The CryptoWall ransomware has migrated to the TOR network, encrypting critical files that are necessary to conduct day-to-day operations for business users. Ideally for the cybercriminals, users won't be able to rely on a backup and the company will instead choose to pay the ransom for access to their own PCs and servers. Using TOR makes CryptoWall 2.0 more difficult to track down and remove, giving cybercriminals a potential goldmine as they victimize businesses.
KnowBe4 was contacted by a company that was hit by the new variant of CryptoWall, with the IT admin's computer infected - which spread to seven servers in just one hour, shutting down the entire server farm. Despite having recent backups that could be used, there would be too much downtime to recover data and have the servers operational in a timely manner.
"The cyber criminals hit pay dirt with this one and the admin ended up paying the ransom, 1.3 bitcoin, rather than face the serious costs caused by days of downtime," said Stu Sjouwerman, KnowBe4 CEO, in a press statement. "This is the next generation of ransomware and you can expect this new version to spread like wildfire."