The latest CryptoWall 3.0 campaign is delivered through Google Drive and those users who are running other programmes that have not been properly updated – everything from Adobe Reader through the Flash Player – could find their systems compromised as a result. Any vulnerabilities in these programmes are exploited by RIG, a commercial exploit kit delivered via a number of domains to which CryptoWall forces the user once it has successfully been delivered into a system. The result is that a user’s files are encrypted and can only be released when a ransom is paid.
This latest ransomware has been called CryptoWall 3.0 and the Google Drive attack has been defined as a ‘drive by.’ This is essentially where a user is directed to a website controlled by cyber criminals as a result of browsing a compromised site. The website on which the user lands has been created with the purpose of exploiting any vulnerable spots in the user’s system, as mentioned above. CryptoWall 3.0 only appeared at the start of 2015 but has featured heavily since. The fact that it is polymorphic and its ability to evade takedowns makes it particularly intimidating.
Protecting against CryptoWall 3.0
The most important layer of protection is ensuring users don’t click on malicious links, sites and pop up windows as this is what starts the process off. Backing up data, using security consultancy, ensuring all programmes are up to date and using an antivirus solution capable of blocking CryptoWall will all be key to ensuring businesses and consumers remain ransomware-free.