The CryptoWall ransomware had been gone for about two months, and apparently the malicious λογισμικό που επανεμφανίστηκε έχει ενημερωθεί στην έκδοση 3.0, η οποία έρχεται με γεωγραφικό εντοπισμό θέσης για να παραδίνει τα ανάλογα μηνύματα για ransom.
In addition to this modification, security researchers also noticed that it is equipped with multiple addresses leading to a decryption service located in the anonymous I2P network.
The traffic is routed via dedicated proxies from I2P which is a network that can not be accessed as regular Internet sites.
I2P is another anonymous network, similar to Tor, where traffic is encrypted many times and routed through a series of proxies that hide the user's identity.
The CryptoWall ransomware, is also known as Crowti. It is a ransomware that includes possibilities file encryption. Once run on a computer, it begins encrypting system data.
In the end, he displays a message asking for a ransom to the victim and contains instructions on how to pay the money in order to receive the key to unlock the files. The fee is usually around 500 dollars which will be paid within 168 hours, with Bitcoins.
The 3.0 version was detected by French security researcher Kafeine, as well as Microsoft specialists.
In one Publication Kafeine reports that communication with the administration server and control it is encoded with the RC4 encryption algorithm and uses the I2P protocol.
The researcher tried the new CryptoWall and noticed that the proxies did not work, and an error message appeared as the malware was trying to connect.
However, criminals are prepared and provide instructions on how to obtain access to an extra decryption service hidden in the Tor network.
According to Microsoft, CryptoWall ransomware 3.0 has infected 288 unique machines in just two days, from January 11 to 12.
