The Cyber Threat Alliance is a group of leading cybersecurity solution providers who have come together in the interest of their collective customers to share threat intelligence.

CryptoWall is one of the most lucrative and broad-reaching ransomware campaigns being witnessed by Internet users today. Ransomware is a type of malware that encrypts a victim’s files and subsequently demands payment in return for the key that can decrypt said files. When ransomware is first installed on a victim’s machine, it will target sensitive files on said machine. These files may contain various types of information, such as important financial data, business records, databases, and personal files that may hold sentimental value to the victim, such as photos and home movies.

Once these files are identified, the malware will encrypt them using a key known only by the attackers. In order to acquire this key to decrypt these files, the victim must pay a ransom to the attackers, often in the form of electronic currency, such as bitcoin. In the event a victim does not have backups of this data, and chooses not to pay the ransom, the files are unlikely to be recovered. Ransomware has been known to cause irreparable damage to both individual users and large corporations alike.

CryptoWall is one of many prominent ransomware malware families, which include TorrentLocker, TeslaCrypt, and CTB-Locker, among others. The security community first discovered CryptoWall in June 2014. Since then, a number of variations of CryptoWall have surfaced. The third variant (version 3) began infecting machines in January 2015. The Cyber Threat Alliance chose to focus their efforts on CryptoWall, given the prevalence of the threat, introduction of the new version, and potential impact to individuals and organizations around the world. Through this research and sharing of intelligence, members of the CTA enhanced their protections for CryptoWall v3 within their individual product offerings, helping to ensure the safety of all users.

For more information, download the Cryptowall Report.