Encrypting Ransomware Poses Major Threat to Businesses Around the World

encryption ransomwareCryptoWall 4.0 users have discovered that Russian users are spared any encryption after the malware is deployed onto their system. This is because the ransomware checks to determine which keyboard is being used, and when Russian is detected as the language, the ransomware kills itself before encryption.

This news comes as no big surprise to anyone, as it has always been known that the attackers were Russian, at least the spam servers, targeting mainly the US and Europe. However, everyone is equally susceptible to encrypting ransomware.

The encrypting ransomware may appear slightly different, but in reality, it is the same as the rest. It encrypts your files from a phishing email, holding them ransom for bitcoin payment. The encryption is done using a GPG Tool, which is an open source encryption tool that appends the file extension to “.vault”

This variant is based off of the “freebie” structure, allowing 4 free file decrypts. This is intended to let the user know what the decryption routine is like, and to verify that files will be returned upon the ransom being paid.

Once the ransom has been paid, the user will have access to download the decryption tool from the portal.

Analyzing MD5

The specific variant will be caught by Webroot, in real time, before any encryption is able to take place. Measures are always being taken to find more, but in the case of new zero day variants, it is important to understand that with encryption ransomware, the most dependable protection is a good backup solution, using either the cloud or external storage.

It is also critical to keep this backup solution up to date so productivity is not lost. Webroot has built in backup features in the consumer product, allowing directories to be constantly synced to the cloud. Should a zero-day variant infection occur, the user can simply restore any files using a snapshot history.

Find out more about the latest variants of malware. Call OffSite IT at (866) 828--6674 or email us at info@offsiteIT.com to learn about our managed IT services. We keep you safe from all types of threats for a flat-rate monthly fee.


I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

    • Los Angeles / Orange County 21520 Yorba Linda Blvd. Suite G417 Yorba Linda, CA 92887
    • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
    • 1-866-828_-6674 info@offsiteIT.com