Ransomware Security Threat Update – Cryptowall 4.0

Further to our security update earlier in the year about the Cryptowall 3.0 malware threat we thought it would be important to make you aware of the new Cryptowall 4.0 security threat.


Since earlier in the year there has now been a return of Cryptowall as version 4.0 – this version displays a redesigned ransom note and new file names. Equipped with better evasion techniques and tactics to foil antivirus protection and detection this new version of the ransomware attacks computers and encrypts user files and folders via infected email attachments.

The most significant change in Cryptowall 4.0 is that it now also encrypts the filenames of the encrypted files.

Cryptowall 4.0 uses the same email distribution method as the previous version did. The threat is downloaded by clicking a link in a spam email with a file name similar to Fax-<randomnumber>.zip or incoming_wire_report.zip.  Once Cryptowall has logged into your PC it starts scanning your files and begins to encrypt them so you no longer have access to them.

If your files do get encrypted by Cryptowall version 4.0 you are likely to receive a message similar to the one below:-


Much like its predecessor – Cryptowall 3.0 – when installed the malware will log into Explorer.exe and will disable System Restore, delete all Shadow Volume copies and use bcdedit to turn off Windows Startup Repair.

Unfortunately at this stage there is no way to recover your files without restoring from a backup or paying the ransom.

However there are proactive measures that retailers can take to prevent themselves becoming a victim of this latest threat.  This can be done by keeping your system up to date with security patches, malware protection software, mail filtering software and anti-virus software.  The importance of doing so cannot be exaggerated with Cryptowall 3.0 inflicting an estimated $325 million worth of damage in the US alone.

For further information on Cryptowall ransomware and the best practices in staying vigilant against security threats please don’t hesitate to contact RMS today.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s