All software goes through version updates and malware is no different.

So now the CryptoWall has a new version using the Tor anonymous network to establish a connection with the command and control server.

Industrial Software Site Attacked
Targeted Attack: Device Maker Hit
Exploit Kit Remains Adaptive
Exploit Kit Delivers Double Payload

Although researchers found samples of the crypto-malware using Tor for quite a while, it still operated under the 1.0 version. The Tor component was not a part of the crypto-malware, but downloaded as an encrypted binary from compromised websites.

However, that has now changed as a sample showed the malware uses the ransom message to inform the owner of a compromised computer their data ended up locked with CryptoWall 2.0.

Schneider Bold

Security experts believe the modified version 1.0 of the malware was nothing but a way to test the new capabilities of the threat before deploying it to unsuspected users.

According to, the new release of the crypto-malware distributes through fake emails from IRS claiming to be a reply to a complaint sent by the potential victim.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This