All software goes through version updates and malware is no different.
So now the CryptoWall has a new version using the Tor anonymous network to establish a connection with the command and control server.
Although researchers found samples of the crypto-malware using Tor for quite a while, it still operated under the 1.0 version. The Tor component was not a part of the crypto-malware, but downloaded as an encrypted binary from compromised websites.
However, that has now changed as a sample showed the malware uses the ransom message to inform the owner of a compromised computer their data ended up locked with CryptoWall 2.0.
Security experts believe the modified version 1.0 of the malware was nothing but a way to test the new capabilities of the threat before deploying it to unsuspected users.
According to Malware-Traffic-Analysis.net, the new release of the crypto-malware distributes through fake emails from IRS claiming to be a reply to a complaint sent by the potential victim.