Best Practices to protect against CryptoWall and CryptoLocker (SW12434)
Firmware/Software Version: All versions.
Services: GAV, IPS, App Control Advanced, Botnet Filter, CFS, DPI-SSL
Keywords: cryptowall, cryptolocker, cryptowall 2.0, crypto wall, crypto locker, ransomware, ransom ware
CryptoWall and CryptoLocker are ransomwares which infect a computer usually via email. Once a computer is infected, the malware encrypts certain files stored on the computer. Thereafter, the malware will display a message demanding payment to decrypt the files. Infection usually takes place when a user clicks on an executable file attached to a spam email.
Update: A new variant of the above ransomwares is CryptoWall 2.0. It is similar to CryptoLocker and CryptoWall and uses TOR to fetch the encryption keys.
SonicWALL Gateway Anti-Virus and SonicWALL IPS provide protection against this threat via the following signatures: https://support.software.dell.com/kb/sw12434