New CryptoWall Attack Uses Malicious Attachments

CryptoWall is back on the list with a fresh attack. The original CryptoWall arrived in 2013 and made 27 Million dollars in ransom by encrypting files of end-users by covering its malicious code in an innocent attachment.

So the latest CryptoWall attack is hitting end-users with phishing emails containing malicious attachments that infect networks.  This is the latest and most sophisticated file-encrypting ransomware of CryptoWall and it is using a fake email in their own domain with the subject line “incoming fax report”.

Once an unsuspecting user opens the attachment, it encrypts the files of all mapped drives and demands a monetary ransom to be paid in Bitcoin. In late February 2015, it has been discovered that the current attack uses a help file attachments with .CHM extension.  Cyber criminals and hackers have resorted to a highly effective trick that automatically executes malware and encrypt its contents.

A “chm” is an extension for the Compiled HTML file format which is used to deliver user manuals along with software applications however they are highly interactive and run a series of technologies including JavaScript. This is the perfect attack because the less user interaction, the greater the chances of infection.

How do you protect yourself from CryptoWall “CHM” attacks?

It is recommended to add “.chm” files to your spam filters if it is not in there already. In addition, you should train your end-users so they do not fall for social engineering attacks like this.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto delivering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

We offer our Complimentary Network and Security Assessment by or access our industry leading program called Lenovo Preferred Pricing and access savings of up to 20%* on the ThinkServer line.

Leave a Reply

Ready to get started? Call us now Click Here