Blog Other Blogs McAfee Labs CryptoWall V3 and V4 Protection for McAfee Customers

CryptoWall V3 and V4 Protection for McAfee Customers

Christiaan Beek

Oct 29, 2015

2 MIN READ

Updated, November 6: 

Since October 30, the release date of the Cyber Threat Alliance report on CryptoWall Version 3, we have spotted a new variant of the CryptoWall family. This variant has been labeled by many as Version 4, which is different in some ways from V3. This rapid update demonstrates how flexible the actors behind these campaigns are and the resources they have available to make changes within 24 hours. McAfee detects this new version in our signatures as Ransom-CWall.a and Ransom-CWall.c.

As part of a joint investigation between the founding members of the Cyber Threat Alliance, we released a report that dissects the CryptoWall Version 3 family of ransomware. (For more on the malware’s aims, see this post.) Threat researchers from four companies, including McAfee, shared indicators and knowledge around the inner workings of this malware and how it behaves from a network perspective.

For McAfee customers, we have written detection for our endpoint products that classifies the ransomware as Ransom-Cwall. Besides our endpoint products, other products that consume McAfee Global Threat Intelligence feeds also detect the indicators of this ransomware family and protect our customers by blocking access to its control servers.

Indicators of associated URLs and IP addresses have been pushed into McAfee GTI and are updated daily  as we proactively monitor the movements of the campaigns that spread this form of ransomware.

While monitoring McAfee GTI statistics around this campaign, we saw starting in August a high number of detections in which the current control server sites were increasingly blocked and the number of visitors to these sites decreased:

CW3 control servers

 

As the CTA contributing members began to block these sites, we saw the adversaries behind the campaigns move to new sites for their control servers, which explains some spikes in September. McAfee continues to monitor this ransomware threat and provide up to date information and detection in our products.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.

FacebookTwitterInstagramLinkedINYouTubeRSS
Christiaan Beek Lead Scientist & Sr. Principal Engineer

Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing...

More from McAfee Labs

SpyLoan: A Global Threat Exploiting Social Engineering
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan,...

Nov 25, 2024   |   16 MIN READ

Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation
Authored by: M. Authored by: M, Mohanasundaram and Neil Tyagi In today’s rapidly evolving cyber landscape, malware...

Nov 20, 2024   |   18 MIN READ

The Dark Side of Gen AI
There’s no denying that Generative Artificial Intelligence (GenAI) has been one of the most significant technological developments...

Nov 18, 2024   |   5 MIN READ

Behind the CAPTCHA: A Clever Gateway of Malware
Authored by Yashvi Shah and Aayush Tyagi Executive summary McAfee Labs recently observed an infection chain where...

Sep 20, 2024   |   8 MIN READ

Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware
Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are...

Sep 19, 2024   |   14 MIN READ

New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that...

Sep 05, 2024   |   10 MIN READ

The Scam Strikes Back: Exploiting the CrowdStrike Outage
Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we witnessed one of the most significant...

Jul 30, 2024   |   5 MIN READ

Olympics Has Fallen – A Misinformation Campaign Featuring a Voice Cloned Elon Musk
Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the 2024 Paris Olympics,...

Jul 26, 2024   |   6 MIN READ

ClickFix Deception: A Social Engineering Tactic to Deploy Malware
Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware...

Jul 11, 2024   |   9 MIN READ

Quality Over Quantity: the Counter-Intuitive GenAI Key
It’s been almost two years since OpenAI launched ChatGPT, driving increased mainstream awareness of and access to...

Jun 28, 2024   |   3 MIN READ

Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
Authored by Dexter Shin Many government agencies provide their services online for the convenience of their citizens....

May 31, 2024   |   7 MIN READ

How Scammers Hijack Your Instagram
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user base and dynamic platform, has become...

May 14, 2024   |   6 MIN READ

Back to top