View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Unorthodox tactics spurs Cryptowall resurgence

Hackers' strategy is ‘less fashionable yet highly effective’.

By Jimmy Nicholls

Cryptowall ransomware is apparently on the rise again after a spam wave attempting to spread the virus was uncovered by the security vendor Bitdefender.

Hackers were said to have sent out messages to potential victims in the UK, the US, Australia and other European countries, having located their servers around the globe to spread the malware, which encrypts a person’s files before demanding payment for their release.

Catalin Cosoi, chief security strategist at Bitdefender, said: "Interestingly, in this instance hackers have resorted to a less fashionable yet highly effective trick to automatically execute malware on a victim’s machine and encrypt its contents – malicious .chm attachments."

Chm files are compiled HTML documents often used to deliver instruction manuals for software, but are susceptible to mischief because of their ability to direct users to external URLs via JavaScript code.

"Attackers began exploiting .chm files to automatically run malicious payloads once the file is accessed," Cosoi said. "It makes perfect sense: the less user interaction, the greater the chances of infection."

The crooks behind Cryptowall are thought to be targeting company networks through fake fax reports that spoofs computers in the victims’ domain to disguise the nature of the attack.

In the past those behind the virus have sought to spread the malware through malvertising, with the ransomware having overtaken CryptoLocker last September in terms of financial damage, according to Dell.

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

Since the destruction of infrastructure used to spread CryptoLocker and the associated trojan GameOver Zeus last summer, the Russo-Ukrainian gang behind the viruses is thought to have moved on to other malware, including more sophisticated bits of ransomware like Cryptowall.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.