Ransomware attacks continue to be a big business worldwide for cyber-criminals, and are credited with the loss of billions of dollars to individuals, governments, and corporate entities in every part of the globe.
In this article, we look at a ransomware variant by the name CryptoWall which has been wreaking havoc in the PC universe since 2014.
What is CryptoWall Ransomware?
The CryptoWall ransomware is a Trojan horse malware that infects computers, encrypts their files, and demands a ransom be paid to have the files decrypted. It is widely believed that CryptoWall belongs to the same ransomware family as CrryptoDefense, BitCrypt, CryptoLocker, and Critroni as it shares a lot of similarities, including source codes, with the mentioned ransomware.
CryptoWall targets all versions of the Windows OS and it is mostly spread through infected emails, exploit kits, mal-adverts, and contaminated sites.
What Can the CryptoWall Ransomware Do?
Once it gets into an infected computer, the malware will run new registry entries with Windows startup. After this initial step, it gives remote access control to cybercriminals and encrypts predetermined file types. Examples of file types that are encrypted by the ransomware include .doc, .png, .pptx, .xlsm, docx, .xls, .pdf. .jpg, and .xlsb.
Another of its modus operandi is that once it is inside your computer, the malware will inject a code into the Windows explorer.exe file, depending on the version that is running on the victim’s computer. It is this modified explorer.exe file that installs the malware on the device. It then deletes the shadow files, disables Windows services, and hijacks the svchost.exe process with more injected modules. Once the ransomware is done encrypting your files, it will request a ransom amount equivalent to $1000 in bitcoins. To prove that they are capable of recovering your files, the malware creators will even offer to decrypt a few of your files.
How to Remove the CryptoWall Ransomware
As you ponder ways of dealing with the CryptoWall ransomware, the option of paying ransom should never cross your mind. It only fuels further attacks against people like you or organizations like yours, if the cybercriminals behind CryptoWall believe that folks like you are willing to hand them your hard-earned money.
At the same time, there is no guarantee that you will not be a future target now that you have shown your willingness to cooperate with them.
So what can you do to remove the CryptoWall ransomware if paying the ransom is not a choice that you should be considering?
With a reliable anti-malware solution such as Outbyte Anti-Malware, it is actually pretty easy to get rid of CryptoWall and all other malware entities that may be helping it achieve its nefarious goals. The reason you should trust an anti-malware over other alternatives is because Microsoft has since notified its security partners how to deal with the malware given that the malware has been around for a while.
For the antivirus to be effective against the CyptoWall ransomware, you need to run your computer on Safe Mode with Networking as the malware will start right back after you login.
Here is how to run your Windows PC on Safe Mode with Networking from a blank screen.
- Shutdown your power by pressing the power button.
- Turn it on again by pressing the power button.
- Turn it on and off repeatedly until you enter the Windows Recovery Environment (winRE).
- Once in winRE, you will see the Choose an Option Screen, select Troubleshoot > Advanced Option > Startup > Settings > Restart.
- Once your device restarts, press the F5 or 5 keys to get to Safe Mode with Networking.
Safe Mode with Networking will help you isolate the virus and remove it completely.
System Restore
If you have a restore point on your computer, it best to use it after removing the CryptoWall ransomware as this way, you can be certain that any programs or files that powered the ransomware will no longer be available.
Here is how to get to System Restore:
- Into the Windows search box, type “create a restore point”.
- Select the first result of this search.
- On the System Properties app, navigate to the System Security tab, and select System Restore.
- Choose a restore point from the list of the restore points available on your computer.
- Follow the on-screen directions to complete the process.
Note that system restore only works if you already have a restore point in place.
Refresh Your PC
Refreshing your PC is the equivalent of installing a new Windows version. The recovery option also gives you the choice of keeping your files, but because your files are encrypted, you don’t have to.
The following are the steps to take when refreshing your Windows 10/11 computer:
- Click the Windows button on your keyboard to get to Settings > Change PC settings.
- Select Update and recovery.
- Under Refresh your PC without affecting your files, select Get started.
- Follow the on-screen directions to complete the process.
Just a reminder, you don’t have to keep your files in this case as they are inaccessible.
How to Keep Your Computer Safe from the CryptoWall Ransomware
· Keep your computer patched and up-to-date
Malware will seek to exploit vulnerabilities in software to infect computers. So, if you are the type that takes too long to update the software running on your devices, then you are effectively leaving yourself exposed to potential attacks.
· Use a firewall
A firewall will tell you of any unusual network activity, the kind of which malware such as the CryptoWall use to give cyber-criminals remote access control.
· Verify the authenticity of emails
If you receive an email from an unfamiliar source, take your time to see if it is genuine.
· Back up your files
The only reason that ransomware entities are in business is because most people don’t have a backup of their files, because if they do, they wouldn’t be too bothered by ransomware attacks. Be the kind of person who prepares for the worst by backing up your files no matter how small the risks of a ransomware attack are for you.