoWall. That's a much lower number compared to 1.3 percent for CryptoLocker, which gained most of its money by using other payment methods such as MoneyPak.

The US seems to have the most CryptoWall infections: 253,521 (or about 40 percent), followed by Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and India with 22,582.

The best way to stay protected against CryptoWall is to avoid downloading strange files from random e-mails or places on the Internet, and you should avoid using Administrator accounts on your PC that could make it easier for such malware to be installed without your knowledge.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.