View All R&D Articles

CryptoWall 4.0: What It Is, How It Causes Data Loss, and What You Can Do

January 13, 2016

The world of malicious code is getting more and more sophisticated. The best example might be ransomware, the most prominent example of which is CryptoWall 4.0.

Ransomware is the catch-all term for programs that infect your computer without your knowledge, encrypt your data, then notify you that your data has been encrypted and offers to decrypt it for a fee. These encryption schemes are sophisticated enough that cracking them without the key would take decades or even centuries with current processing technology.

It’s pretty insidious; the amount demanded is usually between $300-$800 in the form of an anonymous Bitcoin transaction. Many users, especially small businesses, find that the cost of the ransom is lower than the cost of losing their data, and begrudgingly pay it. That’s why the Cyber Threat Alliance estimates that, in 2015, CryptoWall 3.0 alone led to over $325 million in user losses.

These huge profits are leading ransomware rings to act more like legitimate software developers, pushing regular updates to evade detection by firewalls and antivirus programs. CryptoWall 4.0 even alerts the user with a (poorly written) message that sounds more like a customer service email than a ransom note.

What You Can Do To Protect Against CryptoWall

Some versions are relatively easy to defeat, because the criminals who have deployed them have been caught and had their encryption keys seized and algorithms identified. These include CoinVault, Bitcryptor, and early versions of CryptoWall. In those cases, it’s usually a simple matter of running a decryption program, like the one Kapersky offers here. can guide you through this process, and we offer affordable services for CryptoWall decryption.

For newer ransomware, like CryptoWall 2.0, 3.0, and 4.0, the situation is a little more dire. The black hat developers behind these programs haven’t been caught yet, so their algorithms remain unknown.

Before you pay the ransom, however, it should be noted that there is no guarantee that they will follow through on their promises to release your data.

While some of these programs are sophisticated enough to evade detection, there are plenty that aren’t. A trusted antivirus, with automatic updates enabled, is still an important defense against this and any malicious code.

However, the most effective tool against these programs is the same against any form of data loss: regular offsite backups with versioning.


We now offer ransomware recovery service to help people affected by CryptoWall. Follow the link to learn how we can make it easier for you to bounce back from a CryptoWall infection.

CryptoWall 4.0: What It Is, How It Causes Data Loss, and What You Can Do
Article Name
CryptoWall 4.0: What It Is, How It Causes Data Loss, and What You Can Do
CryptoWall is a serious threat for Internet-connected computer users. Here's how to avoid it.