Ransomware

CryptoWall

First seen: 2014 • Status: inactive

Currently Inactive

CryptoWall was a ransomware that made hundreds of millions of dollars by copying CryptoLocker tactics and improving them.

Overview

CryptoWall was a successful CryptoLocker successor that generated over $325 million in ransom payments. It used Tor for C2 and continuously evolved its evasion techniques.

Also Known As

Crypto Wall, CryptoDefense

How It Spreads

  • Exploit kits
  • Malvertising
  • Phishing emails

What It Does

  • File encryption
  • Shadow copy deletion
  • Bitcoin ransom demand
  • Tor-based payment

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Historical threat - study for ransomware research
  • Understand evolution of ransomware tactics

MITRE ATT&CK Techniques

T1486, T1490, T1189, T1566

If You're Infected

  1. 1.

    CryptoWall is no longer active

  2. 2.

    Standard ransomware recovery applies

Related Malware

Cryptolocker, Locky, Teslacrypt

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices