The CryptoWall ransomware has been updated to make it more difficult for users to recover their encrypted data. The latest version of CryptoWall, version 4.0, will now alter the file names of data that it has encrypted to prevent victims from determining exactly what has been affected by the program. In addition, ransomware will now delete all system restore points upon its installation in an effort to ensure that data remains unrecoverable. If infected, the app will be accompanied by a message to victims, shown in the screenshot posted above, which states that they will be unable to recover their data unless they pay the ransom, and that any other attempt to recover data may result in irreversible loss.
While it may be tempting for victims of ransomware to pay the ransom, data recovery is not guaranteed. The best course of action is to keep regular backups of your data and to completely wipe the infected computer and restore your data from those backups.
In June 2015, the FBI regarded CryptoWall as “the most current and significant threat targeting U.S. individuals and businesses” and reported that victims’ losses had totaled over $18 million USD. In October, the Cyber Threat Alliance estimated that the attackers behind the ransomware have made more than $325 million USD from victims.