A third version of the ransomware Cryptowall has been spotted in the wild by the software vendor Microsoft, only a week after the release of 2.0.
A recent spike of activity from the malware alerted the firm to the virus, which locks a user’s computer before demanding payment before it is released, with the Crowti virus responsible for distributing the ransomware.
"It still follows the same behavior as previous variants, with minimal modifications such as changes in ransom notification file names," Microsoft said, adding that files were customised for each victim with a personal link to decryption pages that work via the Tor anonymity network.
Victims are asked to pay $500 (£330) or €500 (£385) within the first 168 hours after the demand is issued, with the sum increasing if they do not pay in time.
The campaign is the second big update to CryptoWall since the ransomware overtook CryptoLocker as hardware vendor Dell’s candidate for the most destructive ransomware on the Internet in September.
CryptoWall 2.0 was discovered only last week by networking firm Cisco, who labelled the campaign "ransomware on steroids" after it discovered the Tor network was being used to relay instructions to the virus.