Tuesday, 1 December 2015

Cryptowall 4 Infection Website Compromised from Nuclear Exploit Kit (HELP_YOUR_FILES.PNG)

Until last week it appeared that Cryptowall 4 infection was only being seen from emails carrying the payload. It now appears it is also being delivered by websites compromised by the Nuclear Exploit Kit. The Nuclear EK operates by exploiting vulnerabilities in Java, Acrobat Reader, Flash, and Silverlight so it's essential that you have your PC fully patched up to date.

Cryptowall 4 is now being found in the wild delivered by hacked websites. If you find your files on your drives are encrypted and the file names are also encrypted then it's highly likely that you have been infected by Cryptowall 4 ransomware. You can see the file HELP_YOUR_FILES.PNG will be stored in the folder with all the encrypted files. Other help files may be HELP_YOUR_FILES.HTML, HELP_YOUR_FILES.TXT.

Even visiting an apparently innocuous website may lead to your PC being infected IF you have software that has vulnerabilities such as Adobe Flash. Even fairly recent versions from August 2015 are still vulnerable to infection.

More info on the Nuclear Exploit kit for Cryptowall 4 here.
How to recover from Cryptowall 4


To check a website you can use: http://www.isithacked.com

No comments:

Post a Comment