Cryptowall ransomware is apparently on the rise again after a spam wave attempting to spread the virus was uncovered by the security vendor Bitdefender.
Hackers were said to have sent out messages to potential victims in the UK, the US, Australia and other European countries, having located their servers around the globe to spread the malware, which encrypts a person’s files before demanding payment for their release.
Catalin Cosoi, chief security strategist at Bitdefender, said: "Interestingly, in this instance hackers have resorted to a less fashionable yet highly effective trick to automatically execute malware on a victim’s machine and encrypt its contents – malicious .chm attachments."
Chm files are compiled HTML documents often used to deliver instruction manuals for software, but are susceptible to mischief because of their ability to direct users to external URLs via JavaScript code.
"Attackers began exploiting .chm files to automatically run malicious payloads once the file is accessed," Cosoi said. "It makes perfect sense: the less user interaction, the greater the chances of infection."
The crooks behind Cryptowall are thought to be targeting company networks through fake fax reports that spoofs computers in the victims’ domain to disguise the nature of the attack.
In the past those behind the virus have sought to spread the malware through malvertising, with the ransomware having overtaken CryptoLocker last September in terms of financial damage, according to Dell.
Since the destruction of infrastructure used to spread CryptoLocker and the associated trojan GameOver Zeus last summer, the Russo-Ukrainian gang behind the viruses is thought to have moved on to other malware, including more sophisticated bits of ransomware like Cryptowall.
