Petronella Blog Archive

Visit our New Blog

Cryptowall 3.0 in your Email

Blog Post

If you receive an email, particularly from a Yahoo account, that contains a zip file called Resume, DO NOT OPEN that file. It contains Cryptowall 3.0 and could seriously mess things up for you.

If you don't recall, Cryptowall is a type of malware called ransomware.  It takes over your computer and won't let you access your files until you pay the person who locked it up, and unless you have a backup of your files, you're probably not getting them back without rewarding the criminal.

There has been a rash of Cryptowall lately.  It infects computers using the Angler Exploit kit.  For a lot of this outbreak, what we see is an email coming from a Yahoo account that contains a zip files titled "Resume" or "My Resume" or something of the sort.  Once the zip file is opened it begins downloading the ransomware from a Google Docs account then, BAM!  You're infected.

While many people are learning that you don't open attachments, especially zip files, from unknown senders, hiding this in a Resume file is, in my opinion, pretty tricky.  People who actually look at resumes are used to receiving them from email addresses they are not familiar with, so it seems they would be more likely to unknowingly infect their computers.  Furthermore, the person would most likely be using a work computer with essential files on it, so they would be more desperate, willing and able to pay the ransom to retrieve access to their files.