CryptoWall: The new ransomware threat

It mimics Cryptolocker, but this malware isn’t the same as the now mostly defunct ransomware. This one, CryptoWall, is spread by ad networks on some popular sites, exposing as many as three million users a day. 

Spread by malvertisements

According to Proofpoint, the malicious ads, or malvertisements, were served up on many popular websites including Yahoo,, AOL and several other news and consumer sites. The ads contained drive-by downloads, meaning they are downloaded without the user intending or knowing the malware was installed.

The malware it carries, CryptoWall 2.0, works similarly to other ransomware programs.

It encrypts files, then demands a ransom to unlock them. The ransom is to be paid in Bitcoins, and is about $500 per incident (though it may charge more if users fail to pay up at first).

What to do

It seems like the threat is shut down for the time being. The ad networks have been alerted and seemed to have taken the appropriate steps to shut down the spread.

But there are some steps you should take to protect your systems and tips to pass along to users so they can do the same.

  1. Anti-malware. Make sure your security suite is up to date. Also, make sure your security software has the ability to detect and block malicious advertisements.
  2. Ad blocking. One of the best ways to get users to avoid clicking on ads is to keep them from seeing them. Ad blockers can remove the temptation to click on a malicious site.
  3. Security awareness. Remind users of safe browsing behavior … avoiding clicking on advertisements, opening attachments from unrecognized senders, etc.
  4. Keep systems updated. Regularly updating Java and other programs will prevent many of these exploits from working.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy