CryptoWall 2.0 in the Wild

On Tuesday one of my clients was unlucky enough to contract the new Onion/TOR variant of the CryptoWall virus known as CryptoWall 2.0.  This variant is pretty much undetectable at the moment, and even figuring out where it came in was a problem.  Unlike other CryptoLocker/CryptoWall variants, this one does not pop up a screen telling people they are infected.  I believe this may actually be a flaw in the design, rather than the way the system was intended to work, but either way it just adds to the amount of time the virus has to do its work before being interrupted.

Their fully updated antivirus solution did not detect the virus, nor did several others I tried.  Only the old standby Malwarebytes was able to detect it during a heuristics scan, and flagged it as backdoor.bot.  I removed the virus and sent it over to AVG for analysis.  It would seem that Tuesday (10/14/15) was the launch day over here in the US, so it’s understandable that most antivirus programs did not have definitions that could detect this new variant, but hopefully that will be remedied soon.  In the mean time, please make sure your backups are working properly and that your antivirus program is updating properly.  If you’re unsure of your current antivirus or backup solutions, contact a Cybereal consultant who will be more than happy to discuss your options with you.