In the wild, this month is a new version of ongoing cryptography-based viruses. This new version calls itself Cryptowall 2.0. From research, there are a few key differences in this new version.

In the original Cryptolocker viruses, the payments were to be made by using Bitcoin. In the way that the virus author crafted the payment gateway, if they knew enough, people could “steal” or fake the payments made by others and use these stolen payments as their own. In this new version, this is “fixed.”

Each infected computer is tied to a unique bitcoin wallet ID that the virus generates. You can’t steal someone else’s payment or send a fake payment anymore. The original cryptolocker code upon encrypting files would delete the originals.

The deletion process was similar to a user putting a file into the recycling bin and hitting “empty recycling bin.” In this way, most files are easily recovered as long as not much data has been changed or written to the hard drive in question. With Cryptowall 2.0, this bypass is no longer available.

This version issues a hard drive secure delete command to every file it encrypts. This means recovery is impossible via this avenue. The third change is with how the author is masking the activity back to them. This will make it tough for the authorities to make a break in this case where they were able to with the original cryptolocker virus.

If you are concerned that your system may be infected, please submit a request. We will be happy to help. Stay safe!