Oklahoma State University: The STATE's University
Visit the OSU Home Page
IT Home
About IT
Organization
Policies
Service Catalog
Student Resources
Faculty/Staff Resources
IT Announcements
IT Ransomware Advisory
UTSF Committee
Turn Off Spam Digest
How To...
O-Key Account Access
Cowboy Mail
Orange Mail
Outlook Web Access

About CryptoWall 2.0:

 
CryptoWall 2.0 is a ransomware - a malicious encryption software program used by cybercriminals to lock up your computer files. The only way to get them back is to pay a ransom. Even paying a ransom to cyberthieves will not guarantee the return of your files. CryptoWall 2.0 differs from previous versions of this malware in that the cybercriminals want you to pay in Bitcoin - electronic money. Tracing Bitcoin transactions is nearly impossible. By demanding payment using Bitcoin, cybercriminals can avoid detection. If your computer becomes infected, you initially may not see any symptoms. Unlike other malware, you will not see lots of pop-ups or ads. Your computer may not even run more slowly.
 
With a CryptoWall 2.0 infection, what you could see is that your computer's G:, H:, and other drives (including flash drives) will look corrupted or encrypted. If this malware gets fully established on your computer, you will see a pop-up message stating that you must pay money to get your files back. The cybercriminals will ask for $300 or $500 dollars initially, and then give you a certain amount of time before their fees increase.
 
How would you know for sure that your computer is infected with CryptoWall 2.0?
 
Search your computer hard drive for the following files:
DECRYPT_INSTRUCTION.HTML
DECRYPT_INSTRUCTION.TXT
INSTALL_TOR
 
These file names are the signature of CryptoWall 2.0.
 
How would CryptoWall 2.0 get on my computer?
 
First keep in mind that cybercriminals see you and your computer as a target for financial and personal gain. They will use any method they can to attack it.
 
The common methods they use to get to your computer are through Phishing emails, downloaded software, and insecure web sites. More information is available at MalWare FAQs: http://www.microsoft.com/security/portal/mmpc/help/MalwareFAQs.aspx. The information on this site is applicable to both PC and Mac users.
 
What can you do to prevent getting CryptoWall 2.0 on your computer?
 
1. The most important thing to do is to perform daily backups of your computer and drive data.

* For a PC, you will find directions here: http://windows.microsoft.com/en-us/windows-vista/set-your-mind-at-ease-back-up-your-files-now.

* For Apple computers, please see these instructions: http://www.apple.com/support/timemachine.

2. Update your operating system regularly. Here are some links that you will find useful:

* Windows (includes IE updates): http://windows.microsoft.com/en-us/windows/updating-computer#1TC=windows-7

* Mac OS X - http://support.apple.com/kb/ht1338

3. Update the following programs on a regular basis - http://www.microsoft.com/security/portal/mmpc/help/UpdateFAQs.aspx

* Your antivirus programs

* Browsers - http://www.updatemybrowser.org/

* Adobe Flash - https://www.adobe.com/support/flashplayer/downloads.html

* Java - https://java.com/en/download/index.jsp

* Uninstall old versions of Java. See http://www.java.com/en/download/uninstallapplet.jsp if the install update of Java didn't uninstall the old versions automatically.

* Any other programs and software packages

4. Avoid suspicious-looking emails and attachments. Do not open them unless you first verify the sender is a safe sender.

5. When using the Internet, be sure to stay on pages that are known safe sites, unless it is absolutely necessary to visit parts of the internet that you think might not be safe.

What do you do if you get CryptoWall 2.0 on your computer?
 
First, immediately unplug your computer from the network and from the electrical outlet.
 
Unfortunately, the most reliable way to get your computer working after CryptoWall is to format, rebuild the system, and restore files from backups. Prevention and pro-active protection of your computer will be best approach to take to avoid CryptoWall from getting onto your computer in the first place.
 
Support:
 
For more information regarding protecting your computer from malware, ransomware, viruses, or other associated issues, please contact the OSU IT Helpdesk by calling 405-744-HELP (4357) or email the Helpdesk at helpdesk@okstate.edu.
The State's University
Oklahoma State University - Stillwater | Stillwater, OK 74078 | 405.744.5000
Copyright © 2006 Oklahoma State University | All rights reserved