Cryptowall 4.0 spam servers are located in Russia, according to
The investigation also reveals the encryption algorithm used is AES 256. The key is encrypted using RSA 2048, most likely because this second algorithm is resource-intensive.
Targeted countries we have identified so far include: France, Italy, Germany, India, Romania, Spain, US, China, Kenya, South Africa, Kuwait and the Philippines. Russian users seem to be safe. The malware doesn’t proceed with the encryption process if it detects Russian as a keyboard language.
How to prevent getting infected
Following the footsteps of its predecessors, CryptoWall has become a financial success for its creators. Recent numbers show that
3.0 inflicted an estimated $325 million in damages in the US alone. Its high turnaround prompted other cybercriminal groups to write new code that uses more sophisticated encryption algorithms. Therefore, it’s becoming harder for AV vendors to crack the code and come up with a solution.
To stop the spread of this threat, Bitdefender anti-malware experts have developed an antidote, a piece of software that allows users to immunize their computers and block file encryption attempts.
Please remember that this tool acts as an extra layer of protection, together with your anti-malware solution. If your computer is already infected with CryptoWall 4.0, the vaccine will not help disinfect it. The tool should be installed and used as a proactive measure against this specific strain of ransomware.