CryptoWall 3 Is it really there?

[MegaMech]

I found evidence of what I think is the third generation of cryptowall on a computer at work. I found about 10 files. 5 images, 5 .html files of cryptowall threat things on the PC in the startup folder as well as another 10 under C. This meant that every time the computer was booted these files would appear. These files explain what cryptowall is and what to do to unlock your drive, etc.

No data seemed to be missing, no files seemed to be encrypted. I downloaded a program to check the registry for any records of cryptowall having encrypted anything. It found nothing. The computers at work have Microsoft Security Essentials. Essentials, found no viruses. ADWCleaner did not seem to find much.
My boss said he opened up an email and that is when he thinks these things started appearing. He was using the Microsoft Outlook application.

Security in this business is essential, and data loss could be very very bad for business.
Does Microsoft Outlook have bad security? If so, I'll suggest it to be uninstalled. Chrome would never let this kinda thing get through.

What is the chance that the cryptowall virus is not actually on the computer and the email was just trying to scare people? These files have been on the computer for a few weeks I think. So if it was to do anything, it should have done it already?

What should be my plan of action here? I don't think my employer understands how much is at risk. I have heard that crypto viruses can get through an entire network

 

[mcnumpty23]

i would get better than microsoft security essentials for one thing

run a scan with Malwarebytes and HitmanPro to check

 

[MegaMech]

Thank you, unfortunately the anti-virus program is chosen by head office. In-fact it changes almost year to year.
I definitely, absolutely, completely agree with you! I'll see if I can get the boss to talk to head office... It's to bad that they're too nice to wring them out for such a crass mistake! In the morning I'll get someone to run malbytes and hitman.

I know anti-virus programs used to conflict with each other. Is it safe to run malwarebytes and microsoft suck essentials together? I love malware bytes! I wanted to download that, but thought that I should just trust the system (essentials). I mean some bone head at head office must have had a good reason for putting that on the computers right? (...*cricket*, *cricket*)


Have you ever heard of the cryptowall virus not actually being on the computer but the image files were downloaded as a scare tactic? Or maybe essentials did do it's job and removed the virus but not the very scary .html/.png files.

 

[mcnumpty23]

malwarebytes isnt strictly speaking an anti virus and doesnt conflict so yes its fine to run them together

havent heard of it being downloaded as a scare tactic--perhaps for some reason it failed to execute

 

[Elizabeth Anderson]

Yes the CryptoWall 3.0 is still there. First there's no known way to decrypt files attacked by CryptoWall. Unless you pay to get the key, they are lost forever. If you don't have offline backups, your files are lost.

One way to prevent the execution of those kind of viruses is to use whitelisting on your Windows. This can be frustrating if you don't know how to include applications on the whitelist, and will demand a lot of time to do right, but will deny execution of any application not known. for more information please read -http/blogs.cisco.com/security/talos/cryptowall-3-0

 

[mcnumpty23]

and yes basically if caught with it you cant decrypt the files

but theres the chance of recovering them any way since cryptowall first makes a copy of the files and encrypts the copies

then it deletes the originals--but the originals are deleted unencrypted so theres a chance of recovering them how ever slim that chance may be

 

[MegaMech]

@Elizabeth
If they actually send the key after payment...

I told someone to run malwarebytes and hitman pro and they didn't bother. (I was home for reading break, so I can't do it myself )

head office downloaded a program to screenshot next time 'it' happens and they don't think the crypto wall virus is there.
Apparently head office didn't spend too much time. Didn't run any scans. But looked at some 'details' or something.

I ran this program: http/www.bleepingcomputer.com/download/listcwall/ a week ago. And a week before that is about the first time the images (virus) showed up.
ListCWall found nothing.

I'm assuming you guys have had a lot of 'fun' with crypwall in the past? Would you trust the head office and listcwall?
I'm assuming you would still want to atleast run malwarebytes. Kinda kicking myself that I didn't run malbytes when I was there.
Cryptowall has never stolen files has it? Cause that would be really, really, bad.

I can't do much more, it sucks, it's so frustrating.