SCF Advanced Search



  • Total Posts: 38463
  • Total Topics: 13015
  • Online Today: 1209
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: CryptoWall V3 and V4 Protection for Intel Security Customers  (Read 1662 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
CryptoWall V3 and V4 Protection for Intel Security Customers

Updated, November 6:

Since October 30, the release date of the Cyber Threat Alliance report on CryptoWall Version 3, we have spotted a new variant of the CryptoWall family. This variant has been labeled by many as Version 4, which is different in some ways from V3. This rapid update demonstrates how flexible the actors behind these campaigns are and the resources they have available to make changes within 24 hours. Intel Security detects this new version in our signatures as Ransom-CWall.a and Ransom-CWall.c.

As part of a joint investigation between the founding members of the Cyber Threat Alliance, we released a report that dissects the CryptoWall Version 3 family of ransomware. (For more on the malware’s aims, see this post.) Threat researchers from four companies, including Intel Security, shared indicators and knowledge around the inner workings of this malware and how it behaves from a network perspective.

For Intel Security customers, we have written detection for our endpoint products that classifies the ransomware as Ransom-Cwall. Besides our endpoint products, other products that consume McAfee Global Threat Intelligence feeds also detect the indicators of this ransomware family and protect our customers by blocking access to its control servers.

Indicators of associated URLs and IP addresses have been pushed into McAfee GTI and are updated daily  as we proactively monitor the movements of the campaigns that spread this form of ransomware.

While monitoring McAfee GTI statistics around this campaign, we saw starting in August a high number of detections in which the current control server sites were increasingly blocked and the number of visitors to these sites decreased:

As the CTA contributing members began to block these sites, we saw the adversaries behind the campaigns move to new sites for their control servers, which explains some spikes in September. Intel Security continues to monitor this ransomware threat and provide up to date information and detection in our products.

Original article:
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising