Cryptowall is an advanced version of Cryptolocker, a file-encrypting ransomware known for disguising its viral payload as a non-threatening application or file. Its payload encrypts the files of infected computers in an effort to extract money for the decryption key.
A new spam wave has hit hundreds of mailboxes with malicious .chm attachments to spread the infamous Cryptowall ransomware.
Malware researchers from Bitdefender Labs found that the email blast, which took place in February, targeted users from around the world, including the UK, the US, the Netherlands, Denmark, Sweden, Slovakia and Australia. Following analysis, the spam servers appear to be in Vietnam, India, Australia, US, Romania and Spain. “Interestingly, in this instance, hackers have resorted to a less fashionable yet highly effective trick to automatically execute malware on a victim’s machine and encrypt its contents – malicious .chm attachments,” states Catalin Cosoi, Chief Security Strategist at Bitdefender.
Once the content of the .chm archive is accessed, the malicious code downloads from this location http:// *********/putty.exe, saves itself as %temp%\natmasla2.exe and executes the malware. A command prompt window opens during the process. It should be mentioned that last year victims of the CryptoWall ransomware have been extorted out of at least $1m. Despite a takedown operation in June, CryptoWall continues to be the largest and most destructive ransomware threat on the internet, according to the analysis of the threat by security researchers from Dell SecureWorks Counter Threat Unit.