Cryptowall 3.0 ransomware switches to anonymous I2P network

An new version of the Cryptowall ransomware exploiting the anonymous Invisible Internet Project (I2P) network has been uncovered.

Independent security researcher Kaffeine reported uncovering the Cryptowall 3.0 malware, warning in a blog post that the attack has the same advanced encryption powers as previous versions.

Cryptowall is used to create ransomware, a form of malware that attempts to blackmail victims by locking them out of infected machines and charging a removal fee.

"Cryptowall is a subtype of an advanced kit which is frequently used to build and deploy ransomware," Dennis Vogt, mobile evangelist at ThreatMetrix, told V3.

"It is malicious software which takes single, very important files or the whole hard disk hostage by fully encrypting the hard drive or respective files.

"After successful encryption of the data/hard drive, it will inform the user [who] will be redirected to the malware owner's website to pay a ransom to get the hard drive decrypted."

F-Secure analyst Artturi Lehtiö explained that Cryptowall 3.0 is all but identical to its predecessor apart from its use of I2P.

"The only real change is using I2P instead of Tor for the command and control communication. I don't see how that makes much of a difference," he told V3.

Tor and I2P are custom, privacy-focused services designed to let people use the internet anonymously and access the dark web.

Vogt said that the new Cryptowall could be a problem for many companies. "If a business computer has been infected and taken hostage, it may lead to the complete loss of important business data or to financial damage due to the deliberate encryption of the device's storage and forced ransom payment," he said.

He added that businesses should take measures to defend against Cryptowall, and have a plan in place should they be infected.

"Keep calm, do not rush into any dodgy removal process or pay the ransom immediately. Most of the hostage-taken devices and hard drives can still be decrypted without having to pay the ransom to the cyber criminal," Vogt said.

"As always, it is [also] important to be up-to-date with the standard protection like having an updated virus scanner and normal security-aware behaviour on the end user side."

Cryptowall 3.0 is one of many new threats uncovered in recent weeks. Researchers from Dell Secureworks discovered a dangerous malware codenamed Skeleton Key capable of bypassing password security to interfere with remote access services.